Principle 8: Accountability

About Seluxit

Principle 8

The Principle of Accountability

Be Accountable

Any company that collects and uses personal data should be accountable to its data subjects and the society around it. But what does it mean to be accountable in a data context?

≪ Principle 7 Principle 9 ≫

The Principles of Data Ethics

So what exactly is Seluxit doing about data ethics? Seluxit has taken the initiative to employ a PhD student in the field of philosophy with a specialization in ethics, and is writing a collection of principles of data ethics.

These principles have general application but stem from questions that arise in our daily work. The principles will serve to guide the decisions we make in our work. The principles, which can be browsed here on our website, are being published in a series.

What is Accountability?

Simply put, accountability has to do with taking responsibility for one’s actions and the consequences thereof. In a data context, it often means being able to explain and justify how, when, what and why data is collected. Legally speaking, a company must take certain organisational measures to answer these questions, and demonstrate that it complies with the relevant laws and regulations (See The EU's independent data protection authority).But accountability also means that the company must take responsibility for unforeseen consequences of their use of data. Let us look at an example.

Example

Imagine an online dating app which profiles people in order to better connect potential partners with each other and target users with relevant advertisements. Due to poor data security, a political campaign gains access to users’ personal data. The political campaign collects the data and uses them to determine people’s political preferences, in order to better target people with political advertisement, and spread fake news about opponent parties.

Damage Control and Remedies

In the example above, the political campaign who ‘stole’ the data are certainly responsible for a lot of wrongdoing. But that doesn’t exonerate the app company from blame. The app company should have protected the users’ data better. The app company should first of all do all that it can to stop the problem before it unfolds further. Second, it should inform all the involved data subjects about the situations. Third, it should resolve the security problem so it doesn’t happen again, and finally it should try to remedy all consequences of the breach. Such remedies can include accepting legal consequences, voluntarily compensating the ‘data victims’ etc.

Compliance with the Principle

At Seluxit we are accountable for all our actions, and we take the responsibility that comes with holding and using data very seriously. We comply with all relevant data regulations, including the GDPR, and should our use of data have unforeseen bad consequences in the future, we will inform everyone involved and do our best to resolve the issue.

It is Important to Take Responsibility for How You Handle Data.

≪ Principle 7 Principle 9 ≫