Ethics and Responsibility within the data age

By: Sophie Weaver

3, September, 2019


Data -


We live in an era where the world lives more in a digital ecosystem and is constantly striving to stay connected through digital mediums like social media platforms and apps, mobile devices, IoT systems and various others. This constant connection entails exchange of data thereby generating a mountain load of data every second, ready to be mined, filtered, structured and analysed by companies using digital technologies like artificial intelligence, big data analytics, blockchain and machine learning for determining trends, customer insights and behaviour patterns. While the insights generated help in delivering more optimised and customised solutions for the customers, there is always a threat of over interference into an individual’s data to derive such personalised suggestions. The pace of the development of laws and policies around data protection and management has not been in sync with the evolution of technologies, and the realisation of risks associated with this is now encouraging the businesses, policymakers, technologists and governments to develop and update data laws suiting today’s digital environment, after factoring in the morals and cultural values. Determining the right and wrong and trying to morally manage the implication of the technologies has become even more important, as the digital technologies thrive and the world increasingly moves toward digitalization, generating Zettabytes of data.

How is all this data actually used?

The criticality of this question has grown many folds over the past few years, especially after the world has witnessed major mishaps caused by data loss and leaks, data thefts and gruesome cybersecurity breaches.  In 2018 alone, 1,366,471,618 records featuring personal and other sensitive data were compromised as per the data by Privacy Rights Clearinghouse. [1] These numbers reflect the 635 breach incidents that were actually made public. It will be safe to assume that the actual numbers will surely be higher as several incidents might have gone unnoticed and several companies might have chosen to conceal the data theft.

Growth in the customers’ awareness regarding the importance of their data, the vulnerability of their personal and sensitive data and the increasing protectionist attitude towards their data has created a trust deficit between the trust the customers have in an organization in general and the trust they have in the same institution when it comes to their data. Worsening the situation further is the ethical dimension of the automatic systems and tools that the companies are using increasingly for collection, segmentation and analysis of data to profile customers and derive insights into their behaviour patterns, understand macroeconomic and microeconomic trends and predict the future of businesses and markets. The datasets that are used to train these technologies like artificial intelligence (AI), machine learning, deep learning and data analytics are likely to be highly biased and prejudiced if the variables present in the datasets reflect some kind of biasness. Analytical models trained on such datasets could amplify the prejudice or biasness several times.

To tackle the issues, several authorities, institutions, governments and policymakers are developing data protection and management laws; however, these laws have certain exceptions and interpretations for purposes like public safety and law enforcements that at times serve as legal grey zones. These grey zones are exploited by technologists, data scientists, companies and other parties for their benefits.

No amount of laws can give absolute protection to data but certain ethical codes of conduct and realization of responsibilities can help in mitigating data compromise risks.

Responsibilities and Ethics We Need In Big Data Age

As the companies increasingly monetize the available customer data for purposes other than initially intended, the need for laying out ethical codes of conduct has become more important.

Data Privacy and Confidentiality

Companies collect customer data from various sources like forms that the customers fill while visiting offline or online stores, loyalty programmes, social media platforms and apps, website traffic and cookies and third party database vendors among others.  The companies and employees involved in the transaction of the data should ensure that the identity and private details of the customers are handled with utmost care and confidentiality of the data is maintained. The entities involved in the exchange of consumer’s private data, which is obtained with consent, should ensure that the data is not exposed and does not leave any traces to their identity.


Companies should obtain the personal information of customers consensually after clearly stating the nature of data that is being collected and for whom, when, and for what purpose the data is being collected.

Limiting Interference

Companies collecting customer data do so to analyse the data and derive actionable insights out of it that could be used for improving their operations and driving their business ahead to reap monetary gains. While doing so, it is only ethical for the companies to have certain restrictions in order to refrain from stretching the limit of intervention too much to get the company into financial troubles stemming from lawsuits challenging the company’s interference and usage of data that breaches the data protection and management laws as well as privacy rights of individuals.

Informing the Customers

While companies might not be ready to share all their intentions explicitly, it is only ethical for them to reveal the intentions behind their act of collecting data and informing the customers as to how their data will be used and the extent of the private details which will be considered. Customers should have a transparent view on how their data would be used or sold, and they should have the rights and ability to control the flow of their private details. Customers should also be apprised of the financial transactions resulting from the usage of their details and the scale of such transactions.

Follow the Rules

The importance of data and the growing concern to protect it has encouraged several regions to draft their own data protection and control policies. The administrations have also updated privacy rights that align with today’s technologies and their evolving functions. General Data Protection Regulation (GDPR) and EU-US Privacy Shield are some examples of the pivotal data protection laws that have been put in place to protect the collection and management of personal data. Companies are mandated to follow the regional rules while operating in the region or while handling the data of residents of the said region.

Establish Ethical Framework for Use of Data

Not only are the entities required to follow the laws of the land but they should also have a set of protocols to follow across the organisation and their network of partners to maintain data security and integrity. C-suite executives of the companies can work alongside data scientists, technologists, academics and policymakers for creation of a framework for the ethical use of data after considering the cultural values and moral systems. This will help in creating a comprehensive ethical framework that will consider near about all the dimensions of the work and could be easily adhered to by professionals across different domains as they mine and analyse data using new age technologies.

Privacy by Design

Companies should adopt the Privacy by Design approach for inculcating the ethical values right at the planning stage of a platform or solution that will make use of data. This will help in improving the data safety.

Audit the Algorithms

Companies are relying a lot on the results obtained from the implementation of technologies like big data analytics, machine learning, deep learning or AI on the data. They are using the technologies to profile their customers to develop more customised marketing strategies and solutions and to profile potential customers, potential employees and potential market regions for growth of their businesses. But amidst all this, they sometimes tend to ignore the shortcomings of the technologies. Technologies including machine learning, predictive modelling solutions and AI tend to train their algorithms using the available datasets. The resulting algorithm could be pretty rigid in its nature. It can pick a trend from the available datasets and if a prejudice is present in the available variables, then the analytical technology will train on it and develop a biased or prejudiced causality-consequence model, which will amplify the prejudice several times giving inaccurate or wrong assessments that can result into ethically wrong decisions.

An example to better explain this is Amazon’s recent decision to do away with its AI recruiting tool. The tool seemed to have a more skewed result towards men while reviewing the CVs of applicants. The tool, which was trained to learn the pattern in CVs submitted over the last decade, picked up the bias in data that showcased male dominance across the industry.

This suggests the need for the companies to audit their analytical algorithms and seek for more transparent data analysis to better understand the correlation and causality-consequence models established by these analytical tools. They should also assess the tools to more effectively identify if the applied algorithms are breaching the privacy protection codes in any manner.

As we move forward….

The importance of data will only grow as the technologies evolve and we use more and more digital solutions in our everyday life. Data is neither good nor bad inherently but the analysis and use of data gives it a moral dimension. It is the responsibility of every stakeholder involved in the process, ranging from the companies to users to governments, data scientists, technologists, technology developers and everyone else in the middle to ensure the safety and integrity of the data. We should strive to bring more transparency in the ways the data is collected, accessed, shared, used and managed. More attention should be paid to ensure that the data management and analytical tools have adequate security measures in place so that they don’t run amok, can’t be hacked easily or don’t emerge as tools of oppressions by their users. Observing high ethics and responsibilities while handling the customer data will help the companies in earning a good image and competitive edge, especially when their target consumers place social responsibility in high regards.

Moreover, it is always good for a company to keep the data protected and use it responsibly to avoid complaints and class action lawsuits.

As per the IBM-sponsored Cost of a Data Breach Study, the global average data breach cost in 2018 increased 6.4% on a year-over-year basis to USD 3.86 million. That is a significant amount that no entity will intend to take. [2]






Other sources: