Ensure Good Data Ethics and Governance

In this section, you will learn about the basics of data ethics and data governance including selected frameworks used in the public sector. Reading this section will help you understand how to (re-)use data in a well-thought-out, just and ethical manner.

Ensure Good Data Ethics and Governance

What to expect

While using more data in policymaking leads to better and more informed decision-making (if you aren’t yet convinced, take a moment to read “Why it Matters”), data growth also comes with new challenges. As more data flows in from various (new) sources, it becomes more difficult to maintain control over the data, protect the rights of data subjects and meet demands of data end users. The potential misuse of data and data issues such as poor data quality or lack of data ownership increases the risks of using data. Therefore, ensuring that the data you are using are handled responsibly and respects human rights is a prerequisite, especially in the context of new and emerging data sources.

Here are a few exemplary situations, illustrating when data ethics, data governance and data privacy may become relevant:

  • You are relying on large amounts of personal data for developing a new policy. How can you ensure the data is securely managed and data privacy is ensured?
  • One of your team leaders is interested in sourcing relevant data from a local private company. Who can decide if it is compliant to go ahead with the official data request and who should approach the company?
  • You are receiving a large data set including sensitive health-related data. Where should you store it and who should have access to it?
  • Your study could benefit from a set of personal data from another country where no regulation on data privacy exists. Would you work with this data?
  • You would like to use an already existing set of personal data for a different purpose. Do you need to obtain consent again?

In this section, you will learn about the basics of data ethics and data governance including selected frameworks used in the public sector. Reading this section will help you understand how to (re-)use data in a well-thought-out, just and ethical manner.

Key terms

Before getting into the details, it is important to have a shared understanding of a few key terms. These definitions were sourced from some of the leading voices in the data field:

Data ethics relates to the moral considerations and practice around how data is managed, including the generation, recording, collection, usage and sharing of data. It is especially relevant when data activities have the potential to impact people and society, directly or indirectly (definition adapted from the ODI and the Royal Society).

Data governance refers to the rules and processes for how data is collected, accessed, controlled, used or shared in any given context. According to Mozilla’s Data Futures Lab, how data is governed describes who has the power to make decisions over data and how.

Data privacy refers broadly to a person’s ability to determine for themselves how, when and to what extent personal information about them is shared. When collecting or re-using data on individuals for policy purposes, as well as when individuals interact with online platforms, the privacy of their data should be of the highest priority. Data privacy is becoming an increasingly important topic as new data sources, such as mobile phone data, have the potential to provide large sets of real-time personal information.

Data stewardship can be defined as ensuring the ethical and responsible creation, collection, management, use and reuse of data. It is expressed through long-term, inter-generational curation of data assets so that they benefit the full community of data users, and are used for the public good (definition from United Nations Economic Commission for Europe). The term data steward is also used in the context of data collaboratives where data stewards represent individuals or teams within data-holding organizations who are empowered to proactively initiate, facilitate and coordinate data collaboratives toward the public interest (definition from The GovLab). The Open Data Institute (ODI) provides another perspective and recognizes stewarding data as the foundational activity in the lifecycle of data – collecting, maintaining and sharing it. Currently, there is also a debate about the role of National Statistical Offices (NSOs) in the context of data stewardship – discussing to what extent they should evolve from data producers into coordinators and, finally, into "data stewards” (source: United Nations World Data Forum).

According to the European Union’s General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person. Processing personal data usually requires the consent of the data subject (unless expressly allowed by law). Sensitive data is a special category of personal data, revealing sensitive personal information (ethnic origin, political beliefs, religious beliefs, genetic or health-related data). Sensitive data requires an even higher form of data protection.

How will I know I have successfully set up a system that safeguards the data I am using?

The ODI provides guidance on how data institutions facilitate safe access to sensitive data; this guidance can be used to help you determine whether or not the system you have set up truly safeguards the data you are using.

The four questions from the ODI are:

  1. Who can access the data?
  2. What data can be accessed?
  3. How can that data be accessed?
  4. What is that data used for?

We would add one more:

  1. What happens in case of adverse events, for instance, if data is leaked?

If you can answer all of these questions and provide well-thought-out processes to support your answers, then it is likely you have developed a system that safeguards the data you are using. If not, head back to one of the resources mentioned above and get started on leveling up your data protection processes.

I am safeguarding data ethics, governance and privacy– what comes next?

Having developed an awareness to safeguard data governance, ensuring ethical behavior when using data and protecting data privacy is an incredibly important part of using data for policymaking. Public officials should keep in mind that creating processes once does not mean that the data being used for policymaking will always be safe – processes need to be monitored and refined to ensure that they are always granted the highest level of protection possible.

With safeguarding data being an ongoing process, a variety of other processes should be tackled in conjunction with developing data protection methods. For instance:

  • Strengthening your team’s data capacities can ensure that they understand the intricacies of safeguarding data better.
  • Building institutional mechanisms for continued use of data in policymaking processes goes hand in hand with constructing high-quality data safeguarding systems.
  • Finally, strengthening a data culture in your team can only positively reinforce your data protection efforts.

Interested in exchanging more on the topic of safeguarding data or learning best practices from peers around the world? Join our Data in Policy group here.

Data Ethics

This section details two practical frameworks to help you and your organization ensure that data ethics are being respected.

Data Governance

This section details two practical frameworks to help you and your organization ensure that data ethics are being respected.

Data Privacy

The quantum of data being generated every minute comes with a risk, the risk that this data will not be protected.

Related Use Cases

Leveraging Big Data to Build Sustainable and Connected Cities: The Quito Case
Learn More
Using Mobile Phone Data for Effective Public Health Measures during Pandemics
Learn More