Just because the law allows you to use data in a particular way, should you?

Excerpt from EY report, Data ethics: digital dilemmas for the 21st century board.

Just over 10 years since the phrase ‘data is the new oil’ (Clive Humby, 2006) was coined, the oil rush is gaining momentum. Companies are competing to create new markets and business models enabled by this rise in data, and unearth fresh insights about their customers to gain competitive advantage.

Why is there so much data growth? There are numerous factors, such as the use of smartphones, connected machines, online social interaction and the lower cost of collecting and using data. Data can be used to determine individual preferences, likes and dislikes and therefore how one might behave in different contexts. It is therefore incredibly valuable.

However, the opportunities provided by data come with unique ethical risks. Getting the balance right could give a competitive edge and promote growth. Conversely, getting it wrong could lead to long-term reputational damage and stakeholder mistrust, impacting the bottom line in a way that is often disproportionate and prolonged.

The impact of the digital rush has not been welcomed universally: privacy campaigners criticise the imbalance of power between technology giants and their individual users, and the asymmetrical distribution of economic value generated from data. Furthermore, they point to a lack of choice and transparency about how an individual’s personal data is used, and therefore how inroads are being made into that individual’s privacy, in the name of profit. For example, terms and conditions for online services can often be difficult to understand and unclear on the use of data, although consumers must make a binary choice to either accept them to access the technology, or refuse and be excluded.

The law sets out a number of requirements regarding the use of data – particularly around data protection, marketing, advertising and cybersecurity – which all companies must comply with. However, our view is that legal compliance is only one standard that a company should consider regarding its treatment of data. Indeed, given the rapid changes in technology as well as the exponential growth in the volume of data coupled with a similar increase in new usages and risks, it has become evident that law and regulation will always remain a few steps behind. As such, a well advised organisation should also assess the ethical standpoint behind their decisions to use data in a particular way.

Above all, boards need to have a clear response to the question, “Just because we can do it, should we?”

At EY, we have a gained insights on how and why boards should form their own position on data ethics in the context of their own collective experience and objectives. We have developed tools, including the EY Data Ethics Navigator app, to assist boards to consider how they should act in relation to data ethics, after considering the inherent dilemmas and trade-offs unique to their businesses. A considered data ethics standpoint will enable businesses to make the most of their data by enabling them to implement practical steps to mitigate risks and generate sustainable value over the long-term.

EY Legal Services Contact:



Richard Goold – Global Technology Law Leader