A Short Introduction to Data Ethics, its Governance and the Rule of Law

Data Ethics
______________________________________________________________________________________
This document is a collection of various key pointers and practices employed in good data governance and management. Key insights found
inside this handbook should be treated as a guide and/or advice on how data should be treated in today’s era. The following material is to be
digested and taken with a pinch of salt, as the ever-changing law and regulations behind data ethics will warrant some of the following pointers
outdated or irrelevant. Nevertheless, as new insights and findings arrive, they will be amended to the following document
______________________________________________________________________________________

Introduction to the terminologies

First and foremost, the interaction of consumers in the online world generates a considerable amount of
data, and the trajectory of harvesting and acquiring data proliferates with time. With all the data that is
flowing in, analysts believe that they could empower their companies with a new strategic formula to
compete in the business frontier. Some businesses adopt the usual cue of picking ideas from their
existing playbook – making slight amendments to their marketing and product packaging – in order to
attract prospective customers to consume their products. However, thanks to advancements in
technology, we are seeing the unravelling of a new strategy among businesses which has the potential
and capacity to revolutionise free market capitalism.

Businesses are now harnessing new tools and capitalizing on digital expertise – not conceived a few
decades ago – to study our digital footprints and convert these seemingly ‘messy data’ into extraordinary
insights that drive decision making and formulate business models. Unprecedented in scale and
magnitude, Analytics and AI has portrayed itself as an attractive proposition to many businesses, who
worshipped the advent of a new era akin to a digital renaissance. This nascent industry has become the
epitome of strategic competition in the fight to push the limits and boundaries of industrial capabilities,
which spurred many to hop onto the Analytics - AI bandwagon so as to reap the seemingly
insurmountable rewards that grow with time, and avoid being left out in this digital race.

However, its potential does come at a price with the increasing support for human privacy and data
protection. Due to the sensitive nature of the raw data, any lack of oversight and compliance into the
handling and transaction of the data could give rise to unethical exploitation of the data – amplifying
biases, stigmatization and exacerbating issues of social and economic injustices.

Accorded with such a power, we must be cognizant of playing by the rules to treat all data collected as a
sacred entity, one that is not to be misused and exploited for immoral causes. In incisive sum, we need to
respect the sanctity of data and the rule of law, so that we can navigate the future path alongside this
new frontier of power.

Definition of Data Ethics

There are many definitions of Data Ethics. DataEthics defined Data Ethics as the responsible and
proper management of data at our disposal. It is about being truthful and genuine in providing full
disclosure to the way the data is being handled in accordance to the law1.

What should the data collected be used for?

The data acquired by businesses should be dedicated with the aim of not only improving the
business and its method of operation, but most importantly, with the key goal of benefitting the
consumers who use their services1
Focusing on ethics

1
Data Ethics Principles, by DataEthics, 2017-12-29, https://dataethics.eu/data-ethics-principles/
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Incorporating an ethical-minded attitude towards the handling of data throughout the entire
business spectrum and supply chain requires a fundamental change in the organisation’s view and
perception of data. Arguably, having an existing security and privacy perspective over data is
insufficient, and this can be whole with the inclusion of ethics and trust lenses 2
- In essence, strengthening the defense of data storage is not complete in the lense of data
ethics, as the idea of ethics should extend to the acquisition, transformation and
deployment phase

Why is it important?
Focusing on ethics bolsters the trust placed by consumers on the organizations. The following are
two examples on data practices.

Example of misusing data insights for business gains at the expense of moral rights 2.1
The developers of a dating app were tasked with increasing the amount of time users spend with the app. In
their data analysis, they discovered a strong correlation between engagement and ethnic and racial biases.
Under pressure to improve business metrics, a new match recommendation algorithm predicting and
reinforcing these biases went into production

Example of good Data Ethics practice2.2

Everledger set out to minimize fraud and the prevalence of conflict gems in the diamond industry. To attract
investors and realize its goals, the company knew its solution would have to be completely transparent,
auditable, and immutable. To achieve this, it uses a blockchain architecture that delivers on all of these
requirements. Everledger also aggregates data from law enforcement and insurance companies, which in turn
use the technology as a verification system, reducing fraud and its associated costs. Everledger has built a
trusted, permanent ledger for diamond certification and transaction histories that can be extended to track
any asset with a unique identifier. This solution is “trusted by design.”

2, 2.1, 2.2
Accenture Lab - Building Digital Trust, The Role of Data Ethics in the Digital Age
https://www.accenture.com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf#zoom=50
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Source: Accenture Lab

Taxonomies for impact across the Data supply chain

Instilling brand loyalty is every business goal. Being successful could lead to a lower propensity for
users to churn, and this translates to cost-saving and revenue-generating opportunities. Branding as
a differentiator lowers the substitutability effect, making the demand for their good less price elastic
(as learnt in economics). Keeping that in mind, moving data ethics forward as a discipline warrants
the need for commonality in the communication of technical and business aspects of data ethics
among the Data Scientists and the management team.

As Accenture lays it out:

“Having a taxonomy provides clarity to all parties involved in the exchange of data and will prove
increasingly valuable as regulatory and insurance industry standards evolve”

Implementation of Data Ethics?

Developing a code of ethics (COE)
Having a language in place to facilitate the evolution of data ethics framework is crucial. The
following graphic is adapted from Accenture. Some frameworks lumped different industries-related
code into one, making it too generalized. Accenture’s framework stands out from the rest, in that it
allows organisations to incorporate their industrial knowledge and domain expertise into developing
a COE that is unique and relevant to their industry, ecosystem and from their organizational
standpoint.

Why is it important to generate a good code of ethics (COE) that is specific to the field of industry?
Defining a COE for a community of data practitioners is a necessary precursor to defining policies
and procedures that ensure digital trust is established – consistently and in tandem – with all new
products and services. Done correctly, it helps to improve transparency for stakeholders and
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

accountability for governance bodies3 Having a good COE also aids in defining the type of questions
and concerns managers can raise at each stage of the project management, development and
service delivery lifecycle

Source: Accenture

The importance of having ‘Informed Consent’

Prioritising and enforcing “informed consent” at the early stages of the data supply chain seeds trust
among users and the businesses, and it reduces a firm’s exposure to potential harm at the same
time. With that being said, as the data moves along the supply chain, the scope of the data’s
potential use broadens, and the original consent of the initial disclosure party may not sufficiently
cover such an expansion. Henceforth, this could lead to uses of data that was not conceived at the
time of disclosure, calling into question the informality of the consent. As a result, business should
be upfront to the customers about the uses of their data, and be transparent in the use of personal
information (from start to end). They have the obligation to update and inform customers about the
use of personal data that is not specified and formally agreed to in the original consent when the
business decide to expand the scope of use for their personal data.

Example of data movement along the supply chain and the widening scope of data uses not
covered in the initial consent3.1
A fitness company partners with an insurance business and brought their customers’ data with them.
Customers of the fitness company may well have originally given their consent for their data to be used to
tailor fitness-related offerings. But they might have felt differently if they’d known these offerings would
eventually include insurance products. Given these circumstances, what does “consent” mean in the context of

33, 3.1
Accenture Lab - Building Digital Trust, The Role of Data Ethics in the Digital Age
https://www.accenture.com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf#zoom=50
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

data collection? How can organizations obtain meaningful consent from their customers and, as the platform
economy continues to grow, their partners’ customers?

The following guidelines, adapted from Accenture, shows us how to analyse informed consent as a
means to uphold good data ethics in light of addressing new risks that are only now starting to
appear

Source: Accenture

Best practices for Data-sharing

As we know, the effectiveness of data-driven insights is only as good as the underlying data. Every
company strives to collect data on every aspect of their users so as to enhance their business
decision making processes. However, data collection can be a costly and tedious process, and some
form of data acquisition requires specific tools and digital expertise that may not available to some
companies. Hence, companies embrace the idea of collaborating and sharing data as a means to
generate a more efficient and cost-effective strategy in their business process. As the mobility of
data transacted gains traction, we need to be cognizant of the practices in Data-sharing.

