Upload
trilateral-research
View
155
Download
2
Embed Size (px)
Citation preview
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 688127
Privacy, social and ethical risks
Identifying potential privacy, social and ethical risks in DEVELOP design
Rachel Finn, Trilateral Research
www.develop-project.eu
2
DEVELOP aims to pioneer the use of personalization tools, game-based
assessment, social network analysis, and artificial intelligence (AI) planning
for learning environments on career development.
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Project mission and partners
Roots in Privacy Impact Assessment (PIA) with an extension to social,
ethical and other relevant issues.*
Should be conducted through the development cycle of a new, or
substantially revised, tool or system
Should include a consultation / review by expert stakeholders
Should be published in order to foster public trust and responsible innovation
Dependencies on persona hills, user requirements, use cases and
functionalities
3Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
What is a PIA+
*Wright, David and Paul De Hert, Privacy Impact Assessment, Springer, Dordrecht, 2012.
PIA+ process
Analyse user requirements, system architecture and information flows
Identify privacy, social and ethical risks
Consult with expert stakeholders
Formulate privacy, social and ethical design requirements and solutions
Communicate these to design team and technical partners
4Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
1
2
3
4
5
DEVELOP will undertake 3 iterations: design & development, pilot testing and
evaluation
DEVELOP progress
Requirementdefinition
Design
Development
Pilot testing
Evaluation
5Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Participation in user requirements definition workshops, meetings and
teleconferences
Feed into and amend user requirements as they are discussed by the consortium
Systematic and comprehensive analysis of each of the requested functionalities
and system requirements according to the following criteria:
General privacy issues and questions
Legal requirements – i.e., the General Data Protection Regulation (GDPR)
Social and ethical issues – discrimination, gender, accessibility
Consideration of the data life-cycle
Data collection
Data sharing
Data storage and transmission
6
Methodology
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
7
Requested functionality 2: As a software engineer I would like to get structured/unstructured feedback, peer feedback and 1-on-1 feedback so that I know easy way to get any feedback
GENERAL PRIVACY RELATED QUESTIONS/ ISSUES
• Are users aware of what it means to have feedback provided through this tool?
• What does this feedback consist of? For example, what is unstructured feedback? Can anyone provide feedback on the employee and post this to the employee's dashboard? Define the different types of feedback that may be recorded (peer, manager, one to one).
• Does the user request feedback from specific people or is the feedback provided on the initiative of those giving the feedback?
• Will all feedback be recorded, visible on dashboard, visible to other users/ social networks/ other employees/ future managers?
• What if the feedback is bad?
• What control does the employee have over what feedback is posted and to whom it is visible, how it is used, stored, analysed and shared?
• What if the employee feels that the feedback is inaccurate or misrepresentative of his/her role? Can this feedback be queried or flagged by the employee? Is there a validation process?
• What processes are there outside of the tool for the provision of feedback? Will those who do not subscribe to the tool have equal opportunity to access such feedback?
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Example of research action
8
Requested functionality 2 (continued):
DATA COLLECTION
What data will be collected? • The user’s personal details • The content of the feedback provided• The personal details of the person providing the feedback• Will any sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-
union membership, or data concerning health or sex life be collected?
Measures to mitigate privacy risks relating to collection of data:
• Ensure that employee is fully aware of what data is being collected and for what purpose, and that he/she has consented to the collection of this data. This should be done via a clear notice on the system when the employee requests feedback, together with a requirement for the employee to provide his/her informed consent to the collection
• In order to minimise risk of collecting sensitive data, consider anonymisation, pseudonamisation or data scrubbing so as to render data subjects unidentifiable (as far as possible
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
9
Requested functionality 2 (continued):
DATA SHARING
To whom is the feedback visible? • Only the user?• All members of the user’s social network?• All members of the organisation, including HR and future managers?
How can this feedback be used, other than by the employee for his/her own career development goals?
• Are managers or HR able to access this feedback in order to make decisions for future job roles?• Can peers see this feedback and use it in comparing their performance with that of their colleagues?
Measures to mitigate privacy issues • Allow user to control what information is visible or shared with other users.• For example, allow user to activate certain settings regarding privacy and sharing of feedback. If user is happy for
feedback provided by peers to be fully visible to everyone on his page, he could tick the box/ activate the button allowing full access to that data. If, however, he/she wishes to keep feedback from line managers private, the box/button hiding that type of feedback can be ticked/ activated.
• User should be free to hide all classes of feedback, with options to open certain categories of feedback to be visible to certain categories of users.
• The default setting for all types of feedback should be the most restrictive. • There should be a clear process whereby users can request information to be corrected or amended if it is
inaccurate. Could this functionality be built into the system, so that a user can query the feedback? • Draft a protocol as to how the organisation can use this information. E.g. data should not be used for purposes of
employee appraisal.
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
10
Requested functionality 2 (continued):
DATA STORAGE & TRANSMISSION
Ensure secure protocols for storage and transmission of data
• Encryption• Cloud storage • Etc.
DESIGN RECOMMENDATIONS
Allow users to control what feedback is visible and to whom. Providing options to ‘switch on’ or ‘activate’ certain categories of feedback that are visible and and certain categories of people to whom the feedback is visible.
Data collected by the system should be scrubbed (for example, employees age is collected rather than date of birth) and data should be anonymised as far as possible.
Clear notice of what data is collected, how it is used, and purpose for collecting.
Require informed consent of user.
Provide a mechanism for querying feedback and requesting correction of inaccurate data.
Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Data to be collectedUser details Employment activities Performance Social media / communication
Name Courses taken and outcomes (including failed courses)
Informal feedback on performance from mentors, managers and peers
Social media connections
DOB or Age Career development activities Formal performance review data
Sensitive information –incidentally via social media
Job title Core competencies Aggregated / profile-based data on other employees performance
User data from social media connections
Education / qualifications / experience
Gaps in competencies Incidental collection of information from mobile devices
Internal corporate relationships
Self-reported career plans and goals
Communication data between mentors and mentees within the system
Calendar entries Mentorship duties and outcomes
11Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Legal obligations from GDPR
Article 17 – Right to erasure (“right to be forgotten”)
Article 21 – Right to object – on grounds including profiling
Article 22 – Right not to be subject to a decision based solely on automated
processing, including profiling
Article 25 – Data protection by design and by default
Implement appropriate technical and organisational measures designed to implement data
protection principles
Article 32 – Security of processing
Implement appropriate technical and organisation measures to ensure level of security
appropriate for risk
Article 35 – Data Protection Impact Assessment
12Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Analysis
Organised privacy, social and ethical risks into themes / clusters
Lack of awareness and informed consent
Data being used for a purpose which was not intended / disproportionate collection
Collection of sensitive information
Collection of inaccurate data
Inadequate data security
13Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
All of these map to data protection principles under the GDPR
Risks – Lack of awareness and informed consent
Includes five elements:
Lack of awareness as to what data is processed
Lack of understanding as to what data is shared and the consequences of sharing that data
Consent not given voluntarily
Removal of meaningful alternatives
Employment context
Collecting third party data (e.g., data from network contacts)
“I would like to track and see the progress of my social network for my better understanding
of what is needed to advance my career (e.g., courses, volunteer work, etc.)”
“DEVELOP shall determine social capital value based on social network profile of employee.”
EMP-FR-001
Collecting data from third party applications (e.g., social media)
“DEVELOP will provide a connector to import data from external sources such as Twitter.”
EMP-FR-018
14Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Risks – Data being used for a purpose which was not intended / disproportionate collection
Surveillance and function creep
Function creep - “using technology to fulfil unforeseen functions because the technology just
happens to be there”*
“As resource manager/people manager/recruitment manager I would like to be informed of groups
of employees I need to take actions on in terms of their competencies/skills development (drop in
skill of whole organisation). Alert resource manager if employee is not progressing. Early warning
system. Forecasting if employee will leave (getting to know reasons behind it)”
Social media information being used to assess performance
Log entries being used to assess work time-table
15Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
*Boersma, K.; van Brakel, R; Fonio, C.; P. Wagenaar (Eds.), 2014. Histories of State Surveillance in Europe and Beyond. Routledge: London and New York. p.5.
Risks – Collection of sensitive information
Incidental collection of sensitive information from social media
“As a software engineer I would like a personalized career development tool. Tool should consider
the personality, demographics and experience.”
“DEVELOP shall provide at least 4 self-assessments for the learner (GMA, personality, motivation,
serious game)” EMP-FR-043
16Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Risks – Collection of inaccurate data
Reliance on self-reported data
“DEVELOP shall provide a user interface for employee to enter his/her past job experience (job
title + time) from their CV” EMP-UI-026
Employees may disagree with information entered by others about them
Inaccuracies can compound and have significant implications on decision-making
by managers, HR, etc.
“As resource manager/people manager/recruitment manager I would like to query skills matrix
across the organisation. Tool should be easy to use for non-technical person and wow factor is
automatically finding right people with right skills.”
“DEVELOP shall provide a matrix view of competencies with proficiency level for the selected
group” PM-UI-113
17Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies
Risks – Inadequate data security
Potential for malicious or inadvertent data breaches
Unauthorised access to personal information (internal or external)
Leak of employee personal data / third party data
Potential damage to organisation and DEVELOP system
18Funded by the EU (Horizon 2020 Programme) | © DEVELOP – Developing Careers through Social Networks and Transversal Competencies