Category Archives: Ethics

Martin Abrams’ Remarks — 39th International Conference of Data Protection and Privacy Commissioners

My thanks to the International Conference of Data Protection and Privacy Commissioners and to our colleagues at the Hong Kong Commission for this opportunity to discuss data ethics.

I would also like to dedicate this session to Joe Alhadeff who recently passed after a long battle with cancer. Joe was a wise friend to us all. He is sadly missed, particularly this week as we debate today’s complex data protection issues.

Since the first conference 39 years ago, we have seen many disruptive technologies force us to think through how we apply the core values of data protection and yield a better world through data driven innovation. Those disruptive technologies have come faster and have us reaching well beyond simple compliance with legal check lists.

Companies that use data robustly have begun to understand that compliance alone is not enough. The Software and Information Industry Association recently issued ethical principles for big data and artificial intelligence. Numerous professional organizations are also offering guidance.

Regulators are also looking beyond the letter of the law to find ways to facilitate the full range of human interests. The European Data Protection Supervisor ethics initiative is just one example.

However, a question remains about how to bring the journey by ethical businesses and regulators together and how to join civil society.

New and future laws require us to bring values to play, and values mean ethics.

Next year’s conference will focus on ethics and dignity. With that in mind, this session is designed to trigger a yearlong conversation. It is entitled “Artificial Intelligence and Ethics by Design.”

What does this topic even mean? As a discussion starter, the Information Accountability Foundation published a paper and supporting documents last week.

So first, why ethics? I think the answer is that, with today’s and tomorrow’s increasingly complex ways that data will used, the law alone as a definer of fair processing is not sufficient. Next, what is the evidence supporting that answer? The evidence is the reliance of the new generation of data protection laws on risk, assessments and defendable fairness.

So, what do we mean by ethics? One definition is shared societal values that are often unspoken. As a company, how does one design in what is often unspoken? And as I think about societal, there are regulatory officials from every continent and sub region here. Which region’s values do we incorporate? Is it societal harmony from east Asia? Or consequentialism from Europe? Or a sense of duty no matter the consequences?

I lead The Information Accountability Foundation. Just as a carpenter first looks for a nail, as an accountability foundation, we start with accountability. When starting with accountability, we ask what is new about AI? Some have described AI as putting a computer to solve a problem that we do not yet understand how to solve. Computers will ping at a problem, trial and error, until relentlessly the problem is solved. Computers do not get bored. They do not get discouraged. They just try until they meet a stated objective.

Furthermore, AI when applied can makes decisions for people rather than suggesting the decisions that should be made. Collision avoidance braking was once an AI experiment. It is now the way new cars work. Increasingly we will want more technology to simply take care of things. Unlike previous disruptive technologies, with these technologies there is less opportunity for human intervention at the point of decision. This is a good thing; but how do we provide an assurance of fairness when how things work will be less obvious?

We begin with how do we build values into AI design objectives and which values might they be? Accountability requires data stewardship. To make accountability work, we believe stewardship needs an upgrade. It needs to be enhanced for this world where machines make decisions for people. We call the new level of stewardship stakeholder-focused stewardship. It requires organizations to be open about their values and how those values will be applied. It also requires companies to understand the stakeholders impacted by AI and how they will balance the interests of the various stakeholders (at least co-equal to its own interests).

But every new governance structure requires guidance. So, we have enhanced the essential elements of accountability. The 2009 essential elements of accountability informed efforts in Hong Kong, Colombia, Canada and Europe to define accountability expectations for processing that is impactful on people. These new essential elements recognize that the custodian nature of the 2009 document is not sufficient for a world where smart cars, smart health hubs, and other smart devices make decisions that must serve a broader group of stakeholders.
And the new essential elements recognize that this broader group of stakeholders are many and diverse. Stakeholder analysis must be thoughtful and agile. There are times when the interests of a single individual trumps all other stakeholders, and there are times when societal interests have greater dominance.

And lastly, organizations need to self-declare their values. If values are defined by law makers, they are laws. If they are defined by regulators, they are regulations. Organizations, by self-declaring their values, are making themselves accountable for their execution. And execution is actionable by people and regulators.

We have stewardship, values, and direction. How does a company get from high level guiding principles to objectives that can be part of a code? The package we released has a road map for cascading from values to ethics by design. The package we released includes a model worksheet. The entire package is intended to be a discussion starter.

IAF Releases Ethical Guidance for Artificial Intelligence at Commissioners’ Conference

The terms ethics and ethical data processing are in vogue. With the rapid growth of innovative data-driven technologies and the application of these innovations to areas that can have a material impact on people’s daily lives, enhanced corporate governance focused on ethical objectives is needed. Particularly where data enabled decisions are made without the intervention… Continue Reading

A Data Protection Risk Assessment Is About Ethics – Join IAF Webinar

A Data Protection Risk Assessment Is About Ethics —- Join IAF Webinar Webinar September 6, 2017 We have never read a privacy or data protection law that requires controllers be ethical. Yet implicitly new laws are driving expectations that organizations using data robustly do so in an ethical fashion. What does that mean? The European… Continue Reading

The Need for An Ethical Framework

The vast amount of data made possible and accessible through today’s information technologies, and the ever-increasing analytical capabilities of this data, are unlocking tremendous insights that are enabling new solutions to health challenges, business models, personalization and benefits to individuals and society. At the same time, new risks to individuals can be created. Against this… Continue Reading

IAF on Data Ethics Panel at IAPP-London

On 21 April, IAF’s Marty Abrams will speak on a panel entitled “Digital Ethics, the EDPS and the Ethics Advisory Group” at IAPP’s  “Europe Data Protection Intensive” in London. Panel Overview The European Data Protection Supervisor (EDPS) has launched a broader discussion, both in the EU and globally, on how to ensure the integrity of… Continue Reading

Restoring Privacy Functionality Through Data Protection Processes

Can data protection, the fair processing of personal data, protect the key values associated with privacy? While many privacy professionals use the terms privacy and data protection interchangeably, European law differentiates the two terms. The Working Party 29 Legitimate Interests opinion from 2014 does an excellent job of explaining the differences. Privacy is a value… Continue Reading

IAF Releases White Paper on Big Data Ethics and Data Protection Enforcement

The Information Accountability Foundation (IAF) released a white paper entitled “Enforcing Big Data Assessment Processes” today. The research paper examines organisational governance for big data processes and enforcement related to that governance by data protection authorities. In particular, the document focuses on enforcement of codes of practice for creating new driven insights from big data… Continue Reading

Time to Double Down on Accountability

Figuratively, accountability is the flu vaccine for the data protection immune system. When an organisation has the data protection sniffles, accountability, like the flu vaccine, enhances the immune system. As we all know, the European Court of Justice has not only put data transfers in question, it has also enhanced the ability for individuals to… Continue Reading

Key Documents for IAF Workshop on Fair and Innovative Big Data Use

On 29 September, at IAPP in Las Vegas, the Foundation will hold a workshop entitled “Big Data Project Vetting to Assure Fair and Innovative Data Use”. This session is open only for those who have registered through IAPP.  Workshop leaders include Martin Abrams and Lynn Goldstein of IAF, Sheila Colclasure of Acxiom and Genie Barton… Continue Reading

Data Management Ethics in an Observational World

Data ethics is more than data minimisation and purpose limitation. If it was not more, big data governance would be easy. But it is not easy. Giovanni Buttarelli, European Data Protection Supervisor, heightened the big data governance debate last Friday, 11 September, when he issued opinion 4/2015, “Towards a new digital ethics.” In the paper,… Continue Reading