European Data Protection Supervisor
European Data Protection Supervisor

An ethical approach to fundamental rights

An ethical approach to fundamental rights

Thursday, 1 December, 2016

If you believe the words sometimes attributed to Gandhi, law is codified ethics. But effective laws and standards of ethics are guidelines accepted by members of a society, and these require a social consensus. I believe that technology is changing or at the very least influencing our ethics and it’s a phenomenon we need to urgently address.

On 31 May this year, I wrote about the first EDPS-Ethics Advisory Group (EAG) workshop that was taking place that day as part of a broader discussion we were launching, both in the EU and globally, on the digital environment and its ethical implications.

I am delighted at the workshop’s success and the feedback we received on it. I know that the work of the Group will yield tangible results in due course.

For me the workshop was an occasion to listen, take note of a variety of views and consider the relation between ethical reflections and the work of the EDPS. It was also an occasion for experts from the wider data protection community to become more familiar with the flagship project of my institution’s third mandate.

The workshop highlighted that while the new EU General Data Protection Regulation (GDPR) is a landmark in human rights law, its adoption is even more reason for us - data protection authorities such as the EDPS - to think about the effects of data protection in practice and ask the difficult questions that need to be considered.

The GDPR emphasises the need for an ethical reflection on the digital environment and fundamental rights: the GDPR reinforces the need for organisations to be accountable; what if we consider that accountability implies a responsibility to take ethical considerations into account as part of an organisation’s corporate social responsibility?

As much as the GDPR is designed to grapple with the realities of global, ubiquitous data in the internet era, laws generally address societal needs after innovations have been widely adopted.

While we must welcome innovation and the benefits it brings us, we must also remain committed to sustainable development, taking into account issues of inequality, human dignity and inclusiveness.

Emerging technologies inevitably have wide implications not only for security and ethics but for our definition of human dignity and the equality of individuals.

It’s because of this that the EAG was launched as part of the EDPS’ broader initiative to consider the ethical impact of the digital era since it challenges not only existing data protection principles but our values and mores as a society.

At the very least, ethics can help to keep the concrete effects of the GDPR robust. But more effective would be for individuals, organisations and society at large to take a broader approach to ensure that technology does not dictate our values.

I believe we must collectively analyse how we implement data protection principles ethically and supplement them where necessary. In our digital world, data protection cannot be the sole responsibility of data protection authorities.

As part of their mandate to explore how to ensure the integrity of our values while embracing the benefits of new technologies, the EAG met in October to discuss how ethics can contribute to a data protection regime confronted by a digital world.

The debate raised many interesting questions.

Is compliance with the GDPR, or indeed any law supporting data protection or privacy, only about avoiding harm or fault?

Does compliance offer protection to the individuals the law is designed to protect or does it simply mitigate risks for organisations? The weighing up of harm and risk also involves an ethical assessment.

The Group’s discussions emphasised the importance of complying with the GDPR but also the importance of building upon that compliance and the need to consider what goes beyond it:

  • Effective enforcement is necessary to ensure the proper application of data protection principles.  What if companies are compliant with data protection rules but are not ethical?
  • The main actors in the online environment have the power to monitor, predict and influence individuals and private lives. They also contribute to designing our public space and society. Given the breadth and width of their reach, should they be accountable on a larger scale?
  • Due to their different perspectives, the dialogue between lawyers and engineers is often lost in translation. But is this gap between law and innovation really a viable excuse from big companies? There is a need to bridge this gap. Perhaps ethics could help to bridge it.

The balance of power between individuals and big business is tipped in favour of internet giants and to hold fast to our values requires more energy and commitment today than it did before the onset of the digital age.

It is high time that technology developers and data processing actors were ethically motivated. I am confident that the EAG will contribute well-founded arguments to help us to define this motivation.

In light of this, the Group is working to identify the ethical responsibilities of online actors. The greatest challenge is to encourage long term, ethical analysis and prospective thinking towards technological innovation - a holistic approach, if you will, to the digital project.

I anticipate that the first interim report of the EAG to be published next year will be a fascinating read.

The report and videos of the first workshop on 31 May 2016 are available here.

A second EDPS-EAG workshop with experts from the scientific research community is in the planning for spring 2017.