Dagstuhl Seminar 14052
Ethics in Data Sharing
( Jan 26 – Jan 31, 2014 )
Permalink
Organizers
- Sven Dietrich (Stevens Institute of Technology, US)
- Mireille Hildebrandt (Free University of Brussels, BE)
- Aiko Pras (University of Twente, NL)
- Lenore D. Zuck (University of Illinois - Chicago, US)
Coordinator
- Julie E. Cohen (Georgetown Univ. - Washington, US)
Contact
- Annette Beyer (for administrative matters)
ACM’s ethical guidelines (as well as IEEE’s) are almost two decades old. The most relevant points to data sharing it makes are “Avoid harm to others” and “Respect the privacy of others.” The consequences of not complying with the code are “Treat violations of this code as inconsistent with membership in the ACM” while “Adherence of professionals to a code of ethics is largely a voluntary matter.”
In fact, in the current legal system, ethical behavior “doesn’t pay.” Such guidelines are insufficient for the numerous professionals working for corporations where privacy policies are dictated more by a company than by its employees. Nowadays, we have little control who receives our Personally Identifiable Information (PII), what PII they receive, where collected PII is transferred to, and what is the source of (mis?)information others have on us. This is especially alarming with the rapid progress of data mining, the constant discovery of flaws in data anonymization/sanitization techniques, and the vast amount of electronic data that exists. It is beyond the ability of a layperson to understand the privacy policy of organizations and their consequences on the individual.
The situation is even more serious when data is shared and disseminated among different countries that naturally have different ethical codes and policies for dealing with privacy issues concerning data sharing. Data transfer has no borders, hence, neither does data sharing, which renders ethical data sharing all the more challenging.
However, the recent EU proposals to update the legal framework of the Fair Information Principles, precisely with an eye to the emergence of hyperconnectivity and ubiquitous data analytics, has introduced the notion of Data Protection by Design. This may provide strong incentives to introduce purpose binding, informed consent, minimal disclosure and profile transparency into the design of the relevant computing systems.
The seminar will bring in researchers from all disciplines that involve data sharing across borders with ethical implications. The main focus will be on Computer System Security data and Electronic Medical Records. It is our intention to derive and implement a number of conclusions. At least, we expect to come up with some suggestions of code of ethics for computer professionals (including researchers) that will elaborate on existing codes in terms of data sharing. We hope the participants can come up with some agreement of what ideal regulations should be, how they can be implemented, and how they can remain current. Ideally, the participants can come up with specific call for actions for companies, organizations, and legislators.
ACM's ethical guidelines (as well as IEEE's) are almost two decades old. The most relevant points to data sharing it makes are "Avoid harm to others" and "Respect the privacy of others." The consequences of not complying with the code are "Treat violations of this code as inconsistent with membership in the ACM" while "Adherence of professionals to a code of ethics is largely a voluntary matter."
In fact, in the current legal system, ethical behavior "doesn't pay." Such guidelines are insufficient for the numerous professionals working for corporations where privacy policies are dictated more by a company than by its employees. Nowadays, we have little control who receives our Personally Identifiable Information (PII), what PII they receive, where collected PII is transferred to, and what is the source of (mis?)information others have on us. This is especially alarming with the rapid progress of data mining, the constant discovery of flaws in data anonymization/sanitization techniques, and the vast amount of electronic data that exists. It is beyond the ability of a layperson to understand the privacy policy of organizations and their consequences on the individual.
The situation is even more serious when data is shared and disseminated among different countries that naturally have different ethical codes and policies for dealing with privacy issues concerning data sharing. Data transfer has no borders, hence, neither does data sharing, which renders ethical data sharing all the more challenging.
However, the recent EU proposals to update the legal framework of the Fair Information Principles, precisely with an eye to the emergence of hyperconnectivity and ubiquitous data analytics, has introduced the notion of Data Protection by Design. This may provide strong incentives to introduce purpose binding, informed consent, minimal disclosure and profile transparency into the design of the relevant computing systems.
The seminar brought in researchers from all disciplines that involve data sharing across borders with ethical implications. The main focus was on Computer System Security data, with consideration for Electronic Medical Records. We derived a basic model for data sharing, and came up with some suggestions of code of ethics for computer professionals (including researchers) that will elaborate on existing codes in terms of data sharing.
- Jon Callas (Silent Circle - San Jose, US) [dblp]
- Georg Carle (TU München, DE) [dblp]
- Julie E. Cohen (Georgetown Univ. - Washington, US) [dblp]
- Sven Dietrich (Stevens Institute of Technology, US) [dblp]
- Ronald Leenes (Tilburg University, NL) [dblp]
- Aiko Pras (University of Twente, NL) [dblp]
- Volker Roth (FU Berlin, DE) [dblp]
- Peter Y. A. Ryan (University of Luxembourg, LU) [dblp]
- Jürgen Schönwälder (Jacobs Universität - Bremen, DE) [dblp]
- Darren Shou (Symantec Research Labs - Culver City, US) [dblp]
- Anna Sperotto (University of Twente, NL) [dblp]
- Radu State (University of Luxembourg, LU) [dblp]
- Burkhard Stiller (Universität Zürich, CH) [dblp]
- Jeroen van der Ham (University of Amsterdam, NL) [dblp]
- Roland van Rijswijk-Deij (Radboud University Nijmegen, NL) [dblp]
- Aimee van Wynsberghe (University of Twente, NL) [dblp]
- Da-Wei Wang (Academica Sinica - Taipei, TW) [dblp]
- Sam Weber (Software Engineering Institute - Arlington, US) [dblp]
- Lenore D. Zuck (University of Illinois - Chicago, US) [dblp]
Classification
- security / cryptology
- society / human-computer interaction
- world wide web / internet
Keywords
- Ethics
- Data Sharing
- Data Dissemination
- Ethics across borders
- Anonymization
- Sanitization