Every piece of research contains data whether qualitative or quantitative. How that data is derived and used varies from case to case. With increasing time pressures and a need to validate assumptions, there is growing concern that sound ethics are seen as a luxury but as a recent discussion at IDS concluded, good data ethics are essential if research is to have meaningful impact on lives.
When researchers, MEL officers, funders and NGO workers recently came together at IDS to discuss how to better engage with participatory and systemic data, the room buzzed with energy around the issue of ethics. As part of the Demonstrating Active Data project, the group discussion led to the sharing of experiences of good and bad practice in data management. We considered how we can maintain the integrity of raw data as it travels through layers of interpretation, analysis and packaging. Crucially, we also discussed whether affected communities are truly aware of how their information is being used.
Data ethics in practice
With regards to data ethics we discussed issues of protection with regard to sharing and storing data; obtaining authentic ‘informed consent’ through dialogue (not a script or a check box); and validating the data collected and surfacing its meaning with the people who provided that information. Good examples were shared and in principle, it was clear that project staff often plan on giving affected populations opportunities to validate our interpretations of the information they have offered. However in practice, there can be issues of time and funding to do this properly, leading us to question whether ethical considerations are falling by the wayside? At the heart of participatory research is the belief that the involvement of affected communities is not limited to validation, but that follow-up action and synthesis centres around their needs, not the needs of the researcher.
When time and funding are restricted, it shouldn’t have to feel like a choice between ethical development practice and delivering project outputs, yet it often is. Data ethics should shape project timelines, logistics and funding, not the other way around. Ethical data management should be embedded into everyday practice, but, despite our best intentions, what happens when it is not? How do we react when we feel in our bones that there has been a (mis)handling of data, and we’re not doing right by those who provided the data? Can we be bold enough to challenge colleagues, partners and funders in these situations?
Data ethics – a job worth doing
Our discussion was exciting as this topic clearly struck a chord with everyone at our event. There was a consensus in the room that generally we could trust ourselves and our colleagues to voice uneasiness around data management practices. But what happens when we leave our echo chambers and work with those who don’t share the same values? In those cases, who do we turn to for support within our organisations?
One colleague reflected that there are many different job descriptions in the international development sector which include data ethics as a footnote, or as a voluntary element to a role, but there is a real lack of institutionally-embedded expertise in the form of full-time data ethicists. This side-lining of ethics in turn can cause critical elements of ethical principles, such as validation workshops, to feel voluntary or unrealistic given timeframes and funding restrictions.
On top of all of this is also growing legislation put in place to safeguard. In May 2018 for example. changes to EU regulations will see the introduction of the General Data Protection Regulation (GDPR), . This will mean that public authorities and organisations that handle large quantities of personal data will be required to appoint Data Protection Officers who will be responsible for advising colleagues on GDPR and other data protection regulations. These Data Protection Officers will be the first point of contact for individuals who are concerned about the use of their data and for supervisory authorities.
However, who do we turn to when data management complies with regulations, but doesn’t quite feel ethical or participatory? Could we also make the role of data ethicist mandatory- someone who could help us challenge bad practice? They would be able to take the time to understand a particular context, instead of using a one-size-fits-all approach. A data ethicist empowered by their organisation would also be able to act as an intermediary across power dynamics within institutions, giving a voice to those who might not have the confidence or conviction of someone higher up the ladder.
In the race between technology and regulation
We also need to consider how policies and procedures can adapt in order to maintain relevance and accompany the rapid pace of technological innovation. How do we ensure institutional policies for ethical data management can keep up? For example, the use of artificial intelligence in public arenas, such as criminal justice, is accelerating. The AI Institute Now attributes this to improved algorithms, increased networked computer power and crucially, the ability to capture and store enormous quantities of data. The same speed can’t be claimed for data protection regulation: it is taking three years for the GDPR to come into force.
In assuming that we can responsibly use technology and data with Data Protection Officers alone, we are setting ourselves up for a fall. We do not know what is around the corner. We need to tether ourselves to principles rather than regulation to try and keep up with technology as it evolves. Bearing the responsibility for data ethics shouldn’t be voluntary or a footnote to a job description. We need to raise the profile of data ethics in the development sector by pushing for full-time data ethicists who would support us as technology evolves beyond regulation.