The current issue and full text archive of this journal is available on Emerald Insight at:

https://www.emerald.com/insight/0956-5698.htm

Code of ethics
Ethics by design: a code of ethics
for the digital age
Bernice Ibiricu
Information Governance Division, ECB, Frankfurt, Germany, and
395
Marja Leena van der Made
Data Protection Officer, European Space Agency, Paris, France Received 29 August 2019
Revised 17 December 2019
3 April 2020
Accepted 29 April 2020

Abstract
Purpose – This paper aims to provide a framework for a code of ethics related to digital and leading edge
technologies.
Design/methodology/approach – The proposed ethical framework is anchored in data protection
legislation, and results from a combination of case studies, observed user behaviour and decision-making
processes.
Findings – A concise and user-friendly ethical framework ensures the embedded code of conduct is
respected and observed by all employees concerned.
Originality/value – An ethical framework aligned with EU data protection legislation is required.
Keywords Privacy, Legislation, User behaviour, Compliance management, Digital ethics,
New technologies
Paper type Conceptual paper

Introduction
Europe has faced trials having sought unity, justice and peace between its members as
defined in the European Convention of Human Rights (ECHR, www.echr.coe.int/Documents/
Convention_ENG.pdf), while concurrently promoting democracy. The digital age has
brought new challenges for politics, fairness, human rights and fundamental freedoms and
raises questions on ethical data, ethics for engineers, ethics for artificial intelligence (AI), etc.
Europe has recently released a regulation that draws on ethics, namely, the General Data
Protection Regulation [GDPR, (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%
3A32016R0679)]. The GDPR is even becoming a standard of worldwide proportions, some
would even argue that it has become a European export (Bradford, 2020).
Core beliefs shape individuals, people and organisations. It is these beliefs that are the
foundation of ethics. Business ethics involves applying moral behavioural standards to
business models, thereby establishing a code of conduct for ethical behaviour to be observed
and respected by a given population (Crane and Matthen, 2007). However, the business
world is now experiencing a rapid digital transformation as business models assimilate and
process digital information. Nowadays, digital processes are almost the exclusive means
used for data transmission, information publishing and mobile communication. Pushing the
boundaries of technological innovation to the limits is one thing but doing so at the expense
of the rights of others is another altogether. So, the ethical problems faced are wider than
privacy. Records Management Journal
Vol. 30 No. 3, 2020
pp. 395-414
Disclaimer: The views and comments expressed in this publication are those of the authors and are © Emerald Publishing Limited
0956-5698
not backed nor endorsed by the institutions the authors are affiliated with. DOI 10.1108/RMJ-08-2019-0044
RMJ This is the reason why legislation and regulations to ensure and enforce compliance are
30,3 essential, if ethical standards, human rights, freedom and privacy rights are to be protected
and respected. The nature of these rules will also depend on whether the population in
question is an enterprise/institution, a nation or a union of national states. In the case of
jurisprudence, the enforced legislation might simultaneously apply to all three entities, such
as when the ECHR was enacted, following a brutal world war, or more recently, the GDPR,
396 which came into force in the European Union (EU) on 25 May 2018. Enterprises and
organisations are becoming increasingly aware that they have to live up to a mission
statement that highlights a duty of care towards their staff, customers, stakeholders and
even our planetary environment. Human rights are being extended to relationships between
individuals. Companies have to develop value systems and codes of behaviour that attract
loyal and committed employees, who identify with the organisation’s ethical principles.
Also, small- and medium-sized businesses are expected to ethically invest in people.
Perhaps more than ever before in industrial history, failures to align with accepted
professional and ethical conduct may irreparably ruin reputations and lead enterprises to
bankruptcy, as the apparent socio-political trend to seek responsibility and accountability
gains pace. Noting that our sense of time seems to move ever faster, because of the ever more
rapid rate of data exchange, the reputational damage can sometimes seem short-lived, and
that which was once shocking news, we almost seem to accept as unfortunate business as
normal.
The increase in data, speed and technology raises a need for risk management and
requires balancing these demands with mitigation, a better definition of roles and
responsibilities, new laws and ethical awareness. In many cases, the relationship between
ethics and the law is not clear (Renucci, 2005). Frequently, we are using technology before
making rules or using tools in an unethical, illegal, exploitative manner, causing harm. The
greater presence of AI in advanced technologies begs the question, who is responsible for
the detrimental consequences? Technological innovators should be obliged to observe
standards of care and held to account if we are to avoid their products causing irreparable
damage.
Ultimately, the legal profession will make the judgment calls, meaning that lawyers need
to understand developments in technology and discern what they mean – starting with their
own ethical duties. Except, sometimes the law lags behind, and human populations can end
up at the mercy of data-driven technologies. If citizens, national ethics boards and
consumers do not become socially and ethically aware and build a public consciousness,
then the “profits over people” trend could gain the upper hand and jurisprudence is then no
longer able to protect end-users and citizens’ rights. We may be in danger of accepting
unacceptable norms because of habit, when such norms should be constantly questioned
(Deleuze, 2007). Not only have large corporations already moved into the arenas of social
engineering, digital finances and e-commerce, indeed some of them are defining market
trends and impacting national politics.
Personal data protection is key to ethics, human dignity, value, respect and autonomy
supporting citizens’ rights against commercial exploitation and profiling. As an important
part of ethics and digital information, it is a right based on the EU Charter of Fundamental
Rights (www.europarl.europa.eu/charter/pdf/text_en.pdf). Data protection endorses
individuals with the right to privacy by providing them with control over the manner in
which information regarding their person is collected, processed and used. In this sense, the
GDPR empowers individuals to assert their rights, rather than leaving them powerless in
the face of ever-increasing commercialization of personal data, largely without their consent.
A lack of respect for the individual and their rights may lead to a loss of trust, which in turn Code of ethics
damages business. Technology, the law and ethics have a key coordination role to play.
The ethical framework provided herein reveals that a few basic principles can go a long
way to safeguarding data subject (European Data Protection Supervisor [EDPS], https://
edps.europa.eu/data-protection/data-protection/glossary/d_en) rights and entrepreneurial
reputations, particularly in a world that is becoming increasingly aware of its digital
footprint, and the visible and invisible impact that new technologies are starting to have on
every aspect of human life. We argue for the need for “ethics by decision.” This incorporates 397
the conscious and collective responsibility for decision-taking and respect and protection of
human rights. Ethics for AI is crucial because of the ethical challenges AI poses with
information and data mining, such as the recognition of patterns to identify individuals.
Moreover, AI poses questions of trust and the misuse of trust as the associated algorithms
are embedded with the moral choices and prejudices of their designers. Further
technological advancements that bring profiling, data analytics and other intrusive
technology into the vanguard of the digital age demand research and study into an ethical
code of conduct that corresponds with the unprecedented technological challenges that
world populations face today.
This paper investigates the opportunities and challenges that arise through new
technologies and argues for ethics to be integrated into the first stages of process and
technology design. It provides a brief look at some of the technologies and ethical dilemmas
faced today. It examines definitions of ethical and moral standards, broadly looks at the
relationship of ethics and technology, highlighting technologies that shape the future. It
calls for further definition of rights and roles, for an “ethics by decision” approach, as well as
proposing options for establishing a code of ethics.
As for the scope of this paper, it should be mentioned that the framework offered is only a
proposal based on leading technologies, ethical inclinations and literature published in
books, the mainstream press or the World Wide Web and excludes any trends that are the
domain of the dark net.

