​

Institutions should drive data ethics from the top and ensure it is adopted across business functions by building it into their existing governance frameworks

Establish appropriate senior sponsor-driven enterprise governance frameworks

Senior leaders need to be evangelical in their support for ethical data use, but they must also ensure robust day-to-day behaviours

An arms race in lethal autonomous weapons should be avoided.

Risks posed by AI systems, especially catastrophic or existential risks, must be subject to planning and mitigation efforts commensurate with their expected impact.

Cooperation should be actively developed to establish an interdisciplinary, cross-domain, cross-sectoral, cross-organizational, cross-regional, global and comprehensive AI governance ecosystem, so as to avoid malicious AI race, to share AI governance experience, and to jointly cope with the impact of AI with the philosophy of "Optimizing Symbiosis".

Address the question ‘What does the “ethical” use of data look like for your financial institution? What outcome are we trying to achieve?

Knowing clearly for what purpose the data will be used is important both to make the most of this resource and to identify the critical issues that may arise. Moreover, research has found that public support increases if the context for data use is explained and people are able to deliberate on it.32 As it represents a particularly sensitive area, Ethics Officers should make sure they are aware and up to date with what is happening on Big Data within their organisations.

​

Do people understand your purpose – especially people whom the data is about or who are impacted by its use?

How have you been communicating your purpose? Has this communication been clear?

How are you ensuring more vulnerable individuals or groups understand?

​

Set strategic goals to achieve this vision, addressing the far-reaching nature of the current challenges and ensuring data ethics are enforceable, embedded in the organisational culture, continuously applied and improved.

Mere compliance with each of the GPDR and other data protection laws’ provisions is not sufficient for future-proof and technology-responsive privacy policies. Instead, data protection services should be tailored to identify present and future shortcomings in the technological design and application so that data controllers and processors take all the necessary steps to mitigate potential risks for breaching the GDPR. On top of this, ethics accentuates the role of public trust, engagement, transparency and accountability so that data processing meets both the legal requirements and privacy expectations of the public.

Ensuring proportionality in data processing is a fundamental tenet in data protection law. Not only data processing should be based on an appropriate lawful ground under the GDPR, but it should also be proportionate. This means that the anticipated advantages should outweigh the potential risks for data subjects. Moreover, proportionality requires that any data processing activity is carried out in the least intrusive manner for subjects. These assessments require a consideration and evaluation of societal and ethical parameters.

A risk-based approach is endemic to the GDPR, because every data processing activity inherently carries risks for the rights and freedoms of data subjects. Technology may raise concerns about the efficiency and applicability of data protection law. This means that compliance with the GDPR requirements and standards is a continuous obligation and that there is no such thing as static and pre-fixed compliance. With regard to the use of Artificial Intelligence, ethical assessments are necessary to ensure the safe application of AI-based technologies, whose consequences are not always predictable.

Whereas technology radically transforms society and the available services and products, regulators are often a step behind technologies. Therefore, given the regulatory challenges that new technologies raise, organisations should have the necessary resources to bring insights from industry, academia and the public sector and combine the knowledge and resources across sectors to design both the best data protection and research practices. Indeed, it is necessary that organisations analyse and anticipate gaps in privacy policies and specify the policy and regulatory action to be taken to proactively comply with the GDPR. In this regard, organisations should review the current state of the art and anticipate necessary compliance requirements on an ongoing basis, taking into account the legal, societal and ethical parameters of technology. This will enable organisations to design ethics-grounded data protection operations and align their privacy policies with the GDPR.

Given the profound connection between a company’s ethical culture and employee engagement, managers and supervisors should work actively to demonstrate a commitment to ethics, foster open communication, promote ethical role modeling, and encourage accountability.

Higher levels of misconduct and greater perceived pressure to commit a violation equate with lower levels of employee engagement. Therefore, in order to maintain high levels of employee engagement, leaders need not only to set an example but to carefully monitor and manage compliance with corporate ethics standards. All levels of management should be careful not to create work environments where employees perceive that hitting deadlines and meeting revenue goals are the priority regardless of how those goals are achieved.

Consider how the implementation of the AI and big data systems ethics guidelines, and other IT-related ethics guidelines, affects the various dimensions of IT management strategy, including overall objectives, quality management, portfolio management, risk management, data management, enterprise architecture management, stakeholder relationship management. Ensure proper adjustment of these processes. There will be different levels of risk involved, depending upon the application, so the levels of risk need to be clearly articulated to allow different responses from the organisation’s ethical protocols.

​

It is difficult to draw a clear distinction between ethics and law in the current data protection landscape, as the GDPR tends to blur the lines. Complying with the GDPR involves carrying out data protection operations that meet both the GDPR legal and ethical requirements. To this end, ethical assessments should be integrated into the data protection compliance programmes, which should be carried out by experts from various relevant backgrounds and with a holistic understanding of data protection law.

Strategy for beneficial and acceptable use of AI in alignment with business strategy and organizational values. Statement of an organization’s value base and the ethical AI principles to guide its AI development and use.

The Danish wind energy company Vestas – the largest provider of wind turbines in the world – is a frontrunner when it comes to the use of big data. Before Vestas built its supercomputer with 15 years' worth of data on wind and weather, it could take up to 18 months to erect wind turbines which were optimally positioned in relation to wind and wind production. Today, Vestas uses an algorithm to create a statistical basis for decisions regarding the layout of wind turbines; the work is done with the click of the mouse. Drawing on data from 35,000 public stations which supply measurements on over 150 parameters about every 6 hours, Vestas can produce accurate forecasts for long-term energy production at any point on the globe. Big data is also a part of their ongoing service. Sensors on individual wind turbines along with weather data are used to predict the wear and tear – and plan for the turbine's upkeep.

Positive perceptions of an organization’s ethical culture are associated with higher levels of engagement. Furthermore, management’s commitment to ethics is particularly important for employee engagement

Employees who observed misconduct were less engaged than those who did not. In addition, engaged employees are less likely to feel pressure to commit misconduct

Engaged employees are more likely to report misconduct when they witness it, thus reducing the company’s ethics risk.

One alternative to a consequentialist model of responsibility has been to succumb to moral luck (Williams, 1981), to hope that an appeal to unpredictability and an inability to ‘reasonably foresee’ will allow us to escape moral accountability for our actions. Dissatisfaction with both this approach and risk-based regulation has moved attention away from accountability, liability and evidence towards those future-oriented dimensions of responsibility – care and responsiveness – that offer greater potential to accommodate uncertainty and allow reflection on purposes and values

“A transparent, interactive process by which societal actors and innovators become mutually responsive to each other with a view to the (ethical) acceptability, sustainability and societal desirability of the innovation process and its marketable products (in order to allow a proper embedding of scientific and technological advances in our society).”