paint-brush
The Ethics of Data Collection and Privacy in the Tech Industryby@sammynathaniels
814 reads
814 reads

The Ethics of Data Collection and Privacy in the Tech Industry

by Samuel BasseyMay 25th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Data is a huge part of our lives and the fuel for innovations and growth, especially in the tech industry. Most of the user's data are usually collected without the full consent of the data subject. This is a pointer to the fact that there could be ethical and unethical ways for data collection, hence, the subject matter of this article.
featured image - The Ethics of Data Collection and Privacy in the Tech Industry
Samuel Bassey HackerNoon profile picture

Introduction

Here is a question for you!!


"Are you comfortable with your private data that contains confidential information about you being collected and used?


Would you answer “No”,  “Yes”, or would you answer a “Maybe, with a clause?”


I believe everyone should have an opinion concerning the way and degree of their data collection and use. But, most of the user's data are usually collected without the full consent of the data subject.


This is a pointer to the fact that there could be ethical and unethical ways for data collection, hence, the subject matter of this article.


Data is a huge part of our lives and the fuel for innovations and growth, especially in the tech industry. Data collection has become a vital aspect of almost all businesses, as it helps them gather valuable insights about their customers and personalize their marketing strategies.


Intrinsically, this is nothing to frown upon because these data help companies to serve users with personalized ads that resonate with their preferences.


But in many situations, several ethical concerns arise around privacy and the use of data. Concerns such as:


  • The ethical implications of data collection and uses in the tech industry.


  • The regulations and guidelines instituted to curb data privacy invasion.


These points form the bulk of numerous other concerns. Thus, the ethics of data collection and privacy in the tech industry is a very relevant and important topic in the digital age.



What Is Data Ethics?

The term “Data Ethics“ is relative, and refers to the best practices, rules, and laws that seek to preserve the rights of users over their data.


Data ethics does not only mean complying with legal and regulatory requirements but also includes taking into consideration the broader social and moral implications of data collection and use.


This is a very important aspect of data in today's world, especially with the growth of technology where data is the fuel that drives continuous advancement in the industry.


Data collection activities such as web scraping go against data ethics because the consent of data owners is not duly earned.


The fact is, how data is collected, analyzed, and used can have significant impacts on users and overall, society.


And although data is much needed to address world challenges and drive up technology, ethics should be considered in order not to infringe on a data owner's privacy and human rights.

Why Data Ethics and Privacy Is Important in the Tech Industry

Data privacy and ethics affect the way data is collected, and they work together to improve data quality in terms of ethical impressions.


A closer look:


When Data Privacy and Ethics are upheld in collecting data, the following are achieved:


  • The rights and interests of data owners are protected.


  • Data subjects can control what personal information they wish to give and which data is sensitive and should be protected from misuse or exploitation.


  • There is a level of trust and confidence that can be attained between data owners and data actors.


  • Loyalty is more achievable when brands value the privacy of their users.


  • The reputation and brand image of ethical data actors improve.


  • The quality and accuracy of the data collected are even more enhanced, and this can reduce biases, errors, or gaps in data collection and analysis.


  • With better data accuracy, data insights are more accurate leading to better decision-making and performance.

Ethical Issues and Challenges That Arise From Data Collection

The way data is collected often infringes on the privacy of individuals' data. Below are some of the issues that surround data collection:


  1. Bias and Discrimination in Data Algorithms: Data collecting algorithms are often structured to suit a data curator's needs, and data subjects have no control over the tools used in collecting their data. These tools can collect data that amplify bias and discrimination in society, and this often leads to unfair or harmful outcomes for certain groups or individuals.


  2. Invasion of Privacy and Loss of Autonomy: Sometimes, the data collected from subjects can expose the subjects to unwanted surveillance, tracking, profiling, or targeting by third parties. Imagine having your location shared during data collection such as web scraping.


    In 2020, Alibaba had a data leak, as a result of a vendor who attempted to scrape data from its e-commerce platforms which led to the exposure of 1.1 billion pieces of its users' data. The data included names, phone numbers, addresses, and even shopping preferences and travel history. This data could be used to track down many of its users.

Laws and Regulations of Data Privacy

While data collection is necessary for the evolution of technology, it is established that data collection can create an adverse effect on data subjects if not adequately controlled. This calls for the need for a balance in the form of law between the benefits and risks of data collection and use.


Although data, in the past two decades, has been an easily passable subject for the consideration of laws, the growth of technology and data concerns have fueled the need for laws to cover the privacy and enhance the security of users. Some of the laws include:


  1. The EU General Data Protection Regulation (GDPR): GDPR is a set of regulations that applies to any organization that monitors the behavior of subjects within the EU. These regulations make sure that the organization conducts these monitoring in a way that does not go against the principles of data ethics.


  2. The Asia-Pacific Economic Cooperation (APEC) Privacy Framework: This is solely a voluntary initiative – a regulatory framework that seeks to facilitate the flow of personal data across the APEC region while ensuring adequate protection.


