Ethics may be, by far, the most overlooked aspect of data protection programmes, and not because people do not consider ‘being ethical’ important when processing data but because the regulator does not require processing to be ethical and omits its presence in data protection and privacy regulations, keeping this to non-binding guidance or general recommendations. Not surprising considering that it is neither actively taught to legal professionals during law school, nor explicitly detailed in the applicable code of conducts. When referring to ethical or moral behaviour in a legal framework, religious morals and ethics should be avoided and instead it should be linked to present-day society and the world that surrounds us, taking into consideration modern practices and technologies that each and every one of us is confronted with on a daily basis, plus the fact that this technology is yet to be further evolved. This paper focuses on just a couple of those modern scenarios where ethics should be a key component when it relates to data processing yet is somehow overlooked. When thinking of marketing practices, the days of the salesperson knocking on our doors are long gone, and everything is virtual now. No matter where you go on the Internet, you are confronted with banners and pop-ups, never-ending sections which ask you about your date of birth, your address, or the last time you enjoyed a hot coffee. Sometimes one does not even realise how much data is requested or how one can suddenly feel bad about not providing certain information. Whereas the salesperson knocking on your door talked you into buying stuff you did not need, marketing these days has taken another approach to sell you something, which consists of collecting considerable amounts of data from individuals, exploiting social engineering procedures and thereby manipulating the individual's actual will. In EU legislation, under the GDPR, ‘consent’ must be ‘freely given, specific, informed and unambiguous’, but it is not established how this consent may be induced or collected, leading to obscure practices that would be against that ‘free’ will and are commonly known as ‘dark patterns’. Ethics is not widely considered, legislatively speaking, to generally protect data, but there is one area in which ethics is not only considered but also made a key component and a fundamental aspect to take into account: artificial intelligence (AI). Certain principles are expected to be introduced into any AI system for it to be deemed trustworthy, and from the field of AI, and its focus on ethics, it is possible to learn how to improve, not only automated interactions with a machine, but also how to protect data in general.
Read full abstract