Defining ethical and moral standards

The foundations of ethical reasoning are based on what is perceived as “right” and “wrong”
behaviour by an individual or a group of individuals. Hence, ethical principles are
fundamental when individuals or legal entities interact. Business ethics may raise questions
of how to balance personal principles with company standards, as values play a crucial role
in the decision-making process and the actions ultimately taken (Crane and Matthen, 2007).
Oftentimes it is argued that approaches honouring the greater public good are considered as
morally just. However, such a stance begs the question of whether it is ethical to sacrifice the
interests of others, particularly if traditions and religion influence cultural values. Value
conflicts can be displayed when values are in conflict with an action. We can soon find
ourselves rooting for the Robin Hood, the hero who steals from the rich to give to the poor,
even when such behaviour runs counter to personal value systems and commonly
established standards.
Ultimately, ethical reasoning implies defining a set of principles and moral values rather
than a mere reflection of a group position. Ethics in an organisation may be supported by a
set of rules for appropriate behaviour, so that persons with different ethical or personal
value systems can interact in terms of agreed and commonly established standards. Based
on critical examination, standards for individual rights should be set. For instance, Europe
has taken an ethical approach to the use of personally identifiable information (PII) in that
the individual has the right to be informed of the processing of their data that may largely
RMJ determine their exposure to commodification, marketing, etc. Generally, there seems to be no
30,3 single right answer to ethical questions rather there are principles that can be applied to a
specific case to support clarification and to find solutions. Ethical risks may occur when
unquestioned traditions of a society, personal opinions, current trends or the views of the
majority solely define the prevailing ethical principles.
Ethical risks may occur when unquestioned traditions of a society, personal opinions,
398 current trends or the views of the majority solely define the prevailing ethical principles.
Ethics often stirs emotions and often ignites intense debates on human rights, which are
best managed by decisions and actions guided by ethical principles. Solving ethical issues
require a framework for ethical decision-making, which should include an evaluation of all
aspects including conflicts within the ethical problems and an understanding of the facts;
the views of those involved and the impact of a decision taken, potential consideration of
safe alternatives; a potential review of values and selection of the option with the most
ethical outcome, justified by reasons.

Defining ethics
Ethics covers a system of moral principles, i.e. what is good for individuals and society and
what is right or wrong behaviour; how we behave towards others and wish them to behave
towards ourselves. The principles of ethics draw on religions, philosophy and culture
(Ghillyer, 2012).
Meta-ethics covers moral judgement and the origins and meaning of ethical principles.
Normative ethics is concerned with the content of moral judgements and the criteria for what
is right or wrong. Applied ethics looks at divisive issues regarding the actions a person is
permitted or not permitted to take in a specific situation, capital punishment being an
instance.
Information ethics (https://en.wikipedia.org/wiki/Information_ethics) studies the way
technology is influencing our political, legal and social development. In the near future, such
information ethics will permeate every aspect of our moral existence, irrespective of global
location. UNESCO (https://en.unesco.org/) defined information ethics as incorporating
applied ethics which cover the use and misuses of information technology (IT) and
information, UNESCO raises the need for critical thinking about how information is created
or used. The increasing use of technology multiplies the exchange of information and how it
is obtained, and it calls for governance on ethical, social and legal facets of information and
technology. UNESCO information ethics draws on the principles from the Universal
Declaration of Human Rights (https://en.wikipedia.org/wiki/Universal_Declaration_of_
Human_Rights) which deals with the right to education, the right to freedom of expression,
the right to privacy, universal access to information and the right to participate in cultural
life. Such values are crucial for a just information society. Information ethics deals with
questions on the collection, disclosure, creation and destruction of information and how to
deal with ethical issues in this realm, which potentially involves several technical, business
and archival issues.
Digital ethics has emerged as a multidisciplinary field of study and research and a social
science in its own right (Oxford Internet Institute, www.oii.ox.ac.uk/research/digital-ethics-
lab/), as ethical concerns pertaining to surveillance, international/national security and the
right to privacy gain ever greater importance. Although digital technology enforces the
spread of knowledge, it has also empowered the state towards surveillance of citizens and
the super powers of the internet (Google, Apple, Facebook and Amazon) who have the power
to influence those who develop applications, limiting the voice of consumers and citizens (De
Broglie, 2016). As an individual’s internet searches are tracked, analysed, repossessed and
reused, there is a potential economic, cultural, social and environmental impact (De Broglie, Code of ethics
2016). More debate, ethics and responsible roles are required, as are an ethical education for
those in the digital profession, critical thought, more open sources and a balancing of power
(De Broglie, 2016).
Algorithmic ethics is on the rise as algorithmic decision-making of tasks of limited scope
can save time, and the processing of the relevant data is taken to be devoid of human errors
and/or moral errors, e.g. for the recruitment of staff (London Business School, 2020, www. 399
london.edu/lbsr/algorithmic-ethics-lessons-and-limitations-for-business-leaders).
The sensitive information of health records and how such data can be misused for
commercial gain is a facet of medical ethics.
Essentially, the complexities of global economies and interrelated moral standards mean
international attention is focusing on diverse ethical disciplines. Sophisticated and
interconnected business processes make it imperative to apply behavioural standards to
digital business models with a view to establishing common rules for related ethical
behaviour. Undeniably, such moral and behavioural codes of conduct become essential as
public consciousness gains greater awareness and in itself becomes an integral element of
the business model in question.

