The Ethics, Stupid!

Data science is in the news!

I always thought this would be a good thing, but as Mark Zuckerberg sweats it out in front of Congress, things don’t look great for his data team.

Not surprisingly for your friendly local data nerd, a lot of people have asked me about the Facebook situation recently, and one question I’m hearing a lot is ‘will GDPR solve stuff like this?’ I think a lot of people have been surprised by my response, which is usually a vehement ‘NO!’

This isn’t a very popular opinion. Indeed, it can be argued pretty convincingly that GDPR’s Privacy by Design requirement is the perfect salve for the kind of gaping wound we’ve seen at Facebook. Privacy by Design means protecting the data subject (you, me, our elderly relatives, or our children) as a matter of course. It is surely one of the great parts of the incoming regulation.

But for all that GDPR will give us protection, it won’t change cultures overnight. Think about where your organisation realistically stands on the following statement:

‘My organisation cares more about not getting caught than being compliant.’

It’s okay, you can keep your honest answer to yourself. But there’s an interesting point here – compliance is compliance, but what you might be prepared do if you thought you could get away with it is a question of ethics. It is difficult to retrofit privacy, but impossible to retrofit ethics.

Hearing Zuckerberg answer questions about abuses of personal data with lines like ‘…I’m used to, when people legally certify that they’re going to do something, that they do it,’ makes me concerned that the ethical point here has been well and truly missed.

When you’ve acknowledged, as Zuckerberg has done, that the existing law is incomplete, it’s a question of ethics to ask yourself: what might someone do? What are the chances of that? What has actually been legally certified? And is that enough to protect people?

For example, I never pee in hotel kettles. As far as I’m aware, it’s not actually illegal – I just feel as if one shouldn’t do it. Hopefully, it never needs to be legislated against because we all have the wisdom and decency not to do it. In cases like that, society upholds its own ethics. On Facebook, however, we the data subjects (and we, the data scientists) don’t hold all the information – it’s up to Zuckerberg and his colleagues to uphold ethics for us, or so it seems. I’d love to be proved wrong about this, but I suspect it’s already too late…

(Stormtrooper mage courtesy of: