|We all want to live & work in an ethical world|
ICO Blog from Simon McDougall; How do we balance the interests of society against individual rights, on issues like facial recognition technology?
How do we allocate rights & responsibilities in a world of connected devices and real-time automated decisions? How much thought does the law require organisations to put into what is ‘right’, and what their customers would reasonably expect to happen to their data?
We face an increasing number of these types of questions, as we consider the practical implications of growing use of personal data. I’m sure many working in the digital economy might be tempted to look in my direction for the answer. It’s the regulator’s job to tell us what the law says, right?
But the reality, as always, is somewhat more complex. The GDPR is a principle-based law. That is its great strength. It sets out general rules, which can then be applied to a range of situations, whether that’s how a local running club looks after members’ contact details, or how big data can be used in health research. It means the law can continue to be relevant, even as technologies are developed that weren’t even thought of when the law was being drafted.
Interpretation of that law is complex though, and increasingly we see broad ethical questions being raised around how data is being used. There is debate around when data protection and data ethics overlap, where they are separate, and where they may even conflict.
Engaging in data ethics is an innovative step, but I don’t think it’s one that will prove unique. An international consultation in 2018 found more than 4 in 5 believe authorities should play a role in this area.