Ethical Issues Related to Data Privacy and Security: Why We Must Balance Ethical and Legal Requirements in the Connected World
Different industries, organizations, and governing bodies view the issue of data privacy differently. Additionally, ethical issues related to data privacy and security can change how a group of people thinks about data dissemination. In emergency situations, some individuals could value a fast and informed response more than they value data privacy.
Because the opinions and ethics surrounding data privacy are not constant, it can be challenging for governing authorities to enforce legal requirements. Governance around data privacy and security is an important part of society, however, to protect individuals. To maintain ethical guidelines and protect the general public, governing bodies should weigh the costs and benefits around data privacy and security, being willing to adjust when needed.
Ethical and Compliance Challenges of Data Privacy
In the connected world, private information is more accessible than ever with the proliferation of Internet of Things (IoT) devices around the globe. Technology like IoT and 5G is powerful and can precipitate improvements to communication, health care, the supply chain, and more. However, the same technology raises challenges for organizations and governments around how to keep sensitive data private.
Additionally, opinions around data privacy vary around the world. Government authorities often set regulations to define standards for how data privacy should be handled in a particular locale. What compliance involves for data privacy depends on these government regulations. For example, in the energy systems industry in the United States, the Federal Energy Regulatory Commission enforces compliance related to privacy regulations. In other locales or other industries, different governing bodies define what compliance involves to maintain data privacy.
According to the digital ethics of privacy, you are ethically required to adhere to an individual’s wishes about how to use their data. However, that assumption can bring about the following ethical challenges related to data privacy:
- You might not know the individual’s wishes.
- The individual’s wishes might contradict regulatory requirements. For example, the government might require you to release data that a person would prefer to keep private.
- One individual’s wishes might not be the same as another individual’s wishes. These differences in privacy preferences add complexity to regulating the use of personal data.
In addition to the ethical challenges of data privacy, organizations face the following compliance challenges related to data privacy:
- Regulations vary in different locales, making it challenging for global organizations to comply to all regulations.
- Data received by an organization might have been collected by outside sources. It can be challenging for an organization to determine if the outside source collected the data in compliance with all regulations.
- Regulations can change quickly, requiring organizations to invest resources in staying up to date on the latest requirements.
Ethical and Legal Requirements Associated with Data Dissemination
The legal requirements associated with data dissemination are well defined. The ethical requirements tend to be more subjective. In scenarios where following the legal requirements could violate ethical requirements, individuals and policymakers need to strike a balance between following general standards and preserving the greater good.
Legal Requirements Associated with Data Dissemination
Regulations associated with data dissemination vary based on the governing authority. Some countries require more stringent data privacy laws than others. As examples, let’s take a look at the differing guiding principles for data dissemination in the United States and the European Union.
In the United States, the Privacy Act of 1974 governs the practices surrounding data use and data dissemination. The Act prohibits disclosing information about an individual without the individual’s consent. However, it allows for twelve statutory exceptions to this principle. The Act also gives individuals the right to access and amend their records.
In the European Union, the General Data Protection Regulation defines data privacy and security law for any data related to people in the European Union. The regulation applies to organizations outside of the European Union as well if they process the personal data of, or offer goods and services to, European Union citizens and residents. Organizations that process this data must follow seven protection and accountability principles, such as minimizing the amount of data collected and limiting the amount of time that data is stored.
Compared to the United States, data privacy regulations in the European Union tend to place more responsibility on the organizations that collect and manage personal data. In an effort to protect the individual, these regulations allow for few exceptions and allow organizations access to the least amount of data necessary for their purposes.
Ethical Requirements Associated with Data Dissemination
Ethical issues related to data privacy and security add more complexity to the discussion around data dissemination. Consider the following examples related to research ethics:
- If researchers released data collected during education studies, members of society could help the research participants who are at risk. Based on research data, politicians could allocate tax dollars more effectively to the individuals who need it the most.
- If researchers released data collected during health studies, doctors and other health-care professionals could address issues before they advance. Health insurance companies could allocate funds more effectively to those at greater risk.
If ethics was the only factor, organizations would disseminate data whenever the recipient could use the data for good. This principle can be controversial, however, because there could be cases where disclosing the data would be better for others but worse for the individual. If an organization released research results, it could help policymakers allocate funds, but it could also cause an individual to lose his job or sully his reputation.
Health-care research studies, in particular, now require ethical approval and informed consent because of a history of studies that caused harm to individuals. However, these regulations prevent scientists from being able to study conditions or scenarios that could benefit society if they could cause harm to the individual being studied.
Overall, the ethical requirements associated with data dissemination are complex and flexible. Because there are differing opinions, policymakers and citizens need to consider individual cases before making regulations.