Ethics and technology

Scientists may use technology for benevolent or violent means. The German Nobel Laureate
in Physics and pacifist Albert Einstein knew that “the world will not be destroyed by those
who do evil but by those who watch them without doing anything” (Einstein, 2020, www.
goodreads.com/quotes/8144295-the-world-will-not-be-destroyed-by-those-who-do). In other
words, it is up to each of us if goodwill and civil rights are to reign over violence and
lawlessness. The choice is ours whether technology is to be used for benevolent or
malevolent causes or whether we submit to or prevent legal corruption, even fraud. Our
decisions may impact many lives, with consequences over decades. This freedom of choice
propels us to propose an “ethics by decision” approach.

Professional code of conduct for ethics in science

As technology has an impact on the quality of life, the Institute of Electrical and Electronic
Engineers (www.ieee.org/about/corporate/governance/p7-8.html) has established a code of
ethics to cover technology, making it a personal obligation for the engineering profession to
commit to the proposed high ethical and professional conduct, as follows:
 to prioritise the safety, health and benefit of the public, to strive to comply with
ethical design and sustainable development practices and to disclose promptly
factors that might endanger the public or the environment;
 to avoid real or perceived conflicts of interest whenever possible and to disclose
them to affected parties;
 to be honest and realistic in stating claims or estimates based on available data;
 to reject bribery in all its forms;
 to improve the understanding by individuals and society of the capabilities and
societal implications of conventional and emerging technologies, including
intelligent systems;
 to maintain and enhance technical competence and to undertake technological tasks
for others only if qualified by training or experience;
RMJ  to seek, accept and offer honest criticism of technical work, to acknowledge and
30,3 correct errors and to credit properly the contributions of others;
 to treat fairly all persons and do not engage in acts of discrimination based on race,
religion, gender, disability, age, national origin, sexual orientation, gender identity
or gender expression;
 to avoid injuring others, their property, reputation or employment by false or
400 malicious action; and
 to assist colleagues and co-workers in their professional development and to
support them in following this code of ethics.

Artificial intelligence and ethical intelligence

Europe has formed a European Group on Ethics in Science and New Technologies (EGE)
that advises on all aspects of the European Commission’s policies where ethical, societal and
fundamental rights issues intersect with the development of science and new technologies
(EGE, 2019, https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-
ai). According to the guidelines, trustworthy AI should be:
 lawful – respecting all applicable laws and regulations;
 ethical – respecting ethical principles and values; and
 robust – both from a technical perspective while considering its impact on the social
environment.

To be deemed trustworthy, AI should fulfil key requirements. The assessment list below
seeks to support the verification of the key requirements (Ethics Guidelines for Trustworthy
Artificial Intelligence, European Commission, 2019, https://ec.europa.eu/knowledge4policy/
publication/ethics-guidelines-trustworthy-ai_en):
 Human agency and oversight: AI systems should empower human beings, allowing
them to make informed decisions and foster their fundamental rights. At the same
time, proper oversight mechanisms need to be ensured.
 Technical robustness and safety: AI systems need to be resilient and secure. They
need to be safe, ensuring a fall-back plan in case something goes wrong, as well as
being accurate, reliable and reproducible.
 Privacy and data governance: besides ensuring full respect for privacy and data
protection, adequate data governance mechanisms must also be ensured, taking
account of the quality and integrity of the data and ensuring legitimised access to
data.
 Transparency: the data, system and AI business models should be transparent.
Traceability mechanisms can help to achieve this. Moreover, humans need to be
aware that they are interacting with an AI system and must be informed of the
system’s capabilities and limitations.
 Diversity, non-discrimination and fairness: unfair bias must be avoided, as it could
have multiple negative implications, from the marginalisation of vulnerable groups
to the exacerbation of prejudice and discrimination. By fostering diversity, AI
systems should be accessible to all.
 Societal and environmental well-being: AI systems should benefit all human beings,
including future generations. It must hence be ensured that they are sustainable and
 environmentally friendly and take account of other living beings; their social and Code of ethics
societal impact should be carefully considered.
 Accountability: mechanisms should be put in place to ensure responsibility and
accountability for AI systems and their outcomes.
 Auditability, which enables the assessment of algorithms, data and design
processes, plays a key role. Moreover, adequate and accessible redress should be
ensured. 401
Arguably, where EL (Emotional Leadership) has left off, EL (Emotional Leadership) could
be taking over. Ethical Intelligence provides a basis that connects humanity with a common
cause. Moreover, EI makes a correlation between the prevailing ethical standard and the
successes/failures of the associated legal entity (Ethical Intelligence for Environment, Social
and Governance investment, www.ethical-intelligence.com/). It is in such an environment
that risk management and ethics come together and conduct risk and reputational risk
become important ethical barometers for an institution.

