Data laws ‘encouraging compliance mentality’

Robin Wilton of Internet Society says some groups only concerned with audit checklists rather than how they handle people’s information

Data protection  is  a particularly “hot topic” in Ireland because of the number of tech companies with their European HQs here
Data protection is a particularly “hot topic” in Ireland because of the number of tech companies with their European HQs here

Data protection laws are encouraging a “compliance mentality” rather than an ethical perspective in companies that deal with people’s personal data, a leading privacy and digital identity expert has said.

Robin Wilton of the Internet Society – a global organisation focusing on internet policy and standards – said some organisations were more concerned with checklists for audit purposes than with how they handled people's information.

The relevant laws covered legal responsibilities, but he believed they left “plenty of room for unethical behaviour”.

He was delivering a lecture entitled Data Ethics: It's Murder Out There at the Adapt Centre for Digital Content Technology in Trinity College Dublin yesterday. It was the latest in a series of lectures at the centre on ethics and privacy.

READ MORE

Mr Wilton contends that the frameworks for dealing with ethical issues around personal data are still immature and partly-formed.

Checklist

He said the “compliance mentality” whereby a company would draw up a checklist to show it had taken measures to be compliant with data protection law, or that it had gone through an audit, could have a number of consequences.

“The first one is [that] a really unscrupulous company will go through that process, make sure that they have ticked all the boxes, so that if they end up in front of the regulator they can point to the checklist and say, ‘Look, we did all this therefore we can’t be legally liable’.”

The second and more pernicious effect was that such a mentality could blind a company to the fact that it was taking such measures in the first place in order to protect the interests of its customers.

“So I think there are ethical dimensions to this that go beyond what you get from a strict governance, risk and compliance approach.”

Remarking that data was the “raw material” fuelling the monetisation process, he said this “engine” was about to get a massive boost in input and power through the Internet of Things.

“When you think of the number of systems which are increasingly autonomous. I think that’s quite a worrying combination.”

Mr Wilton, the technical outreach director for identity and privacy with the Internet Society, will return to Dublin next month for a workshop, to help find examples of practical guidance for organisations on how to practice “ethical data”.

Deputy director of the Adapt Centre Dr David Lewis said the issue was a particularly "hot topic" in Ireland because of the number of tech companies with their European HQs here.

Researchers were at the “cutting edge” of what they could do with voice and video data, for example.

“So I think it’s important for us to be at the forefront of alerting people to the new concerns that they should know about, and about what we can do just by processing the data.”