Gap between Ethical and Legal Requirements
In regard to data privacy data dissemination, there is a gap between ethical and legal requirements. This gap represents the subjective area where individuals should challenge lawmakers to allow data dissemination if it is better for society.
For example, in emergency use cases, it might be appropriate to make genetic information available to first responders. If first responders use the data appropriately, they could save lives. The General Data Protection Regulation in the European Union does allow organizations to process data if it’s needed to save someone’s life. However, the legal requirements around how to properly store and process data can sometimes make it too challenging or costly to do so when needed.
New Ethical Concerns in Online Privacy and Data Security
As technology advances and the world becomes more connected, there are more opportunities for beneficial data use. At the same time, there are more opportunities for people to use that data unethically.
The COVID-19 Pandemic
Medical professionals first identified the novel virus causing the COVID-19 pandemic in Wuhan in December 2019. Since then, the World Health Organization declared the virus a pandemic because of the international spread of disease.
Every governing body faced with the virus has had to make their own decisions about how to contain it. For example, many countries use contact tracing, but some countries disagree on ethical principles for it. Contact tracing identifies recent contacts of a person who tested positive for COVID-19 so the contacts can be tested before symptoms develop. One method for effectively identifying recent contacts is by analyzing location data from mobile devices. However, government access to location data raises privacy concerns if individuals do not specifically allow that data to be used.
Governments have had to balance these ethical considerations when determining data security regulations. Some governments made exceptions to existing regulations, violating online privacy in favor of limiting the spread of the virus. Others found alternative methods for contact tracing that are not as accurate. Through these kinds of scenarios, the COVID-19 pandemic has shed new light on ethical concerns in online privacy and data security.
New Technology and Global Trends
New technology has also created new ethical concerns related to online privacy and data security. For example, researchers are studying whether they can use social media and mobile device data to identify individuals at risk of suicide. To follow legal requirements, though, researchers must collect and use this data appropriately and give individuals the ability to consent to its use.
The global trend of an interconnected world with increased internet use causes another ethical concern. There is unequal access to technology like social media and mobile devices around the world. To help with equity, leaders in technology should work to make access to technology like 5G networks available in less connected areas.
The benefits of technology and the internet come with some cybersecurity risks. That’s another reason ethical concerns about online privacy and data security are in the minds of internet users currently. According to the Federal Bureau of Investigation’s 2020 Internet Crime Report, there were 791,790 complaints of suspected internet crime in 2020. Complaints increased by more than three hundred thousand incidents compared to 2019.
Organizations that collect private data need to invest significant resources to avoid the risk of a data breach. Even with security measures in place, organizations can still become a victim of cybersecurity attacks. Because of these security risks and the ethical consequences of an organization accidentally exposing personal data, government authorities must monitor cybercrime and require organizations to handle private data securely.
Ethical Guidelines for the Information Professional
New technology is a disruption to the previous way of life. In some ways, technology offers new opportunities for advancement that can greatly benefit individuals. In other ways, technology creates opportunities for risks and inequalities. To combat and minimize these risks, individuals have an ethical responsibility to use technology wisely and keep data secure.
When it comes to data privacy and security, individuals should uphold the following principles in order to follow ethical guidelines:
- Do no harm while seeking to improve the quality of life for all people.
- Establish accountability practices.
- Respect confidentiality.
These overarching principles cover the basics about what it means to follow ethical guidelines related to data privacy. For a more comprehensive list of ethical guidelines for information professionals currently in the field, refer to the Best Ethical Practices in Technology article published by Santa Clara University. These guidelines can help direct information professionals to use data responsibly and ethically in their endeavors.
An effective way to enforce these ethical guidelines within an organization is by asking employees, students, and volunteers to sign a code of conduct. Then, if someone in your profession is not following ethical guidelines, you can appeal to the code of conduct to alter their behavior or to justify their dismissal.
Community Involvement around Data Privacy
Ethical issues related to data privacy and security require policymakers to form regulations and enforce consequences for violations, but policymakers must also be ready to adapt when needed. To protect the privacy of all, we need to think critically about how to best handle personal data, especially in an increasingly connected world online.
The Institute of Electrical and Electronics Engineers (IEEE) is the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity. IEEE offers resources and opportunities to get involved with current issues like how to handle data privacy and security around the globe.
Interested in joining IEEE Digital Privacy? IEEE Digital Privacy is an IEEE-wide effort dedicated to champion the digital privacy needs of the individuals. This initiative strives to bring the voice of technologists to the digital privacy discussion and solutions, incorporating a holistic approach to address privacy that also includes economic, legal, and social perspectives. Join the IEEE Digital Privacy Community to stay involved with the initiative program activities and connect with others in the field.