A recent data breach involving Cambridge Analytica, a political consulting firm, affected at least 87 million Facebook users, whose data was used for politically manipulative ads.
While an extreme example of unethical data mining, the Facebook-Cambridge Analytica scandal challenges businesses and marketers to think about the ways they collect, use, and share data. Simply following the law is not enough to meet ethical data standards. Businesses need to show ethical proactivity when interacting with user data — and not just because it’s the right thing to do. Ethical data mining is a no-brainer that leads to enormous benefits for business.
When the Ethical Line Blurs
It’s possible for businesses to follow the law and yet cross an ethical line when mining data. Areas of concern include:
- Personal data: No consistent legal definition of “personal data” exists in the United States, giving businesses potentially risky latitude to define what is worthy of more security.
- Transparency: A lot of legal leeway about personal data means businesses aren’t necessarily incentivized to be transparent.
- Governance: Who enforces policies at a company? Who oversees what third parties do with personal data? Even if legal requirements are met, many ethical gaps often exist when businesses lack governance — even if they have good intentions.
Merely following laws and regulations only to exploit loopholes and legal gray areas can lead companies into unethical territory when handling personal data. That’s one reason why the European Union (EU) developed the General Data Protection Regulation (GDPR), an attempt to clarify such legal and ethical ambiguity around how companies handle personal data.
Don’t Bet on the GDPR to Help Define Data Mining Ethics
On May 25, 2018, the GDPR took effect. This regulation strengthens and consolidates data privacy laws for EU residents. Much stricter than any US data privacy law, the GDPR directly impacts any company handling EU residents’ personal data. Before businesses collect any personal information, EU residents must provide informed consent — meaning these residents must understand they are giving businesses access to their data and clearly know what will be done with it. And if EU residents decide to reverse their decisions to grant a business access to personal data, the business must comply and withdraw or delete their data.
While the GDPR does set some clear guidelines and definitions, the regulation does not necessarily clarify how to implement them. For example, GDPR requires “data protection by design and by default,” but what does that look like in terms of execution? Companies will need to continually evaluate and assess their existing solutions to meet this expectation without much in the way of specific instruction.
While court battles scouring the details of the wording included in the GDPR will take place for a long time, it’s not wise to adhere just to the formal legalities. Focusing only on what your business can and can’t do while complying with the GDPR does not fully address all concerns with ethical data mining.
Why Ethical Data Mining Benefits Business — and How to Talk About It
An ethical approach to data mining that goes beyond US law or the GDPR helps more than just a company’s brand reputation. As hackers grow more sophisticated and breaches more commonplace, eliminating any risks around handling personal data also helps a company secure its data and fend off cyberattacks.
To fully embrace these business benefits and mitigate reputational and security risks, businesses need to:
- Align organizational vision with how a company uses data: Some businesses use data in ways that do not connect to the organization’s vision. Clearer alignment often leads to more trust.
- Go beyond even the GDPR’s requirements about informed consent: If businesses conduct activities like background checks, partnering with third parties, or using data to influence audiences, they need to explain this to customers in clear, transparent language. A good example of this is The Guardian, which clearly explains to readers how personal data is used and why.
- Become evangelists for ethically mining data: Businesses often unintentionally commit data mining ethics breaches. Invest in education and training for employees, prioritize protecting user information, and be more transparent with users about how their data is shared.
Businesses need to think beyond just collecting as much personal information as possible and using it when needed. Instead, they need to proactively ask, “Why am I collecting data? What am I doing with it? And how am I letting users know about and consent to its use?” Answering those questions — beyond the requirements of laws and regulations — will pay off for your business in more ways than one.
David Thomas is CEO at Evident.