The sentiments “data is the new gold” and “data is the new oil” have floated throughout the business world as data is described as the newest precious resource. But, from our experiences with natural resources in the past, when corporations take too much and hardly stop to consider the ethics of it all, the repercussions are often dire.
It is often hard to reach a common consensus when discussing ethics, as morality differs from person to person. But generally, ethics can be defined as the standards of right and wrong that prescribe what humans ought to do. Just as there are ethics in many professions, data ethics exist as a moral code for gathering and using personally identifiable information. Data ethics principles include ownership, transparency, privacy, intention, and outcomes.
Now, why is data ethics important? In the digital age, we as individuals create tons of data every single day. When organisations use this data in ways that we have not consented to, that infringes our right to privacy.
To delve deeper into the ethical uses of data and the future of privacy regulations, we consulted the Co-Founder of Straits Interactive, Alvin Toh.
Unethical Data Use
If you’ve followed the news as of late you will have seen that Facebook is facing the backlash of their apparent data mishandling. This stems from their lack of transparency over their data collection purposes, which led to the tracking of people on the internet. While Facebook has been in headlines and the topic for many news contents, it doesn’t mean that other organisations aren’t also a part of the problem.
Alvin comments that the acceleration of digitalisation has unwittingly put data collection powers in the hands of organisations within the region. More often than not, third-party vendors hired by these organisations collect the data of an organisation’s customers and share them with other companies within their partner network without the knowledge and consent of the end-user. Most of the time, consumers aren’t even aware of how much of their data has been collected, and their privacy intruded. These means of data collection can cause significant risks to the end-user as personal information can be used to commit fraud.
“In this part of the world, you hear about phishing, bank scams and all, mind you, some of these are not just hit and miss. No, they actually profile certain target segments and then they craft their messages accordingly. Some of these scams become more sophisticated because they were able to obtain some personal data of certain segments of people,” states Alvin.
Regulations Within the Region
The General Data Protection Regulation (GDPR) enforced within the European Union can be said to be the strictest privacy and security law available in the world. With such rules in place, organisations looking to operate within the European Union must adhere to the regulations. In the ASEAN region, data protection regulations have not been at the forefront of priorities for many countries. Until 2019, Malaysia, Singapore, and the Philippines were the only countries with a Personal Data Protection Act (PDPA) in place, followed by Thailand. Indonesia looks to be still in the development phase of its PDPA. Alvin noted that in terms of alignment to the GDPR, the Philippines, Thailand and Indonesia are mapped quite similarly. The Malaysian PDPA is notably not as detailed with its regulations but is currently in revision.
Alvin finds that “as countries become more aligned to a standard for data protection globally, it becomes easier for us to do business and the cross-border transfer of personal data becomes trustable, and that’s the goal.”
Data protection and ethical handling have considerable implications to companies within the region as multinationals looking to do business include standards-based compliance within their contract to ensure good data protection. Singapore and the Philippines have announced their TrustMark standards indicating that countries are now adopting standards-based compliance.
Ethics in Technology Use
When asked how technology can play a role in data protection, Alvin explains that companies need values, namely being respectful, beneficial, and fair to their customers. As the use of AI, machine-learning and other technology buzzwords requires data, organisations should have an ethics committee or someone internally looking at the ethical and legal issues surrounding their adoption of additional technological capabilities that process personal data. These parties within an organisation would look at the impacts of data requirements and permissions on the end-user to ensure that it genuinely does benefit them as app permissions can be a danger, as discussed with Alvin in a previous interview.
In parting, Alvin states, “The advent of more technologies to be implemented in your company really cries for more accountability. I advise especially companies in Malaysia to appoint somebody who is looking at this issue because there will never be a good time to look at it. In different countries where there is a regulation on data protection, there is a data protection officer, some companies have chief ethics officers, get yourself trained so that you can make responsible and ethical decisions on the technologies that you use because the responsibility has magnified due to the sheer amount of personal data now in our hands. The decisions we make based on those technologies need the human heart and human ethics to govern it, not the machine. So, we hope that there will be more of you taking on the role to be more accountable and more responsible corporate citizens even as we digitalise and expand regionally.”
You can educate yourself through ASEAN’s largest data protection community portal, the Data Protection Excellence Network or DPEX. With membership currently free, you can access a multitude of materials, including case studies, latest news, forums and webinars on data protection within the region.