A recent data breach involving Cambridge Analytica, a political consulting firm, affected at least 87 million Facebook users. People’s data was unknowingly used for politically manipulative ads.
While an extreme example of unethical data mining, the Facebook–Cambridge Analytica data scandal challenges businesses and marketers to think about the ways they collect, use and share data. Simply following the law is not enough to meet ethical data standards. Businesses need to show ethical proactivity when interacting with user data — and not just because it’s the right thing to do. Ethical data mining is also a no-brainer that leads to enormous benefits for business.
When the Ethical Line Blurs
It’s possible for businesses to follow the law and yet cross an ethical line when mining data. The following are areas of concern.
Personal data — No consistent legal definition of personal data exists in the United States, giving businesses potentially risky latitude to define what is worthy of more security.
Transparency — A lot of legal leeway about personal data means businesses aren’t necessarily incentivized to be transparent.
Governance — Who enforces policies at a company? Who oversees what third parties do with personal data? Even if legal requirements are met, many ethical gaps often exist when businesses lack governance — even if they have good intentions.
Merely following laws and regulations only to exploit loopholes and legal gray areas can lead companies into unethical territory when handling personal data. That’s one reason why the EU developed the General Data Protection Regulation (GDPR) in an attempt to clarify such legal, and ethical, ambiguity around how companies handle personal data.
Don’t Bet on GDPR to Help Define Data-Mining Ethics
On May 25, 2018, the GDPR took effect. This regulation strengthens and consolidates data privacy laws for EU residents. Much stricter than any U.S. data privacy law, GDPR directly impacts any company handling EU resident personal data. Before businesses collect any personal information, EU residents must provide informed consent — meaning these residents understand they are giving businesses access to their data and clearly know what will be done with it. And if EU residents decide to reverse their decision, businesses must comply and withdraw or delete their data.
However, while GDPR does set some clear guidelines and definitions, the regulation does not necessarily clarify how to implement them. For example, GDPR requires “data protection by design and by default,” but what does that look like in terms of execution? Companies will need to continually evaluate and assess their existing solutions to meet this expectation without much specific instruction as to the definition.
While court battles scouring the details of the legal wording included in GDPR will take place for a long time, it’s not wise to just adhere to legalities. Focusing only on what a business can and can’t do while complying with GDPR still does not fully address all concerns with ethical data mining.
Why Ethical Data Mining Benefits Business — and How to Talk About It
An ethical approach to data mining that goes beyond U.S. law or GDPR helps more than just a company’s brand reputation. As hackers grow more sophisticated and breaches are now commonplace, eliminating any risks around handling personal data also helps a company’s ability to secure its data and fend off cyberattacks.
To fully embrace these business benefits and mitigate reputational and security risks, businesses need to:
Align the organizational vision with how a company uses data. Some businesses use data in ways that do not connect to the organization’s vision. Clearer alignment often leads to more trust.
Go beyond even GDPR’s requirements about informed consent. If businesses conduct activities like background checks, partnering with third parties or using data to influence audiences, they need to explain that to customers in clear, transparent language. A good example of this is The Guardian, which clearly explains to readers how their data is used and why.
Become an evangelist for ethically mining data. Businesses often unintentionally commit data-mining ethics breaches. To avert such problems, businesses can invest in education and training for employees, prioritize protecting user information, and be more transparent with users about how their data is shared.
Businesses need to think beyond just collecting as much personal information as possible and using it when needed. Instead, they need to proactively ask, “Why am I collecting data? What am I doing with it? And how am I letting users know about and consent to its use?” And answering those questions — beyond the requirements of laws and regulations — will pay off for those businesses in more ways than one.
David Thomas is CEO at Evident ID, is an accomplished cybersecurity entrepreneur. He has a history of introducing innovative technologies, establishing them in the market, and driving growth — with each early-stage company emerging as the market leader. Today, as CEO of Evident, he helps provide innovative business solutions to simplify interactions with personal data assets.