Everything is political; even data is political. Sound data ethics practices require that the political nature of data be taken seriously, and this matters for your organisation, for reasons that I explain in what follows.
What does it mean for data to be ‘political’? Data is political because is a valuable resource for anyone interested in shaping law and policies to exercise greater influence on citizens and the political decision-making process. Information about someone—even information about one’s shopping habits, for instance—can often indicate someone’s political preferences. For instance, if I knew that you purchase only vegan food, I would understand that you are likely to support vegan-friendly policies.
The political nature of data gives us reason to think about data ethics politically. One way to do this is to consider the relationship between data and democratic politics. The aim of this article is to explain why an awareness of the moral value(s) of democracy will help you to navigate the data ethics practices of your company. I focus on three key issues:
- Several key principles underpinning modern data ethics practices are intimately linked to the moral values of democracy. Understanding those democratic values, and how they interact with data, will alert us to a wider range of ethically risky data practices.
- Many moral challenges for contemporary democratic politics are concerned with the way in which corporations and the state handle data.
- As democratic citizens, we have a duty to uphold democracy. It follows from this that our data ethics practices should this duty seriously.
In the interests of brevity, we can broadly define democracy as political arrangements that (a) seek to equalise citizens’ political influence, by giving everyone equal voting power; and (b) secure citizens’ basic political liberties, including, for instance, freedom of speech, freedom of political participation and freedom of association.
Having introduced this, I will consider the three issues in turn.
- Several key principles underpinning modern data ethics practices are intimately linked to the moral values of democracy. Understanding those democratic values, and how they interact with data, will alert us to a wider range of ethically risky data practices.
The following principles should be familiar to anyone with an interest in data ethics: accountability, transparency and fairness. These principles are addressed by the key documents or supervisory authority in data protection, such as the European Data Protection Supervisor (EDPS), the Information Commissioner’s Office (ICO), the Data Protection Act (DPA), the General Data Protection Regulation (GDPR), as well as the Data Ethics Framework for the public sector. It is easy, however, to disregard the connections between these values and the values of democracy.
One widely shared view in moral and political philosophy is that democracy is valuable when and because it holds political actors accountable to citizens. This is why democracy requires institutions which permit public accountability, including but not limited to (a) separation of state powers, (b) fair and equal elections, and (c) equal and effective political liberties.
Separation of powers is important because it allows different state bodies to monitor, review and constrain the decisions of each other. Fair and equal elections are important because they allow us to vote down people who, in our view, underperform. Equal and effective political liberties are important because we require a protected sphere to expose the misconduct of public officials and hold them to account.
We can compare these theoretical demands to how accountability is often actually interpreted in practice in data ethics. The best way to do so is to consider its meanings according to the major guidelines and authorities for ethical data practices. The ICO, for instance, states that accountability ‘requires you to take responsibility for what you do with personal data and how you comply with the other principles’[1]. Meanwhile, the EDPS states that
Organisations…must demonstrate that they are compliant with the law. Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long; documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.[2]
And according to the UK Data Ethics Framework,
Accountability means that there are effective governance and oversight mechanisms for any project [related to data use in the public sector]. Public accountability means that the public or its representatives are able to exercise effective oversight and control over the decisions and actions taken by the government and its officials, in order to guarantee that government initiatives meet their stated objectives and respond to the needs of the communities they are designed to benefit.[3]
From these, we can infer the following requirements necessary for accountability under existing regulations of data use:
- Organisations should be responsible for how they use data;
- Organisations should show that their data use complies with the law; and
- There should be effective mechanisms to oversee projects involving the use of data.
For several reasons, however, we shouldn’t, see the meaning of accountability in moral/political philosophy and in existing regulations as different from each other.
First, organisations, especially the financially resourceful ones, are themselves powerful political actors. By collaborating with interest groups and public officials, they can influence the policy agenda, support their preferred electoral candidates, and so on. Data is a resource that can help organisations achieve their political agenda.
One relevant example here is that corporations, as we will see below, can provide ambitious politicians with data favourable for their electoral success, in exchange for financial benefits. Every individual has their own political agenda, and it is not a problem per se for us to exercise as much political influence as we can; this is a legitimate interest we all share as democratic citizens, after all. But we should all pursue this interest in an ethically responsible way.
In particular, ethical use of data is not merely about compliance; it is also about using data in a way that honours the values that matter morally, including democratic values. So, when we say that organisations should be responsible for how they use data, this implies that they should be responsible for the impact of their data practices on democratic values as well.
Second, organisations are under an obligation to show that their data use complies with the law: mere compliance is inadequate. There should also be effective mechanisms to oversee projects involving the use of data. But why? A democratic argument for these principles can be given.
In a democracy, we expect the state to show, publicly, in most cases, that their decisions are lawful. Crucially, here, it does not follow from the state ‘showing’ that their decisions are lawful that these decisions are in fact lawful. We have this expectation of the state because we want to be sure that we are in a position to verify whether the state operates in such a way that it accepts being bound by the rules made by us, or by our political representatives. We want to know whether the state acts in accordance with rules designed to protect our interests, especially when the state is funded by us and has coercive power over us.
Corporations and the state are, by their nature, different kinds of organisations, but we can nevertheless apply a similar expectation to the former. When corporations rely on individuals’ data to function and pursue their commercial interests, they have a duty to show that their data practices are not socially harmful. This is because it is our data that makes it possible for corporations to achieve their goals. Therefore, we have legitimate reason to demand that corporations’ data practices comply with rules that are, ultimately, subject to our democratic control.
In fact, a similar democratic argument can be made for transparency and fairness in data ethics. According to the EDPS, transparency implies that:
You have the right to know which of your personal data are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed.[4]
And the UK Data Ethics Framework also says that:
Transparency means that your actions, processes and data are made open to inspection by publishing information about the project in a complete, open, understandable, easily-accessible, and free format.[5]
If our data is a valuable resource for a corporation’s ability to make sound decisions, we should likewise have a protected right to know how the data is used, and whether it is used in a morally appropriate manner.
The reasoning here is similar to the logic which underpins a democratic society: because we provide the state with the necessary resources to function, we should be in a position to verify if the state uses those resources in a legally and morally appropriate way, and in accordance with rules that we jointly decide as democratic citizens. And, given these considerations, a crucially important value in data ethics is fairness. According to the ICO, fairness is realised only when:
[1] We have considered how the processing may affect the individuals concerned and can justify any adverse impact…[2] We only handle people’s data in ways they would reasonably expect, or we can explain why any unexpected processing is justified…[3] We do not deceive or mislead people when we collect their personal data.[6]
Similarly, the UK Data Ethics Framework says that:
It is crucial to eliminate your project’s potential to have unintended discriminatory effects on individuals and social groups. You should aim to mitigate biases which may influence your model’s outcome and ensure that the project and its outcomes respect the dignity of individuals, are just, nondiscriminatory, and consistent with the public interest, including human rights and democratic values.[7]
It is important to be clear that the ICO and the Data Ethics Framework do not construe fairness in exactly the same way. For instance, the ICO is more concerned about the impact of data use on the relevant individuals, and whether such impact is justified, whereas the Data Ethics Framework treats fairness as a value targeting specifically the biases involved in data processing. The latter is even more explicit about the importance of democratic values, however.
Our legal and ethical experts will help you to clarify the ambiguity of the principles in various data ethics documents and address your need to connect those principles to a wider range of values of moral concern.
In any event, there is a clear parallel between fairness as we have understood it here and the expectations we place on democratic leaders. For instance, no political decision is perfect and addresses the interests of everyone. Some political decisions might also be risky and have negative impact on certain citizens. Nevertheless, we expect public officials to explain clearly to us why such risks and negative impact are necessary. The reason for this is simple: we are affected by those decisions, and we, as taxpayers, fund the making and enforcement of those decisions. Similarly, because organisations’ handling of data will potentially affect a range of individuals, and our data is a resource for organisations to pursue their interests, individuals are owed an explanation of the potential risks and impact of their data being used.
An interesting point to note is that the reasoning behind existing data ethics material is similar to well-known arguments in the field of moral and political philosophy. For example, some moral and political philosophers argue that democratic processes should aim to mitigate biases which may influence their policy outcomes, and ensure that political procedure and decisions respect the dignity of individuals, are just, non-discriminatory, and consistent with the public interest, including human rights and democratic values (e.g. equality, accountability, freedom). Indeed, this claim is almost commonsensical among moral and political philosophers, and so many people have made it that citing them all here would be difficult, as well as, perhaps, unnecessary.
However, the convergence between this claim and the UK Data Ethics Framework suggests one thing; namely, that there is a great deal of democratic thinking which is also internal to existing data ethics frameworks. This, again, compels us to think about data ethics more broadly, in relation to the moral values that connect it to and underpin democratic society. Finally, here, the preceding analysis indicates how you and your organisation can benefit significantly from working with a team who can help you to unpack the key moral considerations involved in ensuring data ethics practice.
2. Corporate and state data handling practices present ethical challenges for contemporary democratic politics.
Alongside the theoretical intersections of democratic values with key principles in data ethics, many recent ethical challenges for democratic politics are concerned with how corporations and the state handle data.
Let’s return here to the example I gave at the beginning. If I knew that you purchase only vegan food, I would infer that you are likely to support vegan-friendly policies. Data is a valuable resource for politically ambitious individuals to better achieve their agenda; this is to say, data is power in today’s world.
An infamous event which is instructive for reminding us about the importance of using data in a politically responsible fashion is the Cambridge Analytica Scandal, which unfolded in 2018. It was centred around the unauthorised data harvesting of approximately 87 million Facebook users. The British consulting firm, Cambridge Analytica, acquired this data through a third-party app, ‘This Is Your Digital Life’, and used the data to create psychographic profiles of individuals, which were then used to target and manipulate voters in various political campaigns, including the 2016 US presidential election and the Brexit referendum.
This breach of privacy and the unethical use of personal information raised significant concerns about data protection, online privacy, and the influence of digital platforms in modern politics.[8] Cambridge Analytica also reportedly worked with both the Bharatiya Janata Party (BJP) and the Indian National Congress (INC), both of which are major political parties in India. It was alleged that the company provided data-driven insights and strategies to these parties for election campaigns.[9]
The scandal highlights the scope available for financially powerful actors to manipulate public opinion by the use of data. In a democracy, informed and independent decision-making is valued, but social media platforms provide financial giants with an easy way to change citizens’ values and preferences by highly targeted content and adverts. Most of the time, voters are not even aware that they are being targeted. This raises questions about whether technology companies are in a too powerful position to manipulate the choices of voters.
A related concern here relates to injustices which follow from differential access to socio-cultural and economic knowledge. At its core, the moral concern here is that while well-funded campaigns, parties and financial giants can afford sophisticated data analysis and advertising, by contrast, ordinary citizens rarely have access to such tools. The upshot of this socio-ethical problem is that unequal access to data can create an uneven playing field in politics, in which candidates with limited resources may struggle to compete. It’s fair to note here, of course, that such problems might be more troubling for organisations processing data specifically for political purposes, or those working closely with political interest groups. Nevertheless, it’s important that the data ethics expert you employ should be highly sensitive to the potential impact of your data practices on democratic politics, so that you can circumvent practices detrimental to the quality of our democracy.
Finally, here, the ethical dilemmas for companies which operate in multiple countries and therefore across national jurisdictional boundaries are often overlooked. In recent years, political experts have raised concerns over digital authoritarianism, which means states’ attempts to manipulate and oppress domestic or foreign populations by digital means.
Authoritarian leaders can achieve this by exploiting their control of corporations which operate in both authoritarian and democratic countries. In authoritarian states, it is common for governments to demand that companies pass the data they collect to the state. In these contexts, companies often face pressure to comply with these demands to maintain access to the market. In a highly globalised world, it is common for organisations to work with governments in different countries. The different data rules in different states can potentially present ethical challenges for both your organisation, and the country to which your organisation belongs; as such, it is crucial that you consult a team which is sufficiently aware of both the political and ethical risks involved in your projects.
3. As democratic citizens, we have a duty to uphold democracy. It follows from this that our data ethics practices should take this duty seriously.
Irrespective of all the analysis here, why, at the end of the day, should we care about the impact of data practices on democratic values? Why should we not, for instance, just focus on making sure that our data practices are compliant with the law, and the key data ethics frameworks available?
The first reason is ethical, of course. Our identity as a democratic citizen takes priority over our commercial interests. We enjoy many privileges of a democratic society: today, our basic human rights are fairly well-protected; we have greater freedom to choose our own political leaders; we have a relatively sophisticated legal system to ensure fairness and justice; we have a system that, in principle, seeks to prevent the dominance of a single group or party. Our democratic society is certainly far from perfect and must be improved in many ways, but that does not mean we should not value what we have already established. All of these privileges are built upon the difficult efforts of our predecessors, but we are witnessing new kinds of challenges for all these in our digital age. We have a duty to safeguard these valuable aspects of democracy, by paying close attention to, for example, the impact of our data practices on democratic values.
But there are also compelling commercial reasons why your data practices should be informed by a team with expertise at democratic values.
First, this enhances your relationship with customers: when customers know that you handle their data with the greatest care possible, and even consider the impact of your data practices on democratic values, instead of just some generic compliance with the conventional data ethics documents, this is the clearest evidence of your strong commitment to responsible data practices and will help you to win their trust and loyalty.
Second, and finally, data ethics is still a field that is being actively cultivated, and our ethical and legal standards will evolve over time given different political, social and cultural circumstances. An ethically appropriate practice at time A might become ethically inappropriate at time B, and if your organisation fails to follow closely the paradigmatic changes in data ethics and regulations, the risks associated with such a transition could be considerable for the reputation of your business.
What is unique about the data ethics experts at IGS is that we are well-aware of the recent developments in law, ethics and politics, and the implications of these for responsible data practices.
[1] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/the-principles/accountability-principle/
[2] https://edps.europa.eu/data-protection/our-work/subjects/accountability_en
[3] https://www.gov.uk/government/publications/data-ethics-framework/data-ethics-framework-2020
[4] https://edps.europa.eu/data-protection/our-work/subjects/transparency_en#:~:text=Similarly%2C%20transparency%20is%20a%20core,are%20or%20will%20be%20processed.
[5] https://www.gov.uk/government/publications/data-ethics-framework/data-ethics-framework-2020
[6] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/the-principles/lawfulness-fairness-and-transparency/#:~:text=You%20must%20use%20personal%20data,misleading%20to%20the%20individuals%20concerned.
[7] https://assets.publishing.service.gov.uk/media/5f74a4958fa8f518dad0e99/Data_Ethics_Framework_2020.pdf
[8] https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html
[9] https://www.washingtonpost.com/world/asia_pacific/whistleblower-claims-cambridge-analyticas-partners-in-india-worked-on-elections-raising-privacy-fears/2018/03/28/1168c04c-328a-11e8-b6bd-0084a1666987_story.html
