Thoughts from the Ethical Data-handling Panel at CPDP2016

At last week’s Computing, Privacy and Data Protection (CPDP) conference in Brussels, I had an exceptional set of panellists to moderate on the topic of ethical data-handling:

  • Michelle Dennedy (Chief Privacy Officer, Cisco)
  • Gemma Galdon Clavell (Founding Partner, Eticas Consulting)
  • Gloria Gonzalez Fuster (Research Professor, Vrije Universiteit Brussel)
  • Daniel Pradelles (@@@, Hewlett Packard Enterprise)

Our session was ably chaired by Jacques Bus (Founder, Digital Enlightenment Forum).

Ethical data-handling is a strange beast: in one sense, it is still a new and emerging discipline, with relatively few leading-edge deployments one can point to; then again, there’s a history of at least a couple of decades of academic research on the subject – more, if you include the specialist area of clinical data. “Being ethical”is also something all of us probably think we know how to do, even if it’s something we don’t often consciously think about —but

I’ve been investigating ethical data-handling for a little over two years now, and one thing seems clear to me: there’s a gap between all that research, and practical implementation of ethical principles in the modern environment of pervasive computing. My main goal for this panel was to find out if that gap could be bridged, either by using existing knowledge and materials, or by identifying and creating the missing pieces. I came away optimistic.

It seemed to me that a framework for ethical data-handling needs four basic elements:

  • A clear conceptual model of ethical and principles
  • Building ethical data-handling practice on existing regulatory compliance
  • Ethics in the design process
  • Ethics and operational practice

In all those areas, my conclusion from the panel was that the information is there to be drawn on and that, if an organisation wants to put ethical data-handling into practice, there’s really no excuse for saying “we can’t find out how to do it”. That said, the materials aren’t all in one place, and they aren’t all assembled into a coherent package – so there is still work to be done. I’ll be inviting the panellists to follow up by helping me create a landing page that pulls all the elements together, and complements the “how to”information with some guidance on “why to”, as well.

I’m hoping we will end up with a page that helps answer the following questions:

  • What do we mean by “ethics”in this context? How is that different from legal compliance?
  • We already do risk management and data protection. Why would we want to do this as well? What’s the pay-off?
  • OK – you’ve convinced me; practically, what do we do next?
  • Can we really build ethical principles into a product design and development process?
  • Having developed and deployed an ethically-based system, how do we “operationalise ethics”?
  • Can this work across different cultures and jurisdictions?

If you think this framework is missing something crucial, please let us know…and keep an eye on this blog for further developments.