Skip to content
Get in touch
  • Technology & data

Ethical data sharing: Context, consent and codes of practice

Article 4

by Paul Clough

What are the implications of working with third parties when it comes to ethical data sharing?

The principles for ethical data sharing are as diverse as the concerns that need to be addressed. In public health, for instance, sharing data helps researchers, whose discoveries can then help professionals improve the health of patients. In general, the law suggests that data protection does not prevent data sharing if it's in the public interest or, if the data is being shared for commercial reasons, is proportionate.

The lawful basis for sharing personal data can come from the UK General Data Protection Regulation or the Data Protection Act 2018. This can be a complex area, and it’s worth checking the ICO Data Sharing Code of Practice and its lawful basis interactive guidance tool before sharing personal data outside your organisation. 

In short, organisations must be able to identify at least one lawful basis for sharing personal data and demonstrate that they have fully considered this before data is shared. 

Data sharing ethics considerations

1) Anonymising shared data

Under GDPR rules, businesses are the curators of the data they collect and, therefore, must work to safeguard it. Provided there is a legal basis for sharing, the biggest threat to consumers from data-sharing projects is data re-identification (the ability to piece together select data to find its source). While full data anonymisation is practically impossible to attain, there are several steps and methods that may help.

Ask yourself: 

  • How could data points be combined to identify individuals directly?
  • How could data be used as a proxy to identify private information (eg, religion)?
  • Is the dataset big enough? When creating statistics, are enough people involved to ensure the data does not correspond to an individual?
  • Could you achieve your objective by sharing less personal data?

2) Collective responsibility in data sharing

Organisations might share data with each other to produce new tools or better services for their customers. While companies must meet GDPR’s legal basis for sharing data, there are further ethical questions they should ask.

Ask yourself: 

  • How will the end user benefit from the joint data-sharing project? 
  • What’s the minimum amount of data you could share to achieve your aims?
  • How ethical is the data-sharing partner? Any history of poor data practice?
  • How will you take responsibility for any data breaches?

Data sharing agreements set out the purpose of data sharing, cover what happens to the data at each stage, set standards and help all the parties involved be clear about their roles and responsibilities.

3) Communicating data honestly and clearly

Ethical questions around sharing can also include how data is presented and visualised. Some issues to consider around data visualisation include usability and accessibility, ethics and trustworthiness, attributes of good and bad visualisations, graphical and visual literacy and selection of tools for producing data visualisations. 

Aesthetics must be considered when making any visualisations or charts as accessible as possible, but ethical issues extend further. 

Are you presenting your findings honestly, and are you making the insights they contain accessible to everyone? 

Ask yourself: 

  • Does your presentation of the data mislead the viewer or obscure the results?
  • Is the information you're sharing easily interpretable to everyone? 
  • What could you do to improve accessibility?

Case study: exploiting a crisis

In 2021, Politico reported that the non-profit hotline for crisis intervention, Crisis Text Line, was sharing user data with its sister (for-profit) company, Loris.ai, to improve its customer service optimisation software. 

Despite being fully legal, sharing and monetising data from conversations with people in distress was seen as a gross breach of data-sharing ethics, prompting a request to cease the activity from the US’s Federal Communications Commission. 

The incident also raised further questions: Who would be checking and regulating the use of this data by Loris? Was this data usage made clear at the collection stage? Crisis Text Line suspended data sharing with Loris.ai in 2022. 

Our ethical data sharing tips: 

 

Paul Clough's avatar

Paul Clough

Head of Data Science and AI

Contact Paul