Establishing Data Ethics in the Age of Accountability

When the EU’s General Data Protection Regulation (GDPR) took effect earlier this year, it codified what marketers have known all along: accountability matters, and it’s the defining quality by which consumers measure their relationships with the companies that access their data. The resulting shift in the way companies collect, process, analyze, and share data is not a switch that can be easily flipped. Establishing accountability to comply with regulations like the GDPR is a complex, multistep process that involves multiple teams.

Four steps to establishing data ethics in an age of accountability.

The adoption of the GDPR forced many companies to establish a data ethics practice, particularly those that previously never had to establish verifiable mechanisms of accountability. In Europe, companies fared a bit better as there was a predecessor to GDPR — the EU Data Protection Directive. Businesses with headquarters or a significant presence in Europe were accustomed to complying with a broad data protection law. In the United States, where companies are used to complying with sectoral laws by industry, many were caught on their heels. To avoid GDPR fines, some companies decided to close their European offices, stop doing business there, or turn off access to their websites to traffic coming from the region. While these measures offered quick fixes, they are certainly not the way forward for companies wishing to remain competitive.

The need to codify what it means for businesses to be accountable to their customers and respect their data is not something that only European consumers want. Times are changing quickly in the U.S., as evidenced by the recent passage of the California Consumer Privacy Act, which will become the de facto standard nationally — companies cannot apply a certain standard to the way they use data from California residents to comply with the law while taking a different approach to the rest of the country. Digital is borderless.

There’s a long road ahead for the industry at large to achieve true digital innovation and simultaneously show respect for people and their privacy. Here are four steps that companies can take to move closer to that goal:

Step One: Defining Accountability

To ensure a company remains committed and responsible for everything it does, its leadership must establish, share, and ingrain concrete policies that are easily accessible across the organization.

Defining accountability is influenced by several factors, including legal/regulatory obligations based on the company’s business model; governance responsibilities to demonstrate effective corporate management; and business/corporate values alignment to help ensure policies are followed.

Step Two: Establishing Mechanisms to Put Policies into Effect

A commitment in writing is nothing without the mechanisms to enact it. This can be a challenge in the digital age with the explosion of data. But the time has come for business leaders to think ahead, innovating their mechanisms of accountability at the same speed they innovate new technology.

To get started, marketers should ensure that all stakeholders understand the task at hand. Policies are adopted and followed when stakeholder input is obtained and leaders are consulted in codifying accountability. While the final version of the policy may not reflect input from all stakeholders, it is important that all stakeholders be heard to minimize the potential for unintended consequences.

Step Three: Operationalize Accountability

Just as business leaders must look at the mechanisms of accountability at a macro level, it is essential to go further to ensure no stone is left unturned. As the Cambridge Analytica data scandal and other recent highly publicized events have shown, companies can no longer claim not to have foreseen the misuse of their data and expect to be forgiven by the public.

Companies that want to be successful at innovating at the same speed as earning consumers’ trust must encode the mechanisms of accountability into all of their workflows involving data. This involves paying attention not just to the creation of data, but also its ingestion and analysis. Marketers must ensure they are accountable for all the ways in which data is received on their platforms and the ways they analyze it, whether through artificial intelligence, machine learning, deep neural nets, or other advanced forms of analytics and data science.

Step Four: Ongoing Monitoring

The next challenge in operationalizing accountability is ongoing monitoring of data governance. Although some companies have worked hard to build this functionality into their technology and practices, there is still a long way to go for the industry.

Ongoing monitoring could involve internal audits, which provide independent assurance that an organization’s governance of policies and procedures are operating effectively and being followed. Companies can also take cues from the news cycle. One company’s data hack or misuse of personal data should be a clear call to all businesses to revisit their data policies, assess how data flows in and out of their systems and is used, and enact the necessary safeguards to protect and process data. Regular training of entire staff on current data ethics practices is essential to minimize internal vulnerabilities. Teams should also stay abreast of relevant legislation and follow the codes of practice from self-regulatory groups such as the Digital Advertising Alliance (DAA), the ANA’s Data Marketing & Analytics Division (formerly DMA), and the Interactive Advertising Bureau (IAB).
 
The Fourth Wave of Privacy Regulation

Accountability is a continuous process and a challenging one, to be sure. However, this position is not new for the advertising industry. According to Marty Abrams, chief strategist at the Global Information Accountability Foundation, the industry is entering what he calls the “Fourth Wave of Privacy Legislation” — laws and regulations created for the digital age, which many consider the “Fourth Industrial Revolution.” With each prior revolution, privacy and data laws were also developed and strengthened.

If history is an indicator of what’s to come, the advertising industry will come out of this in a better position. To get there, the good actors in the industry must continue to do what’s right and lead by matching their innovation to their commitment to data ethics and governance, weeding out those who misuse data and harm people. When innovation no longer comes at the expense of data ethics and privacy, then the industry will have truly advanced to a place where data and ingenuity are used for public good.

Sheila Colclasure is the global chief data ethics officer and public policy executive at LiveRamp. You can email her at sh***************@li******.com.