Principle 8: Accountability
Any company that collects and uses personal data should be accountable to its data subjects and the society around it. But what does it mean to be accountable in a data context?
What is Accountability?
Simply put, accountability has to do with taking responsibility for one’s actions and the consequences thereof. In a data context, it often means being able to explain and justify how, when, what and why data is collected. Legally speaking, a company must take certain organisational measures to answer these questions, and demonstrate that it complies with the relevant laws and regulations (See The EU’s independent data protection authority). But accountability also means that the company must take responsibility for unforeseen consequences of their use of data. Let us look at an example.
Imagine an online dating app which profiles people in order to better connect potential partners with each other and target users with relevant advertisements. Due to poor data security, a political campaign gains access to users’ personal data. The political campaign collects the data and uses them to determine people’s political preferences, in order to better target people with political advertisement, and spread fake news about opponent parties.
Damage Control and Remedies
In the example above, the political campaign that ‘stole’ the data are certainly responsible for a lot of wrongdoing. But that doesn’t exonerate the app company from blame. The app company should have protected the users’ data better. The app company should, first of all, do all that it can to stop the problem before it unfolds further. Second, it should inform all the involved data subjects about the situations. Third, it should resolve the security problem so it doesn’t happen again, and finally, it should try to remedy all consequences of the breach. Such remedies can include accepting legal consequences, voluntarily compensating the ‘data victims’ etc.
Compliance with the Principle
At Seluxit we are accountable for all our actions, and we take the responsibility that comes with holding and using data very seriously. We comply with all relevant data regulations, including the GDPR, and should our use of data have unforeseen bad consequences in the future, we will inform everyone involved and do our best to resolve the issue.
It is Important to Take Responsibility for How You Handle Data.