You’re offline. This is a read only version of the page.
Published: 17 November 2018 by Emma Martins
In the first of our articles on data ethics, we talked about why it is that the question of ethics now has a much higher profile in conversations around data protection.
Why is it even necessary to have to think beyond what the data protection law says? It is, after all, a very comprehensive piece of legislation that covers the processing of personal data in nearly all its forms.
I think that at least some of the answer lies in the nature of data in this modern era.
Put simply, we are immersed in it. Technology has become embedded into our everyday lives, shaping us and our society. Even our bodies are becoming increasingly connected so technology is no longer something apart from us, it is a part of us.
We produce and consume data as part of huge data ecosystems that span almost every aspect of our work and home lives. Whether we are aware of it or not, our lives are influenced by the processing that goes on, mostly behind the scenes.
And it is the fact that data is now integral to our lives and interwoven into them that the question of regulation rears its head. Few disagree that regulation providing protections and remedies is important when data harms are so real. But if we think of law as being the only arbiter, we essentially consider all conduct except the illegal to be allowed. Doing ethics means that we seek to live our best lives, not see how low we can sink, because If we look only to law, we risk a race to the bottom. We need to aspire to be better than that. How we treat each other and would wish others to treat us is more than law. And much of culture – our attitudes, values, aspirations, starts from a question of ethics. What sort of place do we want to live in and what do we want our lives and the lives of others to be like?
In the lead up to GDPR there is an argument that in the rush to the 25 May 2018 deadline, compliance became about checklists and tick boxes. Checklists have value but can be counterproductive if we do not engage with the underlying spirit.
Real respect for data rights can only be delivered in part by law. Regulators and legislation cannot on their own deliver outcomes that truly protect individuals and allow businesses to flourish by ensuring their most important asset – data – is properly looked after. Where you have a culture that understands, engages and respects data protection, organisations will operate that way because there is a cultural and social as well as legal pressure for them to do so.
Just recently on the radio I heard an item which highlighted how a UK company had hidden a tick box away during an online application process. Affected individuals were shocked and angry at the subsequent way in which their data was used. It was clear that the company concerned had done everything it could to obfuscate the message, trying to get consent from individuals without them even being aware of having given it. This is no accident. Every organisation will make decisions about the layout and wording of webpages and forms. Whilst the law may take a dim view of this sort of deceptive practice, perhaps as important is the fact that it became a news story. This serves to shine a light on organisations that do not engage with their responsibilities legally or ethically which in turn can be very effective in prompting positive change.
Ethics is not something that stops at the front door of your office. Organisations are made up of people – of us. How we approach all aspects of our lives has the potential to underpin a common foundation for our jurisdiction that we can all benefit from.
So, to be interested in ethics is to be interested in life. With our lives so completely wrapped up in the data choices we and others make, to be interested in life is also to be interested in data protection.
More than ever before, data protection requires personal engagement, not just a run through of a check list. In requiring personal engagement it necessarily means that you will bring your personal values to that engagement. Ethics must become a custom, a way of thinking, a set of values held by us all. It is the conversations and the outcomes that matter and we want to play our part in making sure conversations continue and outcomes improve.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up now
The Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2025 The Office of the Data Protection Authority.