Develop project pia+ risk identification

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 688127

Privacy, social and ethical risks

Identifying potential privacy, social and ethical risks in DEVELOP design

Rachel Finn, Trilateral Research

www.develop-project.eu

http://www.develop-project.eu/

2

DEVELOP aims to pioneer the use of personalization tools, game-based

assessment, social network analysis, and artificial intelligence (AI) planning

for learning environments on career development.

Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies

Project mission and partners

Roots in Privacy Impact Assessment (PIA) with an extension to social,

ethical and other relevant issues.*

Should be conducted through the development cycle of a new, or

substantially revised, tool or system

Should include a consultation / review by expert stakeholders

Should be published in order to foster public trust and responsible innovation

Dependencies on persona hills, user requirements, use cases and

functionalities

3Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies

What is a PIA+

*Wright, David and Paul De Hert, Privacy Impact Assessment, Springer, Dordrecht, 2012.

PIA+ process

Analyse user requirements, system architecture and information flows

Identify privacy, social and ethical risks

Consult with expert stakeholders

Formulate privacy, social and ethical design requirements and solutions

Communicate these to design team and technical partners


1

2

3

4

5

DEVELOP will undertake 3 iterations: design & development, pilot testing and

evaluation

DEVELOP progress

Requirementdefinition

Design

Development

Pilot testing

Evaluation


Participation in user requirements definition workshops, meetings and

teleconferences

Feed into and amend user requirements as they are discussed by the consortium

Systematic and comprehensive analysis of each of the requested functionalities

and system requirements according to the following criteria:

General privacy issues and questions

Legal requirements – i.e., the General Data Protection Regulation (GDPR)

Social and ethical issues – discrimination, gender, accessibility

Consideration of the data life-cycle

Data collection

Data sharing

Data storage and transmission

6

Methodology


7

Requested functionality 2: As a software engineer I would like to get structured/unstructured feedback, peer feedback and 1-on-1 feedback so that I know easy way to get any feedback

GENERAL PRIVACY RELATED QUESTIONS/ ISSUES

• Are users aware of what it means to have feedback provided through this tool?

• What does this feedback consist of? For example, what is unstructured feedback? Can anyone provide feedback on the employee and post this to the employee's dashboard? Define the different types of feedback that may be recorded (peer, manager, one to one).

• Does the user request feedback from specific people or is the feedback provided on the initiative of those giving the feedback?

• Will all feedback be recorded, visible on dashboard, visible to other users/ social networks/ other employees/ future managers?

• What if the feedback is bad?

• What control does the employee have over what feedback is posted and to whom it is visible, how it is used, stored, analysed and shared?

• What if the employee feels that the feedback is inaccurate or misrepresentative of his/her role? Can this feedback be queried or flagged by the employee? Is there a validation process?

• What processes are there outside of the tool for the provision of feedback? Will those who do not subscribe to the tool have equal opportunity to access such feedback?


Example of research action

8

Requested functionality 2 (continued):

DATA COLLECTION

What data will be collected? • The user’s personal details • The content of the feedback provided• The personal details of the person providing the feedback• Will any sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-

union membership, or data concerning health or sex life be collected?

Measures to mitigate privacy risks relating to collection of data:

• Ensure that employee is fully aware of what data is being collected and for what purpose, and that he/she has consented to the collection of this data. This should be done via a clear notice on the system when the employee requests feedback, together with a requirement for the employee to provide his/her informed consent to the collection

• In order to minimise risk of collecting sensitive data, consider anonymisation, pseudonamisation or data scrubbing so as to render data subjects unidentifiable (as far as possible


9


DATA SHARING

To whom is the feedback visible? • Only the user?• All members of the user’s social network?• All members of the organisation, including HR and future managers?

How can this feedback be used, other than by the employee for his/her own career development goals?

• Are managers or HR able to access this feedback in order to make decisions for future job roles?• Can peers see this feedback and use it in comparing their performance with that of their colleagues?

Measures to mitigate privacy issues • Allow user to control what information is visible or shared with other users.• For example, allow user to activate certain settings regarding privacy and sharing of feedback. If user is happy for

feedback provided by peers to be fully visible to everyone on his page, he could tick the box/ activate the button allowing full access to that data. If, however, he/she wishes to keep feedback from line managers private, the box/button hiding that type of feedback can be ticked/ activated.

• User should be free to hide all classes of feedback, with options to open certain categories of feedback to be visible to certain categories of users.

• The default setting for all types of feedback should be the most restrictive. • There should be a clear process whereby users can request information to be corrected or amended if it is

inaccurate. Could this functionality be built into the system, so that a user can query the feedback? • Draft a protocol as to how the organisation can use this information. E.g. data should not be used for purposes of

employee appraisal.


10


DATA STORAGE & TRANSMISSION

Ensure secure protocols for storage and transmission of data

• Encryption• Cloud storage • Etc.

DESIGN RECOMMENDATIONS

Allow users to control what feedback is visible and to whom. Providing options to ‘switch on’ or ‘activate’ certain categories of feedback that are visible and and certain categories of people to whom the feedback is visible.

Data collected by the system should be scrubbed (for example, employees age is collected rather than date of birth) and data should be anonymised as far as possible.

Clear notice of what data is collected, how it is used, and purpose for collecting.

Require informed consent of user.

Provide a mechanism for querying feedback and requesting correction of inaccurate data.


Data to be collectedUser details Employment activities Performance Social media / communication

Name Courses taken and outcomes (including failed courses)

Informal feedback on performance from mentors, managers and peers

Social media connections

DOB or Age Career development activities Formal performance review data

Sensitive information –incidentally via social media

Job title Core competencies Aggregated / profile-based data on other employees performance

User data from social media connections

Education / qualifications / experience

Gaps in competencies Incidental collection of information from mobile devices

Internal corporate relationships

Self-reported career plans and goals

Communication data between mentors and mentees within the system

Calendar entries Mentorship duties and outcomes


Legal obligations from GDPR

Article 17 – Right to erasure (“right to be forgotten”)

Article 21 – Right to object – on grounds including profiling

Article 22 – Right not to be subject to a decision based solely on automated

processing, including profiling

Article 25 – Data protection by design and by default

Implement appropriate technical and organisational measures designed to implement data

protection principles

Article 32 – Security of processing

Implement appropriate technical and organisation measures to ensure level of security

appropriate for risk

Article 35 – Data Protection Impact Assessment


Analysis

Organised privacy, social and ethical risks into themes / clusters

Lack of awareness and informed consent

Data being used for a purpose which was not intended / disproportionate collection

Collection of sensitive information

Collection of inaccurate data

Inadequate data security


All of these map to data protection principles under the GDPR

Risks – Lack of awareness and informed consent

Includes five elements:

Lack of awareness as to what data is processed

Lack of understanding as to what data is shared and the consequences of sharing that data

Consent not given voluntarily

Removal of meaningful alternatives

Employment context

Collecting third party data (e.g., data from network contacts)

“I would like to track and see the progress of my social network for my better understanding

of what is needed to advance my career (e.g., courses, volunteer work, etc.)”

“DEVELOP shall determine social capital value based on social network profile of employee.”

EMP-FR-001

Collecting data from third party applications (e.g., social media)

“DEVELOP will provide a connector to import data from external sources such as Twitter.”

EMP-FR-018


Risks – Data being used for a purpose which was not intended / disproportionate collection

Surveillance and function creep

Function creep - “using technology to fulfil unforeseen functions because the technology just

happens to be there”*

“As resource manager/people manager/recruitment manager I would like to be informed of groups

of employees I need to take actions on in terms of their competencies/skills development (drop in

skill of whole organisation). Alert resource manager if employee is not progressing. Early warning

system. Forecasting if employee will leave (getting to know reasons behind it)”

Social media information being used to assess performance

Log entries being used to assess work time-table


*Boersma, K.; van Brakel, R; Fonio, C.; P. Wagenaar (Eds.), 2014. Histories of State Surveillance in Europe and Beyond. Routledge: London and New York. p.5.

Risks – Collection of sensitive information

Incidental collection of sensitive information from social media

“As a software engineer I would like a personalized career development tool. Tool should consider

the personality, demographics and experience.”

“DEVELOP shall provide at least 4 self-assessments for the learner (GMA, personality, motivation,

serious game)” EMP-FR-043


Risks – Collection of inaccurate data

Reliance on self-reported data

“DEVELOP shall provide a user interface for employee to enter his/her past job experience (job

title + time) from their CV” EMP-UI-026

Employees may disagree with information entered by others about them

Inaccuracies can compound and have significant implications on decision-making

by managers, HR, etc.

“As resource manager/people manager/recruitment manager I would like to query skills matrix

across the organisation. Tool should be easy to use for non-technical person and wow factor is

automatically finding right people with right skills.”

“DEVELOP shall provide a matrix view of competencies with proficiency level for the selected

group” PM-UI-113


Risks – Inadequate data security

Potential for malicious or inadvertent data breaches

Unauthorised access to personal information (internal or external)

Leak of employee personal data / third party data

Potential damage to organisation and DEVELOP system


www.develop-project.eu

Thank you for your attention

http://www.develop-project.eu/

Data & Analytics

Develop project pia+ risk identification