  3. The African Union Convention on Cyber Security and Personal Data Protection: In 2014, a regional treaty was signed and adopted by the African Union (AU) to establish a legal framework to promote cyber security and personal data protection and harmonize data protection laws in African countries.


  4. The Nigeria Data Protection Regulation (NDPR): This is a set of regulations issued by the National Information Technology Development Agency (NITDA) and derived some of its terminologies from the EU GDPR. It applies to any organization in Nigeria that processes the personal data of users.


One may ask:


Are the laws ambiguous?


What are the major contents/highlights of these laws?


These questions are not out of place. As a matter of fact, it is pertinent to understand that the crux of the matter is the contents of these laws and not the euphoria of the existence of the laws. Looking at the laws guiding data privacy, the three main highlights are:


  • Consent: Before organizations can collect the data of subjects, they must obtain valid consent from these subjects. Consent has to be freely given by subjects, yet they have the right to withdraw their consent at any time, and whatever choices and preferences the subjects have regarding their personal data must be respected.


  • Insight: When asking for consent from data subjects, data collectors must provide clear and transparent information as to why their personal data is being collected and used. They also have to state the ways the data will be used. Any secondary purposes without consent go against data ethics and are sueable. Subjects retain the right to access, correct, delete, or transfer their personal data.


  • Flow: When data is finally collected, the collectors must ensure that they flow securely and ethically across different platforms, devices, and jurisdictions.

Why Have Regulations in Protecting Privacy?

  • Data ethics can hardly be maintained when there are no laws and regulations to enforce and guide collectors on the right way to go about data collection.


  • Laws have penalties for faulting them. Hence, subjects whose rights are infringed on can sue.


  • With legal frameworks and sets of standards and principles for data privacy and protection, innovation will be grossly promoted.


  • By data subjects' consent, data can be more accurate, and data sharing and collaboration among different stakeholders in the data ecosystem can further drive technology.


  • The laws and regulations can also reduce the risks and harms of data privacy violations, such as identity theft, fraud, discrimination, or surveillance.

How Tech Companies Can Abide by the New Rules and Regulations that Govern Data Ethics, Collection, and Privacy

Obtaining data is necessary for every tech organization. However, to respect the privacy of data subjects and abide by the rules, companies have to seek consent from data subjects and respect their preferences and rights.


This will create a balance of data innovation and value creation with data accountability and responsibility.


The following practices and guidelines are encouraged:


  1. The use of Data Ethics Canvas developed by the Open Data Institute (ODI) to identify and manage ethical issues while collecting, sharing, or processing data.


  2. Full disclosure of how the data will be collected and used. These include the purpose, methods, benefits, risks, and limits. Other information includes how the data will be used, stored, shared, and protected, and the duration of data storage.


  3. Full compliance with the laws and regulations set in their respective regions and countries.


  4. Maintenance of transparency and accountability to build trust. Companies should inform users of the data processes and algorithms they use, and how they may impact the data of the subjects and other stakeholders.


  5. Access to a subject's data has to be obtained from the subject. Hence, companies must provide subjects with a choice to opt-in or opt out of data collection. And this consent must be obtained through clear and affirmative action, such as a signature, a checkbox, or a verbal agreement.


  6. Collection of only necessary data that are relevant and proportionate to the analytics purpose. Companies do not need to collect more data than they need or keep it longer than they need.


  7. Encrypted and Secured data storage and transmission facility to avoid data leaks from web scraping.


  8. Adoption of appropriate technical and organizational measures to protect data from unauthorized access, disclosure, alteration, or loss must be adopted.


  9. Compliance with users' requests to access, correct, delete, or withdraw their data at any time in a prompt and courteous manner.


  10. Being in possession of subjects' data does not mean that these companies have control over the data. Therefore, it is only appropriate that the company must update the data subjects on any changes to the data collection process and renew consent, if necessary.


Apart from the above guidelines, I suggest:

  1. Companies should adopt the data minimization approach. This approach aims to limit data collection, retention, and processing to what is necessary and relevant for the intended purpose.


  2. Companies should implement data protection principles by design and default. These principles will have privacy and security embedded into the development and operation of data systems and services.


  3. Data Protection Impact Assessments (DPIAs) should be regularly conducted by companies to identify and evaluate the potential risks and benefits of data collection and use.


  4. Companies should establish clear and consistent data privacy policies and practices that comply with the applicable laws and regulations in their jurisdictions and sectors.


  5. Companies should educate and train employees and stakeholders on data privacy rights and responsibilities and foster a culture of data ethics within the organization. They can also engage with regulators, policymakers, and other actors to develop and promote common standards and frameworks for data privacy.

Conclusion

In conclusion, data privacy is a crucial issue in the tech industry.


As data collection becomes more pervasive and one of the most commonly used avenues to analyze patterns and behaviors to improve on technology, it is becoming more challenging for tech companies to be ethical and ensure the privacy of data subjects is respected and protected.


With the laws, rules, and regulations of data privacy and collection enacted across the world, tech companies can now pragmatically balance innovation and value creation with data accountability and responsibility.