In this blog, Aneesha Harindran explores the topic of data ethics that has been brought to light during the pandemic.
In these times of epidemiological crises, governments have taken emergency measures to collect, use and share population data in order to support the medical community – track, trace and eradicate COVID-19.
The promise of post-pandemic freedom has lulled the world into “doing what’s necessary” and handing over the key to their personal data. However, it has seen controversial applications.
From Israel mandating surveillance tracking, originally meant to combat counterterrorism to track population mobility, to the use of facial recognition technology by China to identify people even when wearing face masks to enforce population quarantine, it does leave one with a sense of unease.
Eventually, this pandemic will become a distant memory for future generations but what will remain, will be a treasure trove of information.
That’s millions and millions of data points about you and I and the technology with the potential to infringe on our civil liberties.
Could data privacy or the lack of, be the greatest threat to humanity?
It doesn’t need to be!
The key is through the ethical collection and use of data where necessary, safeguarded by robust data privacy rules and overseen by dedicated governing bodies to ensure data security and prevent misuse.
Data ethics – data collection vs utility – it’s a balancing act
Fundamentally for any data request, governments need to first evaluate the ask, its justification and situational use as data sensitivity is highly contextual e.g. geolocation data for contact tracing, and weigh up its perceived benefits and harms.
This approach to decision making is ultimately what data ethics is.
Data ethics asks the critical questions – “does the intent warrant the collection of personal information?”; “do the benefits of data collection and use outweigh the drawbacks?”; and “how do we ensure the risk of privacy breaches and fundamental civil liberties are contained?”.
It addresses not just ‘what’ but ‘how’ we ensure every data decision made and technological innovation respects ethical conduct.
The enforcement and advocacy of data ethics and more broadly data privacy, calls for ethics committees or data trusts whose purpose is to “create data governance mechanisms to find the balance between competing public interests while protecting individual privacy.” These organisations provide clear guidelines and processes on access, collection, processing and retention of personal data, especially in the aftermath of emergency situations such as the pandemic.
Governments across the world have begun to embed critical governance – in 2018, the UK established the Centre of Data Ethics and Innovation (CDEI) and created its data ethics framework, Singapore formed its Advisory Council on the Ethical Use of Artificial Intelligence (AI) and Data and Hong Kong published its ethical accountability framework.
What is considered “ethical conduct” is however subjective worldwide and raises questions as to whether a global data ethics framework is needed.
Data Privacy – Trust and transparency
Each ethical data decision made must be grounded in stringent data privacy rules that protect personal data collected from misuse and minimise the risk of data breaches.
More than 120 countries have formulated international legislation to enforce rigorous data protection.
For example, the European Union’s General Data Protection Regulation (GDPR) mandates that “organisations, including government agencies, need to provide “data protection by design” and “data protection by default” and provides strict controls over cross-border data transmissions, giving citizens the right to be “forgotten”.
Similar privacy rules have been sanctioned globally with India’s Personal Data Protection Bill, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), South Africa’s Protection of Personal Information Act (POPIA) and the state of California’s Consumer Privacy Act, to name but a few.
But in these times of increased data capture and usage, the safeguarding should go beyond ensuring compliance but rather proactively planning for potential risks – expect the best and plan for the worst.
Just as humans have evolved over time to adapt to a changing world, so must international privacy laws. Governments need to continuously monitor trends in the global privacy regulation landscape, international best practice and local and international current affairs to ensure that personal data protection laws appropriately cover any eventuality. Any exceptional measures implemented such as in the pandemic deemed “temporary, necessary and proportionate” at the expense of personal freedoms e.g. such as the level of surveillance, international data sharing must be continuously reevaluated and rolled back when no longer required.
The pandemic has thrown the world at large into uncharted waters to navigate through but for one particular sector, this is a well-trodden path in which best practice across multiple disciplines can and should be gleaned from.
The humanitarian sector – pioneers in a pandemic
The humanitarian community has accumulated a plethora of knowledge and experience on “how to deal with data during a crisis responsibly”.
The United Nations’ Office for the Coordination of Humanitarian Affairs (OCHA), alongside specialist experts developed best practices on this, with a particular focus on how humanitarian, government and corporate organisations need to work together to ensure a coordinated response to data use during a crisis.
Similarly, the International Committee of the Red Cross and Red Crescent published a detailed handbook on “data protection in humanitarian action”, covering “basic data protection principles, to questions of data sharing and data protection impact assessments (DPIA) and data collection methods e.g. mobile apps, biometrics and cloud services”.
Post pandemic, the expertise of the humanitarian community could and should be considered in shaping how to deal with data post a crisis responsibly.
So back to the original question, which would you sacrifice – civilisation or civil liberties.
My answer is neither.
To chat to Aneesha about any of the above or for more information on how we can help you with your data challenges, get in touch today!
Want more?
READ: If dinosaurs had data, would they be extinct?
