Ethical and Legal Challenges in the Collection, Management, and Use of Information and Technologies

Questions
1)  From your perspective what are the major ethical and legal challenges and risks for abuse that we must keep top of mind in the collection, management, and use of information and technologies overall—and in the public arena specifically? 
2)  Suggest guidelines to help prevent unethical uses of data in general and especially in the public sector.

Answer
1. Ethical Challenges
The rapid development of information technology has led to situations of increased uncertainty and the definition on how existing rights apply to new technologies. This has led to a consideration of an information society framework for the protection of the individual in regards to privacy, data security, accountability, and the right to access on the occasion of the widespread collection and identification of personal information.
Privacy is a right that individuals and groups can have control over the extent, timing and circumstances of sharing themselves with others. The freedom from unreasonable and unwarranted intrusion into our private lives is now recognized as a fundamental human right. Data security is the right of individuals and organizations to be assured that their data and the systems processing it are secure and not accessible to third parties. Measures used to ensure data security include confidentiality (limiting access to information), integrity (maintenance of accuracy and consistency of data over its life), authenticity, and privacy.
Concerns about ethical implications of information and technology are spread out within this field, but the main concerns are concentrated around issues regarding individual rights, fairness, accountability, and the impact on society. What information should a person or an organization have the right to keep to themselves? What data about others should they be required to share? What is an equitable distribution of resources and access? How can the rights and interests of various individuals and stakeholder groups be safeguarded? And just who is being well served by information technology?
1.1. Privacy concerns
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal information selectively. The essay’s focus on privacy centers on the increasing move by governments and business organizations to use computers to store data about individuals. The computer has led to a growing move towards the use of personal data as computers are very effective record keepers. Using the Internet, vast amounts of personal data can be retrieved and even more personal data can be gleaned, often without the knowledge of the person concerned. This often results in the inference of information about an individual who would prefer to remain anonymous. The storing and accessing of personal data can result in damaging disclosures about an individual. There are numerous ways in which privacy stands to be eroded in the information age. For instance, electronic surveillance using powerful surveillance technologies has great potential for invasions of privacy. Data matching is a technique used to compare two sets of data, such as the list of names on a payroll and the list of names receiving welfare benefits, in order to determine if there is any correlation between the two. If data is stored on an individual in both these sets of data, it is highly likely that there will be a disclosure of personal information in such a scenario. Though data matching can be a useful tool, it can threaten privacy and in some cases can lead to discrimination. National ID cards can also have a dramatic impact on privacy with centralized databases to store personal information. An ID card often becomes a requirement to access services and without it, an individual may be denied access to services to prevent the use of someone else’s card. This may create a situation of ID apartheid for the disadvantaged who are less likely to retain possession of a card. With technology constantly advancing, there are now ID cards being developed with biometric information such as facial details and fingerprints. These details, which are unique to each individual, bring about new privacy issues. High-quality photographic and digital imaging technologies allow for the covert and high-quality capture of someone else’s biometric details, and if this information is ever captured and stored about a person who is unaware, there has been a serious privacy violation.
1.2. Data security risks
Data is a representation of the world. In some cases it is used to model complex systems or to assist in decision making. For example, climate data is used to model future climate states. Market trends are used to make financial predictions. In these cases it is often difficult to verify the data thoroughly and in general, there are many different possible uses of data. Often individual interpretations of data may vary from the actual context or intent of the data. In the case of climate models, it may be impossible to foresee whether or not an interpretation of model output is correct given that climate states are inherently unpredictable and the model itself could contain errors. High impact decisions can be made on uncertain data that can lead to the perpetuation of errors and biases. This is known as methodological bias. In other cases, the data itself may carry biases or other undesirable assumptions. An example would be the use of race as an identifier in medical decision making. Failing to account for social constructs of race and genetic variation can lead to incorrect inferences from the data and ultimately, race may become a deciding factor in choices of treatment. These cases show a variety of ways in which data and its use can lead to biased outcomes. Often the bias is unintended and is usually a result of the neglect of ethical considerations in the early stages of information system design. Owing to this, bias is an issue that overlaps with many other ethical challenges of information and technology.
Another ethical challenge involves data security. In a digital society, the collection, flow, and processing of information is done electronically. This may result in theft, unauthorized access, loss of information, and the like [23]. The security and integrity of data is essential to any information system. For example, electronic health records are becoming a standard feature of medical practices; the information in these records must remain confidential and available only to those with authorized access. Despite this, electronic health records are subject to hacking and other forms of information loss. Data breaches can result in severe consequences for affected individuals and organizations. Loss of personal information can result in identity theft or in severe cases, it may pose as a threat to personal and public safety. The loss of financial information can have harmful effects on an organization’s clients and result in an organization’s loss of revenue. Steps must be taken to ensure that the privacy and integrity of data is maintained. This means that information systems must be resistant to various forms of threat, quick to recover from data loss, and must provide fail-safes for information in transit. Making systems “highly secure” in this context is easier said than done and is not always cost effective or convenient. This is a risk-benefit issue that will be a recurring theme in dealing with ethical challenges of information and technology.
1.3. Unintended bias in algorithms
Mentions about solving the problem of bias in algorithms through ethical behavior might seem naive in the light of quick movements in the nature of production and use of algorithms. Efforts to increase ethical behavior in algorithm design may not solve the more fundamental problem of how to specify what we want, to a system, without having undesirable effects in the real world. This is a problem that is only going to get more acute. As the parts of our lives that we hand over to data analysis increase, the systems being used are going to come to be seen as controlling the opportunities open to people. A famous example, from the early days of web advertising, is that of an optician who discovered that his ads were not being shown to people in high income neighborhoods, because the analysis of who would be willing to spend money on glasses had incorrectly identified the target group. At the time all this meant was that the optician got low rates for ad space, but in general such behavior can have damaging effects and can be hard to identify, especially as it might not be clear to human decision makers what the system is doing. An improperly specified algorithm for sorting CVs according to quality destroyed prospects for minority job applicants in the US by generalizing from the fact that some of the worst CVs were from minority graduates. In other cases, a system can potentiate existing social biases by affecting decisions that are based on its predictions, as is feared in criminal sentencing if judges start to use the output of risk assessment algorithms.
1.4. Potential for discrimination
The development of data science technology for the supporting of decision making, automatically conducted by sophisticated learning software called algorithm, should bring benefits to individuals. In addition, with the employment of data science in numerous fields now will give assessment and decision for individual’s better than hiring explicit human that may involve personal feeling of the assessor. Despite that, algorithm may yield certain decisions that are merely based on sensitive attributes, not because of the relevance with a person’s ability, skill, or other legitimate reasons. Machine learning algorithm is designed to learn from data and optimize an objective function to find a correct answer, thus the relation between an input (data regarding an individual) into an output (assessment or decision) sometimes it’s difficult to be detected and it’s called as indirect discrimination. This is a new problem in comparison to the pre-data science discrimination such as in employment opportunity, housing, provision of goods or services, and education, thus far legislation in United States, Canada and European Union do not directly proscribe indirect discrimination. Simulation study by Mitchell and Brynjolfsson (2019) reveals that altering the vocabulary in job ad postings can influence the click rates of majority group and minority group of race, where the part of minority group can be less interested in the job advertisement. This is an utilization of artificial intelligence to assess potential employees, with machine learning algorithm learning from the ad postings to the behavioral data of potential employees, it’s very likely the algorithm will replicate the ad employer’s message to the assessment result on minority group in hope to find individuals possessed the attributes shown in active ad respondents, which in reality it’s a mind conditioning in order to get job at a disadvantages price. This may eventually cause litigation to the employer if the ad respondents succeed to prove the causation of an adverse action. Another example is a case of race and ethnicity prediction using facial recognition. Although this research aims to help minority group in preventing discrimination and improving health care and social services quality, a tool that simply based on prediction without prevention to avoid creating biased results still has controversial ethical issues. High rate of predictive error can cause classification into the wrong group, and it’s not impossible the researcher release this tool first to the small number of people without noticing the tool’s effectiveness to the actual benefit. Nevertheless, it’s a decline proposal from a vendor who develops a data science system to equalize the prediction error rate with a prevailing rate. This means the system only works to a case with a crime prevalence at certain race, but this raises the question does minority group will forever have a burden for crime prevalence indication and is it true that it will benefit them.
1.5. Lack of transparency in data practices
Whether the data is being shared or analyzed, there is often a lack of clarity or oversight of the data handling and processing chain. Ultimately, many organizations want to keep their data practices undisclosed to gain a competitive advantage, or in some cases, to prevent the implementation of effective public scrutiny or consumer resistance. But often the practice is ambiguous even to those directly involved. Data is a valuable asset and its value is increased when it is shared, however data sharing practices can result in a loss of control over data once it has been released. For example, in the NHS IT outsourcing deals of the early 2000s, it was identified that the contract specifics had been unclear and this had allowed for widespread data sharing and commingling between companies and healthcare organizations, showing that even in a highly regulated industry, lack of clarity in data practices can result in a concession of data control. This loss of control can compromise the individual’s privacy and rights regarding the data in question. Often it is unclear what the data will be used for and whether there is potential for a change of data ownership that might result in future usage that is unrelated to the initial instance of data collection. In contrast to this, some instances of lack of transparency are less a result of unclear intentions and more to do with insufficient technological development in methods for data tracking and monitoring. With the increase in complexity of data storage structures and the rise of distributed systems, it is not always easy for an organization to map the journey of its own data and ensure that it does not lose oversight of its location and usage. While this benefits the data in question as it essentially becomes ‘lost’, this can be a disadvantage for the organization or individual who owns the data, as they may be unaware of any breaches of data protection legislations and their data rights.
2. Legal Challenges
2.1. Compliance with data protection laws
2.2. Intellectual property rights
2.3. Jurisdictional issues
2.4. Liability for data breaches
2.5. Legal implications of data misuse
3. Risks for Abuse in the Public Arena
3.1. Manipulation of public opinion
3.2. Surveillance and invasion of privacy
3.3. Targeted advertising and marketing
3.4. Exploitation of personal information
3.5. Cyberbullying and online harassment
4. Guidelines for Preventing Unethical Uses of Data
4.1. Clear data governance policies
4.2. Informed consent and opt-out options
4.3. Regular data audits and risk assessments
4.4. Ethical training and awareness programs
4.5. Collaboration with regulatory bodies
5. Guidelines for Preventing Unethical Uses of Data in the Public Sector
5.1. Transparent data collection and use practices
5.2. Strict adherence to data protection laws
5.3. Independent oversight and accountability mechanisms
5.4. Safeguards against data breaches and leaks
5.5. Public engagement and participation in decision-making processes