Legal basis, data breaches and the general data protection regulation
With the advent of computer technology in the 1960s, legislation to address privacy risks
was first considered in the USA. However, the cradle of data protection is considered to be
Frankfurt am Main/Germany in the state of Hesse, where the first data protection law was
passed in 1971, followed by the enactment of the Data Protection Act of 1978 at federal level.
It is perhaps no coincidence then that Google has chosen its Munich/Germany office as the
centre in charge of changing Google’s global “ad-funded internet” centric approach to one
that places privacy at the core of its services and products (FT Europe: Google to set up
German team to tackle privacy and safety issues, www.ft.com/content/9e236e3c-7619-11e9-
be7d-6d846537acab). Privacy legislation is gaining traction in other jurisdictions too, an
instance being the California Consumer Privacy Act, effective as of 1 January 2020.
Why did Europe establish the GDPR? During the previous 20 years, vast technological
changes and the development of the internet started to have a major bearing on data privacy
and data protection. The processing of personal data impacts our private sphere, impinging
on citizens’ rights, especially the freedom of speech and thought, fairness and democracy. As
the concept of a unified Europe developed, the need to exchange personal data across
borders and have recognised standards to facilitate business meant that laws and
regulations that enabled the free movement of personal data were required. Therefore, those
who process personal data, that is, data controllers, have to comply with the GDPR to
safeguard the rights of individuals.
In April 2016, the European Parliament approved the GDPR, superseding the 1995 Data
Protection Directive, which had been rendered inadequate because of technological
advancements. The Directive, adopted by the 28 EU Member States, had allowed national
variations, while the Regulation largely limits variation. The GDPR requires all 28 Member
States of the EU in addition to the three counties of the EEA (European Economic Area) to
comply, as the GDPR is law. After the GDPR became the data privacy law applicable
throughout the EU, Member States had two years to implement it, that is, by May 2018. In
2011, the European Data Protection Supervisor issued an Opinion for a data protection
reform package, followed by the Article 29 Working Party Opinion on a data protection
reform proposal. By 2014, the European Parliament adopted the GDPR after strong votes in
its favour. Today, the European Data Protection Board (replacing the Article 29 Working
Party), an independent European body comprised of European data protection authorities, is
tasked with ensuring consistent application by issuing opinions, guidelines and decisions.
RMJ The requirement to focus on ethics means that business leaders should demonstrate the
30,3 courage to talk about mistakes, that is, decisions lacking ethical insight that led to harm and
to address required changes transparently, with the aim of creating trust. Senior-level
decision-making, how it flows through the organisation and its impact should be made
known so as to demonstrate the responsibility and accountability of the business leaders,
who in turn should take decisions reflecting appropriate behaviour based on identified
402 values. Each business process should include “ethics by decision” and “privacy by design.”
Ethics by decision proposes that by decision (i.e. by the manner in which we do something,
whatever we undertake, proactively from the start), we consider the good, truth and respect
for others as opposed to evil, hatred and cruelty. Having freedom and intelligence, we choose
to be responsible for our decisions. However, the definition of good and the truth are since
centuries much debated philosophical topics. What is good, what is truth? For the purpose of
this paper, let “ethics by decision” draw on the principles on the principles of the European
Convention of Human Rights and the GDPR. The aim here is to consider the ethics first and
to make this the driving force behind the decisions. By considering up front the
consequences, mainly to analyse the risks.
Privacy by design (https://en.wikipedia.org/wiki/Privacy_by_design) is a methodology
for pro-actively embedding privacy into the design and processes of engineering systems,
business practices and infrastructure networks throughout engineering phases. Initiated in
2009 by Ann Cavoukian (third Information and Privacy Commissioner of Ontario, https://en.
wikipedia.org/wiki/Ann_Cavoukian), it was further developed through the cooperation of
the Canadian Information and Privacy Commissioner of Ontario, the Dutch Data Protection
Authority and The Netherlands Organisation for Applied Scientific Research in the mid-
1990s. The concept led to conflicts between corporate and citizens’ interests and has
meanwhile become synonymous with automated end-to-end processes that safeguard data
privacy.
The cornerstone of the GDPR (namely potential fines of up to EUR 20m or 4% of a
company’s global annual turnover of the previous financial year, whichever is higher) is
what has brought the GDPR in the spotlight, even in legal jurisdictions where the GDPR is
not directly enforceable but indirectly applicable given that European jurisprudence has an
effect on strongly intertwined business models and co-dependent global supply chains. It
has, thus, far-reaching repercussions for international legal entities, including multi-
nationals operating simultaneously in various jurisdictions. The EU was given three years’
time to prepare for implementation. It was during this time period that data protection
impact assessments (EDPS, data protection impact assessments https://edps.europa.eu/
data-protection/notre-r%C3%B4le-en-tant-que-contr%C3%B4leur/data-protection-impact-
assessment-dpia_en) were conducted and personal data processes isolated from operational
processes to facilitate the management and deletion of personal data in a timely manner.
Data Protection Officers (DPOs) were nominated during this time, and data protection
authorities in many European countries reinforced their presence.
Despite the preparatory phase, the wrath of the GDPR came unexpectedly for those firms
that struggled with the implementation, while others decided to take chances. The fines
imposed in the last year speak for themselves; the legislators enforcing the GDPR are
making its effects painfully noticeable (see GDPR Enforcement Tracker, available at: www.
enforcementtracker.com).
The recent fine imposed on British Airways highlights the need for databases and
corporate IT security, which safeguard personal data from hackings and data loss (Conboye,
2019). Shortcomings can evidently result in costly fines, especially in an environment of
heightened and sophisticated cyber threats. It is becoming increasingly obvious that Code of ethics
information privacy compliance is here to stay.
Questions on ethics seem to be spreading into all activities, from green and clean-the-
oceans actions to the rethinking of wealth distribution, on the one hand. On the other hand,
specialised legislation is taking shape and being drafted as digital risks and illegal content
on online platforms increases. Examples of new legislation tackling such latter topics are the
UK’s white paper on Online Harms and the EU’s Digital Services Act (see EU, available at:
www.gov.uk/government/consultations/online-harms-white-paper). Hence, algorithms could
403
soon be subject to regulatory scrutiny.