Known to all data practitioners… and humans in general, if more data is being collected
over time, anonymity becomes is a myth4. In Sci-Mobility, there is an algorithm that
measures the degree of re-indentifying a person base on the dataset, and this is called
Privacy-Risk-Assessment

4
de Montjoye, Y.-A., Radaelli, L., Singh, V. K., & Pentland, A. “Sandy.” (2015). Unique in the shopping mall: On the reidentifiability of credit
card metadata. Science, 347(6221), 536–539. http://doi.org/10.1126/ science.1256297
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

The following figure shows us the best practices for Data-sharing

Source: Accenture
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

The above Principles of Data Ethics is a combination from both DataEthics and Accenture

1. Individuals should have the autonomy to decide how their data should be used and
ultimately, they should be empowered by their data. The individual has the primary control
over the usage of his/her data, the context in which his/her data is processed and how it is
activated5.

2. Human interest takes precedence among third-party and institutional interests

3. With regards to the method of handling, purpose employment and key processes of data
activities, these processes should be communicated to the user in both a clear and concise
manner. The users must be aware of the underlying risks, alongside the social, ethical and
societal implications associated with them giving their consent to share and allow their
personal data to be used by the business for transactional, promotional and marketing
related activities or intra-business-related operations

4. Accountability spans across the entire business and it also applies to all parties involved –
directly or indirectly - in the business transaction. An organisation needs to respect the
sanctity of data as a sacred digital resource, and develop proper measures to protect and
answer for the misuse or loss of personal data under their management. Sustainable
personal data processing must be embedded organisation-wide to ensures ethical
accountability in all stages of the business process. Correlative use of repurposed data in
research and industry represents the greatest promise and risk of data analytics

5. Knowing the societal implications that the data systems sustain, reproduce or create,
businesses should devote special attention to the management and insights generated from
the data, such that the resultant transactions or findings protect segments of the
market/society that are signalled as vulnerable to profiling, that may negatively impact their
self-determination and control or expose them to unnecessary discrimination or

5
Data Ethics Principles, by DataEthics, 2017-12-29, https://dataethics.eu/data-ethics-principles/
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

stigmatisation – from a financial, social or health perspective. This could require added
layers of protection and masking in the algorithms to reduce biases in the development
process

Source: Accenture
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Data Breaches
The following pointers highlights the most common ways data breaches occur, according to reports
published by Verizon. The findings can be found in the 2018 Data Breach Investigation Report.

1) Physical Actions (11%)

- According to Verizon, more than a tenth of incidents are non-technologically-related
handlings
 This can take the form of misplacing/stealing of paperwork or devices
 Another form of data breach in this nature is card skimming, where sensitive
information like payment details are harvested from devices slotted into card readers

2) Privilege Misuse (12%)

- Verizon discovered that more than an eight of data breaches arise from acts of mishandling
information by staff. This can manifest in the form of:
1) Abuse of privilege, where they misuse information that they have been granted access
to. They could also have ignored access policies in place that guard the data. Employees
that are guilty of such an act when they alter/modify without following the stipulated
guidelines/procedures
2) Data mishandling, where sensitive information is duplicated, distributed, acquired or
stolen by someone who is not authorized to do so

3) Social Engineering (17%)

- This is related to the threat of financial pretexting, where the suspects contact their targets
under false pretense to gain access to their information. The mode of contact can be
through mobile phone, emails, and victims may fall prey to them when they are made to
believe their legitimacy and end up giving away their personal details

4) Human error (17%)

- Verizon discovered that a fifth of incidents stem from mistakes committed by employees
themselves. This is similar to the first point, but this is with regards to the way they handle
the data with clients.
 Employees accidentally delivered the information to the wrong recipient (emailing the
wrong person, attaching the wrong document or handling over files to unauthorized
individuals
 Misconfiguration, which involves leaving a database containing sensitive information
online without any security firewalls

5) Malware, and Ransomware (30%)

- Verizon reported a handful of common tools used by cyber criminals
 RAM scrapers, that scan the memory of digital devices to collect sensitive information
 Keyloggers, that captures the keys struck on a keyboard (used to steal password and
other sensitive information

6) Criminal Hacking (48%)

- Verizon found out that the most common hacking technique involves the use of stolen
credentials
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

7) System/Device Error (report by PDPC)

- Faults / vulnerabilities in a system’s program’s code, which caused it to reveal personal data
to incorrect parties (e.g a bug in an online portal enabling someone to access another
person’s data)

Real world cases of data misuse

1) Uber “God View

- “God View” is a proprietary tool invented by Uber to allow the company to track both Uber
vehicles and customers. In 2014, an employee violated the company’s policy by using it to
track a journalist who was late for an interview with an Uber executive. The company’s
privacy policy explicitly state that no employees are allowed to pry into the history of their
customers except of ‘legitimate business purposes’
-
-

Operationalizing Ethics

The notion behind operationalizing ethics has got to do with translating all the principles and
guidelines that govern Data Ethics into transformative solutions. This can take the form of strategic
implementation and precise framework guidance that spells out how to treat data and ensure that
they are parallel with the defined principles

A Data Ethics Framework, as defined by Nathan Kinch in a Medium Article 6, refers to an

organisation’s step-by step process of diligently deploying, deciding, documenting and verifying that
it’s data processes are all in line with the constitutional guidelines and standards laid out.
- It is about social preferability rather than acceptability, which makes it the higher order
value being made here

Information governance (set strategy and manage risk) should be treated as a board-level
responsibility

Social preferability is about the overwhelming support that key stakeholders have for the intent and
outcome of data processing or data enabled business activities

Trust by Design (TbD) Program

Data Ethics Committee (Internal)

Sets a clear agenda that is supported by a consistent decision-making process –
 Systematically work through the prioritized backlog of decisions to be made and assessed
against Ethics Principles
 Secretariat documents meeting mins, decisions, tradeoffs and reasons for its actions
 Advise business on how decision impact strategy and tactical work streams
6
How to design a Data Ethics Framework, Nathan Kinch, 12-10-2019, https://medium.com/greater-than-experience-design/how-to-
design-a-data-ethics-framework-d8a9c19f9c7f
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Operational co-ordination of Data Ethics Committee decisions

Relevant stakeholders and business unit heads –
 Translate decisions from committee into specific work activities relevant to functional
business units
 Program/Project/Product Managers defined activities as relevant to impacted workstreams
and prioritise in backlogs
 Assigned work across product and service design, engr, IT and infrastructure

Expert Data Ethics Committee (External)

SMEs (Applied Ethics, Behavioural Science, Data Science etc) convene to –
 Assess highest priority data ethics considerations within context of businesses Ethics
Principles using consistent decision-making process
 Secretariat docs meeting, decisions and other details needed for auditable documentation
 Prioritise considerations, suggestions and decisions are fed back to internal DEC for
deliberation in subsequent meetings

E.g Living Lab Enabled: Social Preferability Testing

New Data Processing activities are tested in 4 stages:
1) Design Concepts to test ethics proposal
2) Put it to the test via hybrid contextual inquiry and usability customer research sessions
3) Document the sessions and analyse the output for insights
4) Feed insights back into cross functional workstreams for refinement and ensure
documentation for auditing purposes

Independent Audit:
An external org will –
 Access all relevant docs (ethics repository)
 Assess the steps taken, trade-offs made, and products/service relevant to processing activity
in the context of the organisation ‘s data ethics principles
 Document the findings and provide recommendations for board and committee re-
addressment

Governance and Operational Coordination of Independent Audit findings

Findings are taken by the group’s governance team and operational leads to –
 Define strategic changes to roadmap, with references made to identified risks and mitigation
measures
 Outline external ‘go to market’ communications to be executed on in the immediate term
 Provide guidance on operational workstreams that are impacted with details that include
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

- What work needs to be done

- Whose purview and responsibility it falls under
- The time period of its completion

Data Liability Protection - Methods/Solutions

In today’s digital world, information is almost accessible by anybody, and the increasing rate of
internet penetration means more people are having access to the internet, which is a shared
platform. Being digitalized has its perks and downsides, and it all boils down to how well an
individual, as well as an organization and a government body, manages the transactional flow of
data daily, so that the notion of sharing can benefit all parties, while at the same time executed in a
safe manner.
DPEX Network report highlighted that 80% of Personal Data Breaches stem from organizational lack
of compliance with Protection Obligation. 7 To guard oneself against falling into the trap of Data
Breaches or liable for such breaches, organisations and individuals can formulate plans or devise
solutions that
1) Bolster the integrity and management of their database warehouse systems
2) Raise awareness all parties involved in the transaction and handling of personal data
3) Lowers the susceptibility of user data being mishandled by authorized individuals

The Federal Trade Commission (FTC) of the United Sates highlighted some pointers that individuals
and organisations can consider to better handle and manage their data.8

a) Keep Personal Information Secure Offline

- This involves safeguarding personal information, both at home and in workplaces so as to
avoid giving unauthorized personnel the incentive to steal or peak at the information
- Before sharing personal information with other parties, request from those parties the
reason for collection, their method for warehousing and safeguarding those data, as well as
the implications of sharing/not sharing the data

b) Keeping personal Information Safe Online

- Be aware of who you are giving the information to . Always be cognizant of frauds and
scammers who may impersonate themselves as legitimate organisations. If a company
claims to have an account with you, and request for your personal information, go to their
site and contact the customer service hotline to verify the legitimacy of their request
- Disposing off data that you no longer require is important so that unauthorised personnel
cannot have access to the data. This is common when no longer require the raw data
supplemented as part of your project. As many Data policies state that no company should
possess the acquired data longer than their intended purpose, be sure to use a wipe utility
program to overwrite the entire hard drive or database
- Encrypting your data is important to reduce the chance of personal information being
acquired for use by unwanted parties. By encrypting your data, you create another layer of
security, which prevents unauthorised individuals from accessing the data once they have
acquired it.

7
DPEX – Data Protection Excellence Network, https://www.dpexnetwork.org/events/webinar-data-protection-service-dpaas-new-way-
managing-personal-data-smes-and-be-protected-s250000-liabilities/?
gclid=EAIaIQobChMIk_aKg5jg6QIVyteWCh1rKAn8EAAYASAAEgJUm_D_BwE

8
Federal Trade Commission, Consumer Information, https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-
secure
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

The following guidelines are rolled out by the Personal Data Protection Commission of Singapore
(PDPC)9
a) Managing Access Control
- This involves setting up a system to ensure that only authorized personnel have access to the
data
 Protecting personal data through user account and passwords
>> Unique password and username for every individual, and prompt them to update
regularly
>> Limit the number of failed logins attempt
>> Conceal passwords when users are keying in
>> Deny a user access once he/she is away for long periods of time

b) Securing Electronic Devices used by Employees

- Some recommendations can be seen below:
 Turn on password features
 Install anti-viral software, anti-spyware
 Encryption of data and securing of devices with lock and key
 Destroy uncollected printouts and facts that contain personal data

c) Protect Databases
- Providing clearance for certain databases
- Encrypting confidential/sensitive personal data

d) Securing Computer Network

- Equipping systems and internal computer networks with firewalls or anti-malware
applications
- Separating and limiting access between the various parts of the network (webserver and
internal file server should be separate)

e) Protecting Websites and Web Applications

- Websites and web applications may be connected to database that may contain personal
data. Ensure that measures have been taken to secure websites and applications against SQL
injections and cross-site scripting attacks, and no unnecessary files containing personal data
is made available online

f) Safeguarding Email Content

- Encrypt the contents of the email to reduce the risk of personal data being compromised

9
Is Personal Data Safe With Your Organization? Electronic Personal Data Protection for Organisations,
https://www.pdpc.gov.sg/-/media/files/pdpc/pdf-files/resource-for-organisation/is-personal-data-safe-with-your-organisation-v1-0.pdf
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Source: PDPC online handbook

Individual Level
To ensure that you are thorough in the complete removal of unwanted data, the following steps can
be supplemented to the usual practice of deleting and emptying the trash bin:
1. Using specific software to overwrite selected file or the entire storage drive
2. Using specialized hardware appliances (degausser machine that produce strong EM fields to
destroy magnetically recorded data)
3. Physically destroying storage device by crushing or shredding the drive

Organisational / Company Level

1. Appointing a Data Protection Officer
- Task an individual with the role of ensuring the organization is compliant with PDPA
 Put in place policies for handling personal data
 Ensure policies are communicated effectively to customers
 Handle queries or complaints about personal data

2. Review Personal Data Inventory

- Understand how, when and where personal data are stored, the purpose of collecting them
and the consent to use them

3. Enforce ICT Security Policies, Standards and Procedures

- Implement policies, standards and procedures that protect personal data, and review them
regularly to ensure they are up to date with the amendments made in business practices or
technological advancement

4. Communicate internally
- Communicate all of the organisation’s data protection policies to all individuals (employees
and 3rd parties)

5. Establish an Internal Audit Policy

- Conduct regular checks to ensure that your organization’s processes are in line with PDPA’s
 A Short Introduction to Data Ethics, its Governance and the Rule of Law

The following is a sample questionnaire, adapted from DataEthics website, that can be used as a
gauge in assessing the integrity of your data governance, or a checklist to create your data ethics
guidelines

________________________________________________________

The Human Being at the Centre

 Is your data processing based on the fact that you borrow data from the users (not owner of their data)?
 Do you ensure that the user’s rights are prioritised, rather than commercial or institutional interests?
 Do you ensure that primarily users benefit from their own data – not just the organisation?
 Do you use privacy-by-design principles, and can you describe them clearly and transparently?

Individual Data Control

On-device processing

 Do you ensure that users’ data – as far as possible – is processed directly on the users’ own device(s)?
 When the processing of data is necessary other than on the user’s own devices, such as your server or a cloud solution, is collected data
not related to an identifiable person?
Profiling

 Do you use profiling? If so, do you allow the user to influence and determine the values, rules and input that underlie the profiling?
Predictions

 Do you use data to predict individual-level behaviour or only patterns?

Transparency
Data Storage

 In which country is your data stored?

 Where is the storage solutions provider headquartered?
 Does the transmission of data go through countries outside of the EU?
Artificial Intelligence

 Do you use machine learning / artificial intelligence? If so, can you explain the algorithms – the criteria and parameters?

Behavioural Design

 Do you use personal data to influence user behaviour?

 Do you ensure that it is transparent when the use of personal data may influence a user’s behaviour?
 Do you ensure that the design does not create addiction and thus influences the person’s self-determination and empowerment?
Open Source

 Do you operate with open source software, so others can use it and possibly develop it further ?

Accountability
Anonymity

 When do you anonymise personal data?

 Do you use end-to-end encryption of data?
 Do you minimise the use of metadata and explain how it is done?
Zero-knowledge

 Do you use zero knowledge as a design principle?

 A Short Introduction to Data Ethics, its Governance and the Rule of Law

Sales of Data

 Do you sell data to third parties?

 Do you sell data as personal identifiable data?
 Do you sell data as patterns on an aggregated level?
 If you sell data, are you making sure that it is fully anonymised information only describing patterns, not individuals?
Data Sharing

 Do you use third-party cookies?

 Does this include SoMe (social media) cookies and SoMe logins?
 Do you use Google Analytics or similar tracking tools?
 If you use third-party cookies, are your users fully aware that your cookie use leads to sharing of data about your users with third parties
and do they agree with it?
Data Enrichment

 Do you enrich data with external data, such as social media data, bought data or web scraping?
 Does this enrichment occur in response to, or in cooperation with, your users?
Organisational Anchoring

 Do you have an individual or a department responsible for the ethical managing of data?
 How is the work with data ethics embedded in the organisation?
 How do you ensure that your data ethics guidelines are respected?
External Control

 Can the processing of data be audited by an independent third party?

 Do you require and and control the data ethics of your subcontractors and partners?

Equality
Public Platforms

 Do you engage in dialogue with your users on a public platform?

 Do you have guidelines for using the platform?
 Do you moderate the platform in order to remove sensitive personal data?
 If your services are offered to children, do you ensure parental consent?
Reuse of data

 Is data used to develop or train an algorithm?

 Do you ensure that the use of data does not lead to discrimination?
 Do you ensure that the use of data does not expose the vulnerabilities of individuals?
Artificial Intelligence

 Do you ensure that the use of artificial intelligence / machine learning is to the benefit of the individual and does not cause physical,
psychological, social or financial harm to the individual?

________________________________________________________