EDPS to set up an Ethics Board
Today, as the European Data Protection Supervisor (EDPS) published his Opinion, Towards a New Digital Ethics, he urged the EU and also those responsible internationally, to promote an ethical dimension in future technologies to retain the value of human dignity and prevent individuals being reduced to mere data subjects. He said that his independent institution will soon set up an external Ethics Board that will help to better assess the ethical implications of how personal information is defined and used in the big data and artificial intelligence driven world.
Giovanni Buttarelli, EDPS, said: “The future technological environment will be made up of an interdependent ecosystem of legislators, corporations, IT developers and individuals. Each should be equally responsible for shaping it and any imbalance of power risks its sustainability. For example, the continued, massive and indiscriminate collection of personal information by governments and businesses risks killing the golden goose. With this Opinion, which complements our Opinion on the EU Data Protection Reform, we want to launch a broader discussion, both in the EU and globally, on how to ensure the integrity of our values while embracing the benefits of new technologies."
Future-oriented laws are an important element for redressing power imbalances in today’s digital environment and the EDPS fully supports the modernisation of the EU Data Protection framework in addition to other Directives. He encourages the EU to ensure coherence in the new laws to make it easier to take a holistic approach, particularly when it has to assess compliance with competition, consumer and data protection rules (EDPS Opinion on Privacy and competitiveness in the age of big data).
While the law is a powerful element, it cannot address the many nuanced scenarios that arise in the digital market. The EDPS calls upon organisations to be accountable, to have a new ethical approach to handling the personal data they collect. By developing internal codes and policies which safeguard human dignity, organisations can self-police, ensure their compliance with data protection laws and demonstrate a respect for the persons whose personal data they use - just because an organisation can piece together a customer’s life from their data trail does not mean it always should.
The IT industry has an important role to play in the digital environment through privacy conscious engineering which can offer technology that processes data while also respecting the rights of the individual. The EDPS fully supports the work of the Internet Privacy Engineering Network, which is contributing to the building of privacy into everyday tools as well as developing new ones.
Privacy and data protection matter more than ever to people. However, there are differing levels of awareness across society on how to stay safe on the internet, with some knowingly trading their personal information for ‘free’ services and others, doing so unknowingly. While people need to be informed and given control over how their personal data is being used, individuals are not passive beings requiring absolute protection against exploitation. Individuals also need to empower themselves with a degree of knowledge wherever possible; they need to be aware of the consequences of data collection and reflect on the purposes of it at the outset.
The European Data Protection Supervisor wants to stimulate an informed discussion in the EU, involving civil society, designers, companies, academics, public authorities and regulators. A new EU data protection ethics board can help define a new digital ethics, allowing the EU to realise the benefits of technology for society and the economy in ways that reinforce the rights and freedoms of individuals.
Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS' three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.
Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.
The June 2015 Eurobarometer survey on Data Protection found that data protection, particularly the processing of the personal data in the digital sphere, remains an important concern to individuals in the EU.