Skip to main content

Data ethics

What are data ethics?

Data ethics are meant to evaluate data practices, with a focus on problems posed by the collection and analysis of personal data.   

Ethics reflect well-founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues. 

Data ethics explore potential harm to others’ rights, freedoms, security and privacy that could be caused by collecting, using and sharing their data; and what should be done to mitigate it.  

Data ethics vs data laws

Data laws tell you what your company can and cannot do with data. Data ethics are meant to help you understand what you should or should not do with data and why.  

Understanding data ethics will make complying with data laws easy and intuitive. When making use of other people’s data, get in the habit of asking yourself: ‘Is this the right thing to do?’ and ‘Can we do better?’ 

Data ethics principles

Here are a few basic principles of data ethics you should keep in mind when handling someone’s personal data: 

  • Ownership
  • Transparency
  • Privacy
  • Intention
  • Impact/Outcome

Now, let’s take a closer look at each principle: 


Who owns the data? There is an easy answer to this question, and it has been written into most data regulations. The rights to personal data belong to the individual, i.e., the data subject. So, don’t take someone’s data without asking.


People who share their data with you have a right to know how you plan to collect, store, and use it. Know your own processes, outline them in your privacy policy and be prepared to explain them in more detail if requested.  


Someone may be willing to share their PII with you in order to receive your products or services, but they may not want that data made public or shared with others. Consider who/what departments in your organization really need access to personal data.  


If your intention is to hurt someone, profit from their weaknesses, or any other malicious goal, it’s not ethical to collect their data. When you collect personal data, you should have a good reason to do so, and then only use the data for that purpose. 


Even if you have good intentions, consider possible negative outcomes, and their impact on others. if you end up losing or leaking someone’s data, it could do them harm. Besides the obvious risk of identity theft, personal or sensitive data in the wrong hands could create an unfair bias against a person or embarrass them. 

Discuss data ethics as a team/company. When you consider starting a new data processing activity or collecting/using personal data in a different way, be sure to ask yourself the two questions we mentioned earlier: ‘Is this the right thing to do?’ and ‘Can we do better?’ 

Data ethics benefits for companies

Of course, “Virtue is its own reward”, but prioritizing data ethics is also just good for business. Here are two benefits of data ethics for companies: 

  1. You earn customer trust when you show people you prioritize their privacy and protect their data rights. 
  2. When you and your team understand and respect data ethics, GDPR compliance becomes simple and intuitive. 

These two factors can translate directly to your company’s bottom line, by preventing GDPR fines, saving administrative costs and reducing customer churn. 

Data ethics and customer trust

Data ethics and customer trust

The relationship between data ethics and customer trust doesn’t need much explanation. People are more aware than ever of their data rights and the dangers of sharing their data with unscrupulous companies.  

Your customers have options when it comes to who to give their business and money to. Showing good data ethics can help you stand out from the crowd and give you a competitive edge. 

Data ethics and GDPR principles

Ethics can become the basis for principles, and principles are the basis for laws. 

Data ethics and GDPR principles

This is especially true of the GDPR, which effectively legislates data ethics. The text of the GDPR begins by defining its objective this way: 

“This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”

GDPR Chapter 1 Article 1 pp 2 

Then, it continues in Chapter 2 by listing GDPR principles for data collection and processing, which require you to: 

  1. Process personal data lawfully, fairly, and with transparency.   
  2. Only collect personal data for specified, explicit, and legitimate purposes.  
  3. Limit (minimise) the personal data you store to only what is needed. 
  4. Keep personal data accurate and up to date.  
  5. Delete personal data you no longer need + implement appropriate technology and policies to safeguard data subjects’ rights and freedoms.
  6. Protect data against unauthorised or unlawful processing and accidental loss, destruction or damage with appropriate technical and organisational measures.

And finally, your company is responsible (accountable) for complying with all the above. This becomes painfully evident for companies that get fined for GDPR violations. Accountability is a key point of difference between data laws and ethics. Ethics won’t fine you, but data regulators will. 

Even if you understand data ethics and intend to put them into practice, how can you be sure you and your employees do so consistently? How can you show your customers (and the authorities!) that you are a data ethical company? 

Want more free data privacy tips?

Get the latest data privacy management news, trends and expert tips delivered straight to your inbox.

    Data ethics vs. low data visibility

    Just like a dark alley is a great place to get mugged, dark data and low visibility on your data in general increase the risk of breaches and leaks exponentially.  

    Low visibility of your data is the enemy of data ethics, compliance and privacy protection. Turning a blind eye to potential privacy risks; not knowing or being careless about where people’s personal data is stored and who has access to it is simply unethical. You are putting people’s privacy at risk, and again, you could be fined for it. 

    Instead, use data inventory tools to track and monitor all the personal data you store. DataMapper’s AI shines a spotlight on the personal data your company stores and makes it easy to monitor, minimise, and protect it. 

    Just having visibility of all your sensitive data is a huge step towards ethical data processing and compliance. 

    Data ethics = Easy compliance

    We suggest you start by using DataMapper to find your personal data across all your storage locations.  

    Then, look at the personal data, see where it is stored, how long you’ve had it, and who has access to it.  

    When deciding where you can improve, remember the main principles of data ethics:  

    • Ownership
    • Transparency
    • Privacy
    • Intention
    • Impact/Outcome 

    Get your employees involved by inviting them to connect their storage locations to DataMapper. You’ll be able to monitor everyone’s company storage from one dashboard, while each person can review their own storage practices.

    Try DataMapper→ 

     Next, give your employees an easy way to share and collect data safely, with encryption and make sure they understand the importance of using it every time they share or request personal data.

    Try ShareSimple→ 

     When someone asks for more information about how you collect, store, and protect their data, respond promptly with

    Try RequestManager→  

    Discuss data ethics as a team, and review data ethics principles periodically. Always ask ‘Is this the right thing to do?’ and ‘Can we do better?’ 

     It’s impossible to 100% eliminate the risk of data breaches and fines, but there is a lot you can do now to mitigate risk, protect people’s privacy, show good faith, and demonstrate compliant privacy practices. 

    We’d be happy to talk to you about your company’s needs.

    Contact us → 

    Sebastian Allerelli

    Governance, risk, and compliance specialist