Five global trends in data ethics and privacy in 2019
Jan 28, 2019
It’s no surprise that a recent Gartner1 report called out Digital Ethics and Privacy as one of the top trends for 2019. Data privacy and ethics issues have been hot topics, particularly in tech, for some time now. But what does that mean for organizations wanting to move from being compliance-driven to ethics-driven? What are those big things happening around privacy and ethics? Where is it happening?
First, a bit about what I mean by privacy and by data ethics:
- Data privacy is responsibly collecting, using and storing data about people, in line with the expectations of those people, your customers, regulations and laws.
- Data ethics is doing the right thing with data, considering the human impact from all sides, and making decisions based on your brand values.
With that in mind, here are 5, of probably many, important global trends I see for privacy and ethics in 2019:
1. Chief Privacy Officers can expect ethics to become an explicit part of their role
As technology becomes an increasingly important part of people’s lives, data ethics must be translated into sound business practices to ensure that both internal and external interests are balanced. This begins with considering the human impact from all sides of data use, the impacts on people and society, and considering whether those impacts are beneficial, neutral, or potentially risky. Moving forward from 2019, Chief Privacy Officers and Privacy Leaders should expect to start incorporating ethics assessments into data collection and uses, to ask, ‘what is fair’, ‘what is the right thing to do’?
2. Technology companies will lead the way for U.S. Federal Privacy legislation
Following the implementation of the General Data Protection Regulation (GDPR) in the European Union, companies in the technology industry will lead the charge towards similar privacy legislation in the United States. It has yet to be determined if there will be fundamental differences as to whether legislation should be “baseline” (sets the floor) or “comprehensive” (generally more prescriptive and detailed, like the GDPR). Regulators will also have to decide if the focus should be “rights-based”, “risk and harms based”, “accountability-based” or some combination of all three.
Regardless, the necessity for data privacy legislation in the United States continues to be a galvanizing discussion in legislative houses, universities, and homes across the country. Virtually every industry uses technology to provide its products and services, and wider contributions from many industries will shape a better, more balanced regulatory outcome for all stakeholders.
3. Sustainable ethics codes will evolve to better address the challenges of a digital world
A quarter century ago, there was a generational shift in the consensus on how to respect privacy due to an emergence of personal computing, networked computing and large structured databases. That shift led to the implementation of modernized rules governing the protection of personal data. Today, we are experiencing a new generational shift, driven by globalization of the economy and profound alterations in the digital, physical, and biological spheres we live in, creating an ever-expanding data-first interconnected digital world.
To keep up with the evolving digital world, the evolution of sustainable data ethics codes must go beyond check-the-box compliance and enforcement of the rules. New data ethics codes must objectively consider the effects new technology and data uses beyond common understanding has on people.
This year, data ethics will rise to become a board-level topic, requiring companies to take a values-driven approach and understand the consequences of both using and not using data. Companies must remember that not everything that is legally compliant and technically feasible is ethically and morally sustainable, nor is it always protective of the autonomy and privacy of people.
4. Product excellence and privacy by design will become synonymous
Privacy by Design (PbD) means to embed data privacy requirements into product design and development, embodying the “build it in, don’t bolt it on” mentality. This includes building in:
- Privacy-savvy defaults
- In-product transparency
- Considerations for and documenting privacy risks and data flows
- Assigning data owners up front and throughout the data lifecycle, including E2E security
PbD is complementary to and just as important as secure coding. Revolutionary technologies like Artificial Intelligence (AI), machine learning models, and connected Internet of Things (IoT) devices demand up-front rigor, methods, tools, standards, and regular reviews. These reviews are needed throughout the entire process - from research and conception, to design, development, testing, implementation, and ongoing revisions - and should make sure to include third party services and data sources, open source code, and integration with existing products and services.2, 3
Knowing where your data is and why you have it has never been more critical from both a strategy, operational, and compliance perspective. Data needs to be stored and managed in a way so it is clean and accessible for analysis and learning – to tackle business issues in real-time. The Looker platform helps businesses to find this data, define it, and empower users to analyze it and gain insights to drive business outcomes, all without data sprawl.
5. Companies will drive to educate policy-makers and regulators about their technologies
It’s vital that policymakers and regulators develop a deeper understanding about what they wish to regulate at the U.S. State and Federal level, and the same is important for policy-makers in countries outside the U.S.. Given the profound shifts in our global, digital, data-centric economy and the opportunities it offers to people and societies, policy makers must consider:
- What harms are they trying to protect people from?
- What rights do they want to guarantee?
- What problems are they trying to solve?
- What are the privacy outcomes they hope to achieve for their citizens?
Organizations that spend the time educating policymakers on how information, communications, data platforms, and analytics technologies work - supplemented by substantial use cases and best practices across multiple industries, and demonstrating accountable and ethical data practices - will have the highest impact.
Looking to the future of data ethics and privacy
We stand at a crossroads for data ethics and privacy in 2019. Around the world, there will be spirited debates in break-rooms, living rooms, and government hallways about the impact, direction, and considerations given to these topics throughout the year. While these debates may drum up dramatic media stories, they may also unearth paths that lead to eye-opening enforcement by regulators. As I see it, one of these paths could lead to more complex, restrictive procedural compliance. The other, and my preferred path, would blend regulations, individual rights, common sense, and data ethics together for a more balanced, 21st century approach.
For future updates and insights from me on data privacy and ethics, subscribe to the Looker blog.
1Gartner Top 10 Strategic Technology Trends for 2019, David Cearley, Brian Burke, October 15, 2018
2Privacy Engineering: A Dataflow and Ontological Approach by Ian Oliver
3The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value by Michelle Dennedy, Jonathan Fox, and Tom Finneran