Many of the world’s privacy, technology, and policy experts are in Brussels this week for the 40th International Conference of Data Protection and Privacy Commissioners. The conference theme this year is Debating Ethics: Dignity and Respect in Data Driven Life. The question is can ethics, not mandated by law, fill the gap between legal requirements and the moral requirement that processing related to or having an impact on people be fair and just. The conference is being held in the capital of the European Union that put into effect the strongest data protection law, the General Data Protection Regulation (GDPR), in May of this year. Yet the GDPR has gaps between the best way to protect people from less than fair processing when new technologies and new data use push the boundaries of what is necessary for the best outcomes in health, education, economic growth and transportation. This week’s conference is intended to fill these gaps.
Among the experts in Brussels this week is Stephen Kai-yi Wong, Privacy Commissioner for Personal Data Hong Kong China. Earlier this year Commissioner Wong commissioned the Information Accountability Foundation to work with Hong Kong business to develop a framework for Ethical Data Stewardship and an Ethical Data Impact Assessments. The challenge was to create a compelling and implementable framework for doing the right thing, for all stakeholders, in a legal system with an ombudsman structure for data protection.
Experts from 23 Hong Kong enterprises, large and small, participated in this process. The end products are a research report and a model assessment and oversight process framework for the cascading of ethics from shared values to workable business process. This framework was the subject of a workshop in Brussels.
Most important, the framework updated the essential elements for accountability to encompass ethical data stewardship which IAF sees as part of the forth wave of privacy legislation. Ethical data stewardship is most relevant when using data for artificial intelligence, advanced analytics, and other data intensive processes. The framework also includes a workflow for assuring and demonstrating sound process. That workflow includes ethics by design based on clearly articulated organisational values, assessment conducted independent of the persons developing the processing, and controls for oversight. The framework is intended as a starting point for organisations to customise within their own culture but to do so in a way that demonstrates trustworthy data processing.
The IAF thanks Commissioner Wong and his staff for commissioning this work. IAF also appreciates all the work contributed by the Hong Kong business community. While this project was conducted in Hong Kong, the framework has practical use and implications for all privacy regimes. In part, that is why it is being released in Brussels. To quote Giovanni Buttarelli, “data should serve people, people should not serve data.”
Please provide feedback on these documents.
Comments