SoBigData Ethics Unpacking Privacy Designing for Responsibility Jeroen van den Hoven Delft University of Technology SoBigData Ethics Unpacking Privacy Designing for Responsibility

Central ‘SoBigEthical’ Questions EU has set higher standards for ethics of research: both in terms of methods, and practices, consequences, but also aims What good is SoBigData Research bringing? Is it producing good outcomes, without producing bad outcomes?

Responsible Data Science Responsible Research Infrastructure

Dutch Consortium (25 meuro application pending)

Fairness Accuracy Confidentiality Transparency

Humanitarian

Two vantage points Responsible Research and Innovation (RRI) Value Sensitive Design

Applied to Research infrastructure RRI: Basic Idea Applied to Research infrastructure

Responsible Research and Innovation A research infrastructure can be said to be “responsible” only if it accomodates data users, controlers and processors involved in bringing about epistemic outcomes as responsible agents, i.e. they must have been enabled (A) to obtain – as much was possible – the relevant information on (i) the consequences of their actions and on (ii) the range of options/alternatives (e.g. data minimization) open to them and (B) to evaluate outcomes and options effectively in terms of relevant moral values (including, but not limited to wellbeing, justice, equality, privacy, openness, autonomy, safety, security, accountability, and efficiency). (C) to use these considerations (under A and B) as requirements for design and development of new functionality, products and services leading to moral improvement

Research Infra: socio-tech systems Actor 4 Social Network Actor 1 Actor 2 Actor 3 Actor 6 SociotechSoc Human 1 Human 2 Human 3 Sociotechnical Network Box: Fill – white Border – Light blue, background 2, darker 75% - 3px Text in box: Dark purple, text 2, darker 25% Lines: Light blue, background 2, darker 75% 3px Technical Network Component 1 Component 2 Component 3 Component 4 Component 5

Value Sensitive Design

Values Built into Systems Interfaces Infrastructures Algorithms Ontologies Code Protocols Integrity constraints Architectures Governance arrangements Identity Management Systems Authorization Matrix Procedures Regulations Incentive structures Auction mechanisms Voting mechanism Monitoring and inspection

Key Problem 21st Century: Value Sensitive Design 5/29/2018 Data sets Models Algorithms Procedures Protocols Encryption Responsibility Privacy Accountability Agency Autonomy Security transparency Express Implement Values Norms Laws Ideals Ethics Principles Artefacts Architectures Materials Standards Security Systems Infrastructure Justify Audit Key Problem 21st Century: Value Sensitive Design 13

High Level supra-functional requirementsl Values hierarchy Values Norms Policies Mechanisms Protocols Design requirements High Level supra-functional requirementsl

Example of values hierarchy Design requirements Norms Values privacy Risk mitigation Coarse graining Data clustering Pseudonymization Accountability Data quality Security

Values 1. Privacy = data protection for moral reasons 1.1. prevention of Harm 1.2. prevention of Exploitation, manipulation, economic disadvantage 1.3. prevention of Discrimination 1.4 Respect for persons and human dignity, moral autonomy   2. Fairness 2.1 Equal Access/openness 2.2 positionality   3. Reliability 3.1. accuracy 3.2. relevance 3.3 veracity 3.4 soundness 4. Responsibility 4.1 transparency 4.2 accountability 4.3 liability 4.4. Agency and control 4.4.1 perspicuous representation of values and choices in Research Infrastructure

Design for X Design for privacy Design for security Design for inclusion Design for sustainability Design for democracy Design for safety Design for transparency Design for accountability Design for responsibility

Design for Responsibility

Design for Responsibility X Holding Y Responsible for Z X Making Y Responsible for Z X Taking Responsibility for Y X Feeling Responsible for Y

Decide about criteria for Responsibility Attribution Responsibility Apportioning Knowledge Intention Control Non coercion Capacity - Fairness - completeness

Determine type of responsibility 1. Causality 2. Blame 3. Accountability 4. Liability 5. Role/task 1. Task Responsibility 2. Negative Task responsibility 3. Supervising responsibility 4. Self Monitoring Responsibility 5. Meta- task Responsibility

Task responsibility 1. Task Responsibility 2. Negative Task responsibility 3. Supervising responsibility 4. Self Monitoring Responsibility 5. Meta- task Responsibilities Obligation to check whether others (or future selves) can see to it that… Obligation to see to it that others (or future selves) can see to it that … Obligation to prevent moral dilemma’s from arising

Roles, Responsibilities Legal roles: Data controller Data processor Governance roles (Ethics Board, SoBigData Governance) SoBigData Researchers ( Final Users, End Users Software provider Data set provider Research infrastructure engineers Executor Secondary Users Decentral governance bodies (ERB participating universities)

Teams

Unpacking Privacy

Privacy: Data protection for moral reasons 5/29/2018 Privacy: Data protection for moral reasons Protecting X

Constrain generating Data Protection Acquiring accessing processing Disseminating Personal Data Data Protection

Privacy: Data Protection for Moral Reasons 5/29/2018 Preventing harm Prevention of manipulation and exploitation, e.g. fairness in markets for personal data Prevention of Discrimination and Contextual Integrity 4. Respect moral autonomy Privacy: Data Protection for Moral Reasons 28

Design for Privacy EX ANTE 1. Informed consent 2. Right to be forgotten 3. Identity Management 4. Reciprocal Privacy 5. Coarse graining, anonymization 5. Sous-veillance, counter veillance EX POST 6. Violation/intrusion detection 7. Big data applications to detect Big data violations of privacy EX ANTE

Responsibility, accountability, privacy, security……… Moral Overload Responsibility, accountability, privacy, security………

Value Pluralism Dependability Usability Resilience Reliability Privacy Autonomy Equity Justice Dignity Wellbeing and Happiness Safety Security Sustainability Health Friendship Solidarity Dependability Usability Resilience Reliability Efficiency Flexibility CONFLICT DILEMMA

Moral Overload Prosperity AND sustainability Security AND Privacy Efficiency AND Safety Accountability AND Confidentiality

5/29/2018 Security Moral Overload 33

No Privacy, no Security (1.0) 5/29/2018 Security No Privacy, no Security (1.0) 34

5/29/2018 Security Privacy or Security (2.0) 35

5/29/2018 Privacy & Security (3.0) 36

Moral axiom If you can change the world by innovation today so that you can satisfy more of your obligations tomorrow, you have a moral obligation to innovate today.

SobigData Ethics

Where can we improve upon older ethical frameworks? Design Stance Better recognition of the difficulties of informed consent; Definition of Personal data Specification of “use limitation” and “purpose specification” Recognizing the potential expansion of identifiability; Anonymization techniques and implementation; Algorithmic ethics/ fairness/transparency/accountability and preventation of discrimination; Perspicuoius representation of data, models, algorithms Making sure we do not forget we are dealing with people and not numbers.

How do we make this concrete? It is only one thing to say that we should safeguard all these principles. It is quite another thing to make sure that these principles are actually embedded into design of the research iunfrastructure. Ethical considerations need to be introduced into: Work flows A knowledge base of best practices Overarching responsibility architecture This cannot be done by ethicists, but will require a shared commitment on the part of everyone involved in SoBigData!

Ethics Board Helen Nissenbaum, NYU Nikolaus Forgó, Hannover Jeroen van den Hoven, TU Delft Dag Elgesem, Bergen, Norway Jeroen Terstegge, DPA Netherlands, Phillips Privacy Officer