There are many ways to describe something. We can use the senses – how it looks, tastes, feels, sounds, or smells. Or we can talk about what it does, how it makes us feel, how it changes us. We can use stories too. And sometimes we can simply describe questions that it raises.
So I took the question approach in describing what kind of questions a digital ethics committee would ask. They are grouped under common ethical issues in data management. The list is not meant to be exhaustive nor is it expected or appropriate to answer each question all the time. The questions are prompts for discussion and to draw out perspectives.
- Is the data being collected tied to a specific purpose or is it speculative?
- Is the data and/or model representative of what the project wants to measure?
- Could we collect less data and still achieve our purpose?
- Is the data collected used? If so, by whom? Does the data have an explicit purpose? Who has access to it, is it shared, is there consent?
- Is it clear when it will be deleted?
Awareness and Consent
- Is there a clear process and plan to raise awareness identifying target groups, channels to reach each group, language, extra vulnerabilities? Does the plan address the following?
- What is the benefit to the community that the project is trying to achieve?
- What are the activities that will be carried out in this project?
- Do the people involved in the project understand:
- What data about them is needed for the project, why, how it will be used, who will have access, with whom it will be shared (and why), and when it will be deleted
- Is there a clear process and plan to collect consent during which understanding is checked for and explanations about what data about them is needed for the project, why, how it will be used, who will have access, with whom it will be shared (and why), and when it will be deleted is explained again?
Feedback and Safeguarding?
- Can a project participant or stakeholder complain about the process?
- If the project engages people online, are there clear protocols in place about how to do that?
- Is the project ensuring communities know how to live wisely in the digital world?
- How is digital literacy being addressed? Especially for the most vulnerable groups?
Bias and Fairness
- Who does it leave out? Is the project designed for the majority or a minority?
- Has the project considered the bias in project team and in project data (sources)?
- Is the use of data and technology non-discriminatory?
- Is there any prejudice or favouritism in the data or model?
- Who has written the algorithms and Code – what are their assumptions about the populations with whom we work?
- Is the model (or underlying data) codifying the current state of the world and thereby making it harder to change? (e.g. are we building models that perpetuate or encore past mistakes)
Transparency and Explain-ability:
- Is there clear documentation of the data management process and visibility on how the model or algorithm(s) function? (e.g. can someone not directly involved in the process explain what is happening?)
Access, Ownership, and Portability
- Are the rights to the data and related insights derived clearly defined? (e.g. is it clear how decisions are made regarding how and by whom the data can be used, how problems in or related to the data are rectified, and other related issues?)
- Is it clear who ‘owns’ the data and the insights? And who has access to them?
- Who will have access to the data, why, for what purpose?
- Will the person about whom the data is be able to access the data? Take it with her? Use it in other areas of their life without our involvement/knowledge?
- Who is the project sharing the data with? For what purpose?
- Have the people about whom the data is consented to the sharing of the data?
- Is there a clear data sharing model? Is it one way, two way, or multidirectional?
- What is the ethos of the partners and does it ‘fit’ ours?
Sustainability, Maintenance & Architecture
- Minimal reliance on central authorities
- Are the systems auditable and fixable?
- Is there a sustainability model in place for any data being maintained or system to be continually used?
Security, Protection, Privacy
- Has the IT Information and Security team conducted a Privacy Impact Assessment, Data Protection Impact Assessment, and a security assessment of the system the project will be using?
- Are the digital processes privacy-preserving
- Does the data or its use reveal the identity of an individual or group of people?
- Is the impact on data subject – both short term and long term – understood by the project team?
- Is it clear when the data will be deleted?