Data is the main fuel of our digital economies. Our financial transactions, movements, communications, relationships and interactions with governments and businesses, both online and off, generate data that is collected, bought and sold by data brokers and corporations interested in profiling individuals.
As the collection and analysis of data becomes more sophisticated and accurate, and as data sets grow to become Big Data, the opportunities ahead seem infinite. The risks, however, are also great, as the information being handled about individuals is extremely sensitive.
Getting privacy right is one of the biggest challenges of this new decade of the 21st century. The past years have shown that there is still much work to be done on privacy to tame the darkest aspects of the data economy.
As data scandals continue to emerge, questions abound as to how to interpret and enforce regulation, how to design new and better laws, how to complement regulation with better ethics, and how to find technical solutions to data problems.
This research project explores some of the key ethical questions posed by today’s emerging technologies, and analyzes new technical methods that governments and companies can use to profit from information while respecting regulations and maintaining the trust of both their clients and citizens.
The last years established beyond a shadow of a doubt that we are living through a crucial historical moment regarding privacy. Two events stamped 2018 as a landmark year for privacy: the Cambridge Analytica scandal, and the implementation of the European Union’s General Data Protection Regulation (GDPR). The former showed the extent to which personal data has been shared without data subjects’ knowledge and consent and many times for unacceptable purposes, such as swaying elections. The latter inaugurated the beginning of robust data protection regulation in the digital age.
In order to shed some light on this issue, the Center for the Governance of Change has produced seven research papers on privacy, a worldwide survey on attitudes towards the use and sharing of personal data, and a final report, which first summarises the research and goes on to offer a set of recommendations to implement best practices regarding privacy.
RESEARCH SUMMARY
- “Introduction to Privacy”, by Kevin Macnish
Kevin Macnish’s paper constitutes an introduction to how legal scholars and philosophers have thought about privacy in the past century. The paper uses historical and contemporary examples to illustrate some of the most pressing ethical concerns regarding privacy.
- “The Ethics of Data Acquisition”, by Alfred Archer, Nathan Wildman, Huub Brouwer, and Amanda Cawston
One of the central ethical difficulties facing any data acquisition procedure is balancing the rights of data subjects against the potential benefit that data collection and analysis can offer. Alfred Archer, Nathan Wildman, Huub Brouwer, and Amanda Cawston provide a critical overview of various data acquisition models, determining and assessing the ethical issues each raises.
- Private Data and Property, by Verena Risse
Closely related to the ethics of data acquisition, Verena Risse’s paper explores questions related to the protection and governance of private data by drawing on the analogy between privacy and property. A common proposal to respect people’s rights while using their data is to treat personal data as property, and compensate data subjects accordingly. It is unclear, however, to what extent personal data can be equated to property.
- Informed Consent, by Kevin Macnish
In this paper, Kevin Macnish explores the importance of consent in the collection and processing of personal data. After an overview of what consent is and different kinds of consent, Macnish focuses on the debate as to whether consent is justified because it helps to respect autonomy, a view defended by Tom Beauchamp and James Childress, or whether it is grounded on limiting harm, a view defended by Onora O’Neill and Neil Manson.
- Privacy, Autonomy, and Personalised Targeting, by Karina Vold and Jess Whittlestone
While previous papers have been concerned about the ethics of how personal data is collected, Karina Vold and Jess Whittlestone are concerned with how personal data is used. In particular, they examine the ethics of targeting ads and services to individuals.
- Differentially Private Data Sets: Methods, Limitations and Mitigation Strategies, by Jordi Soria-Comas
Data set releases are often proposed as one way to address some of the ethical concerns related to institutions holding too much data, and hence too much power. Releasing data sets allows data to be available for secondary use and analysis. Data set releases, however, threaten the privacy of data subjects who might not have consented to such a release or who might have consented without realising the privacy risks they were signing up for. One of the ways in which privacy can be better protected when releasing data sets is through the use of differential privacy. In this paper, Jordi Soria-Comas weighs the advantages and disadvantages of differential privacy in the context of data set releases.
- Formal Versus Empirical Approaches to Data Anonymity, by Paul Francis
Most research on data anonymity focuses on methods with formal guarantees of anonymity, such as differential privacy. In this paper, Paul Francis argues that computer scientists should be open to and encouraged to work on empirical data anonymisation mechanisms in addition to formal ones—in much the same way that researchers work on both formal and empirical approaches to crypto.
PUBLIC VIEWS ON PRIVACY
We conducted an online survey of 1,107 people, mostly Americans and Europeans, about their views on privacy. Among the many highlights of the survey, the following stand out:
- Privacy-related negative experiences online are extremely common.
- Across continents, age, gender, and levels of education, people overwhelmingly think privacy is important.
- People are worried about their privacy, and they value privacy not only instrumentally, but also as a good in itself.
- Not all uses of personal data by companies are thought to be unacceptable.
- People tend to feel that they cannot trust companies and institutions to protect their privacy and use their personal data in responsible ways.
- The majority of people believe that governments should not be allowed to collect everyone’s personal data.
- Privacy is thought to be a right that should not have to be paid for.
FINAL REPORT
Our research has unveiled a few overarching lines of thought that bear implications for good data practices. Both ethicists and the public agree that privacy is a right that deserves strong protection. Citizens are unsatisfied with how their data is being used by both companies and governments. Institutions wanting to regain people’s trust need to better protect citizens’ privacy.
The “Data, Privacy, and the Individual” report proposes a series of data principles for companies and governments. Although no amount of principles can replace the judgment of an adequate ethics committee when assessing the ethics of privacy in a particular context, the recommendations included in the report can serve as a start to developing better data practices.