Working with data is a real chance. It is even said to be the sexiest job of the 21st century! And it is easy to understand why. Data is so meaningful in science, medicine, security, innovation, business and so many more areas of application. But this unlimited power gives us a lot of responsibilities.
We may forget, while we are staring at our screens, files & databases, but behind this data are real individuals, who have their needs, opinions & expectations. And sometimes these are ambiguous:
- The patient expects medical secrecy from his doctor BUT he may want sometimes to make his medical record available for research.
- Citizens don’t want to be filmed in the street by security cameras BUT they want the same cameras to protect them from criminals & terrorists.
- Consumers don’t want to be tracked online BUT they expect brands to send them only the relevant marketing communication.
Facing such ambiguities, professionals handling data must always ask themselves:
WHERE DO I DRAW THE LINE?
Where do I draw the line between what is acceptable and what is not? Between what will be accepted by the data subjects and what will not? And of course, we’ve got a first answer that comes directly to our mind: legislation.
Legislation has evolved and will continue to do so, in the context of personal data: GDPR, e-privacy, American CCPA… And of course, respecting these laws is an obligation for every business. But this is not an easy task! GDPR alone is composed of 99 articles. How to be sure that you comply to all of them? And if you do, is that it? You have gathered the data according to the law and you plan to use it according to the law. Is it enough? What could still go wrong? And more importantly, do the data subjects apply the same interpretation of ‘wrong’ as the law and I have?
You may think: “of course they do”… but think again. The GDPR that we use today is applicable since 2018, but it has been written in 2016. Already 5 years ago. And of course, data innovation has not stopped since. New methods have been invented, new tools have been released, new channels are used by data subjects. And some of them were not foreseen, and therefore not regulated, by our 5 year old law.
This is why legislation, may not be enough today to meet all the individual’s expectations. We have to take an extra step, to be sure that we have the same notion of acceptable usage of their data.
In the end, what we need is a societal agreement on ‘right’ & ‘wrong’. This societal agreement exists, and it is called 'ethics'. And ethics are a very good candidate to help us draw the line, because they perfectly complements legislation:
- Legislation tells us what is allowed and what is forbidden: what we CAN do.
- In the context of legislation, ethics tell us what is expected by the community: what we SHOULD do.
We could say that respecting the legislation is using your brain, while respecting the ethics is using your heart. Guess which one is the most important for data subjects?
In the next episode of this blog series, we’ll introduce the subject of data ethics in more detail, and we’ll show why respecting ethics is a clever way to prepare the future.