Ethical, Privacy and Data Protection Issues

Data is often reduced to what can fit into a mathematical model. Yet, taken out of context, data may lose its meaning. Ethics, privacy, and data protection issues are often an afterthought or regulatory hurdle to be jumped through.

Ethical Issues include:

  • Non-objective analysis
  • Incomplete Reporting
  • Misleading Reporting
  • Lack of Consideration

Moral agency is the responsibility of an individual. It stems from the assumption of individuality and free will. The degree of the agency determines the responsibility of an agency.

3 common agreed-upon moral agency conditions include:

  1. Causality: an entity can be held responsible if the ethical relevant result is an outcome of its actions
  2. Knowledge: an agent can be blamed for the result of its actions if it had ( or should have/had) knowledge of the consequences of its actions.
  3. Choice: an agent can be blamed for the result if it had the liberty to choose an alternative without greater harm for itself.

Observers tend to exculpate agents if they do not possess full moral agency i.e., where one of the above is missing.

Privacy Issues include:

  • Lack of consideration
  • Excessive data collection
  • Misuse of data
  • Confidentiality of information

The data does not contain anything that is not publicaly available or no access any information that is not already accessible. This is a key battleground for privacy campaigners with a massive void between information consent and user ignorance. Any data that is online doesnot mean that “informed” consent has been given or that users’s consider themselves as subjects of in a study.

Privacy violations can occur when extensive amounts of personally identifiable data are collected and stored. It might occur when information might be readily availabale to persons not properly or specifically authorized to have access. It occurs when data is used by a second or third party for a purpose different to that of original intentions. Individual and cultural definitions and expectations of privacy are ambigous, contested and changing.

The EU General Data Protection Regulation (GDPR) insists on “Privacy by Design” and “Privacy by Default”. Design means data protection through technology design and is best adhered to when it is already integrated in the technology when created. Privacy Impact Assessment ( Act 35 of the GDPR)  refers to the obligation of the controller to conduct an impact assessment and document it before starting the intended data processing.

Data Protection include:

  • Customer permission
  • Customer notification
  • Reduce volume
  • Increase relevance

Informed consent was intended and privacy protection were conceived to empower participant. Information Commisioner’s Office (ICO) highlights that GDPR require that the personal data are processed lawfully and transparently . It is collected for legitimate interests, retained securely and accurately for no longer than required. Under the Data Protection Act, the individual has the right :

  1. to be informed
  2. of access
  3. to rectification
  4. to restrict processing
  5. to erasure
  6. to portability

Rules like GDPR require that companies elicit consent before the collection of data and make the information they collect accessible to the customer. European laws indicate that individuals own their own personal data.

However, there are still hard questions to be answered about data ownership e.g., if I take a photo of a friend – does the “data” belong to me or my friend?

The personal notes are gathered from different websites and authors.

Leave a Reply

%d bloggers like this: