Skip to main content

What are data ethics?

Data ethics are meant to evaluate data practices, with a focus on problems posed by the collection and analysis of personal data. Ethics reflect well-founded standards of right and wrong that prescribe what humans ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific virtues. Data ethics explore potential harm to others’ rights, freedoms, security and privacy that could be caused by collecting, using and sharing their data; and what should be done to mitigate it.

Data ethics and data laws

Data laws tell you what your company can and cannot do with data. Data ethics are meant to help you understand what you should or should not do with data and why. Understanding data ethics will make complying with data laws easy and intuitive. When making use of other people’s data, get in the habit of asking yourself: ‘Is this the right thing to do?’ and ‘Can we do better?’

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

Data ethics principles

Here are a few basic principles of data ethics you should keep in mind when handling someone’s personal data: 

  • Ownership
  • Transparency
  • Privacy
  • Intention
  • Impact/Outcome

Now, let’s take a closer look at each principle: 

Who owns the data? There is an easy answer to this question, and it has been written into most data regulations. The rights to personal data belong to the individual, i.e., the data subject. So, don’t take someone’s data without asking.

People who share their data with you have a right to know how you plan to collect, store, and use it. Know your own processes, outline them in your privacy policy and be prepared to explain them in more detail if requested.  

Someone may be willing to share their PII with you in order to receive your products or services, but they may not want that data made public or shared with others. Consider who/what departments in your organisation really need access to personal data.  

If your intention is to hurt someone, profit from their weaknesses, or any other malicious goal, it’s not ethical to collect their data. When you collect personal data, you should have a good reason to do so, and then only use the data for that purpose. 

Even if you have good intentions, consider possible negative outcomes, and their impact on others. if you end up losing or leaking someone’s data, it could do them harm. Besides the obvious risk of identity theft, personal or sensitive data in the wrong hands could create an unfair bias against a person or embarrass them. 

Discuss data ethics as a team/company. When you consider starting a new data processing activity or collecting/using personal data in a different way, be sure to ask yourself the two questions we mentioned earlier: ‘Is this the right thing to do?’ and ‘Can we do better?’ 

Data ethics benefits for companies

Of course, “Virtue is its own reward”, but prioritising data ethics is also just good for business. Here are two benefits of data ethics for companies: 

  1. You earn customer trust when you show people you prioritise their privacy and protect their data rights. 
  2. When you and your team understand and respect data ethics, GDPR compliance becomes simple and intuitive. 

These two factors can translate directly to your company’s bottom line, by preventing GDPR fines, saving administrative costs and reducing customer churn. 

Data ethics and customer trust

Data ethics and customer trust

The relationship between data ethics and customer trust doesn’t need much explanation. People are more aware than ever of their data rights and the dangers of sharing their data with unscrupulous companies.  

Your customers have options when it comes to who to give their business and money to. Showing good data ethics can help you stand out from the crowd and give you a competitive edge.

Data ethics and GDPR principles

Ethics can become the basis for principles, and principles are the basis for laws. This is especially true of the GDPR, which effectively legislates data ethics. The text of the GDPR begins by defining its objective this way:  “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” – GDPR Chapter 1 Article 1 pp 2

Then, it continues in Chapter 2 by listing GDPR principles for data collection and processing, which require you to: 

  1. Process personal data lawfully, fairly, and with transparency.   
  2. Only collect personal data for specified, explicit, and legitimate purposes.  
  3. Limit (minimise) the personal data you store to only what is needed. 
  4. Keep personal data accurate and up to date.  
  5. Delete personal data you no longer need + implement appropriate technology and policies to safeguard data subjects’ rights and freedoms.
  6. Protect data against unauthorised or unlawful processing and accidental loss, destruction or damage with appropriate technical and organisational measures.

And finally, your company is responsible (accountable) for complying with all the above. This becomes painfully evident for companies that get fined for GDPR violations. Accountability is a key point of difference between data laws and ethics. Ethics won’t fine you, but data regulators will. 

Even if you understand data ethics and intend to put them into practice, how can you be sure you and your employees do so consistently? How can you show your customers (and the authorities!) that you are a data ethical company?

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Data ethics and low data visibility

Just like a dark alley is a great place to get mugged, dark data and low visibility on your data in general increase the risk of breaches and leaks exponentially.  

Low visibility of your data is the enemy of data ethics, compliance and privacy protection. Turning a blind eye to potential privacy risks; not knowing or being careless about where people’s personal data is stored and who has access to it is simply unethical. You are putting people’s privacy at risk, and again, you could be fined for it. 

The easy road to data ethics

At SafeOnline we develop tools that make companies able to process personal sensitive data in a way that is both ethical and complies with data regulation laws. Check out our tool here:

DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit