Data Ethics and the Law#

According to the Britannica Encyclopedia, ethics is a branch of philosophy concerned with “what is morally good and bad and morally right and wrong.” While this sounds quite simple and matter of fact in nature, like most academic disciplines, the field of ethics consists of many diverse perspectives, approaches, and analyses in defining what is “good,” “bad,” “right,” and “wrong.” In data science, there is constant debate on the gray area around ethical conduct concerning data. Furthermore, with the rapid growth of data science, computer science, and other related fields, ethical considerations and standards lag behind technological advancements.

In an attempt to keep up with the use of data in these advancements, many countries have adopted policies, regulations, and legislations around the collection, use, and maintenance of data. For example, the General Data Protection Regulation (GDPR) 1 consists of legal regulations pertaining to data privacy and protection on citizens and entities of the European Union and European Economic Area. The GDPR aims to enforce individuals’ rights and ownership over personal data and facilitate civility in international business practices.

The United States federal government has developed the Data Ethics Framework2 to serve as a guideline for federal employees in making decisions involving the acquisition, management, and use of data on behalf of federal agencies. However, there are currently no federal laws and regulations around data usage by commercial and personal entities. State legislative bodies have aimed to fill in this gap. One of the most extensive state legislations regarding data privacy is the California Privacy Rights Act 3 (CPRA, effective January 2023). This act provides various protections for Californians regarding personal data, including rights to correct inaccuracies, limit disclosure of personal information, restrict retention of personal data by companies, and other provisions. Other states have developed similar laws, including Virginia 4, Colorado 5, Utah 6, Connecticut 7, and New York 8. While states are pushing for more protections around personal data, there is great variability and effectiveness across state lines. For example, the Utah Consumer Privacy Act does not offer protections against profiling (i.e. data aggregation and processing that evaluates personal attributes and characteristics about an individual) as compared to similar laws in California, Virginia, and Colorado.

On a global scale, data ethics and privacy laws have been passed in practically all countries of the Global North. Currently, most countries in the Global South have enacted similar laws, but some still have not passed or developed legislations around these topics. The United Nations Conference on Trade and Development offers an interactive map detailing laws for all countries across the world regarding electronics transactions, consumer protections, privacy and data protection, and cybercrime. In the development of new technological advancements and accompanying provisions, representation from both the Global North and Global South will have important implications in the global economy and sociopolitical relations.

Ethical Framework#

Many legal and ethical concerns surrounding data-centered conduct and decision-making involves maximizing human benefits while minimizing unintended damage. Using a synopsis of the major emphasized topics outlined in state-level, federal, and international guides (see references below and throughout the chapter), this approach can be summarized into 4 major pillars that may serve as the basis of decisions, research, and usage of data involving human subjects:

  1. Communication, interpretation, and application of human data should be accurate and consider social, political, and economic contexts and ramifications, especially when involving vulnerable populations.

  2. Collected human data should be shared and maintained in a way that protects the privacy of subjects.

  3. Acquisition and collection of data should involve volition and informed consent from human subjects.

  4. The attainment, usage, storage, analysis, and maintenance of human data should be as transparent, accountable, and honest as possible and intended for some sort of human benefit.

While these pillars have not been adopted by government agencies verbatim, they serve as a basis for data science students to consider as they explore and move throughout data science courses and professional opportunities.


1

GENERAL DATA PROTECTION REGULATION (GDPR), https://gdpr-info.eu

2

General Services Administration. 2020. Federal Data Strategy - Data Ethics Framework. https://resources.data.gov/assets/documents/fds-data-ethics-framework.pdf

3

TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100] ( Title 1.81.5 added by Stats. 2018, Ch. 55, Sec. 3. ). https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.5.&part=4.&chapter=&article

4

Code of Virginia Table of Contents » Title 59.1. Trade and Commerce » Chapter 53. Consumer Data Protection Act. https://law.lis.virginia.gov/vacodefull/title59.1/chapter53/

5

Colorado Register Official Publication of the State Administrative Rules (24-4-103(11) C.R.S.). https://www.sos.state.co.us/CCR/RegisterHome.do

6

S.B. 227 Consumer Privacy Act. https://le.utah.gov/~2022/bills/static/SB0227.html

7

The Connecticut Data Privacy Act. https://portal.ct.gov/AG/Sections/Privacy/The-Connecticut-Data-Privacy-Act

8

Senate Bill S5575B SIGNED BY GOVERNOR 2019-2020 Legislative Session. https://www.nysenate.gov/legislation/bills/2019/S5575