Risks, rights and roles in support of ethics-by-decision

As we adapt to our technical environment, we can also protect ourselves from technological
and data risks in three fields (Kizza, 2016):
(1) Technical by making use of encryption (to limit PII in application design), avoiding
public Wi-Fi (such as London Underground’s free Wi-Fi) and becoming aware of
website cookie policies. Indeed, the enforcement of the GDPR has made cookie
policies more visible on a majority of websites, making consent an integral part of
privacy assurance. Ethics-by-decision is becoming aware of phishing, spamming,
web security, home computer security and limiting PII only to the necessary for a
given transaction. Encryption, such as pretty good privacy, protects personal data
from state surveillance (Snowdon, 2019);
(2) Contractual to protect intellectual property rights (IPRs); and
(3) Legal as the enactment and enforcement of legislation protects citizens’ rights.

Creating healthy rather than detrimental habits can contribute to our digital hygiene and
therefore provide digital health. Smart devices such as the BlackBerry (also termed the
“crackberry” for the impact it has had on partnerships) have made employees available 24/7.
Thereby, constant engagement with devices is producing sleep deprivation and a lack of
work-life-sleep balance. It should be considered unethical behaviour for employers to expect
or force employees to be on call outside of working hours. To this end, the EU has enacted
legislation defining the working week, the number of overtime hours allowed and the breaks
needed (see Your Europe, available at: https://europa.eu/youreurope/business/human-
resources/working-hours-holiday- leave/working-hours/index_en.htm). Aiming to protect
workers’ health and safety, minimum standards for working hours are now applicable
throughout the EU. The Working Time Directive focuses on the right to fair working
conditions and draws on the European Pillar of Social Rights and the Charter of
Fundamental Rights of the EU, which involves fairness, justice, respect for workers’ health,
safety and dignity.
Becoming informed and knowing one’s rights is also a means of risk mitigation. Some
broad principles can deliver sizeable returns on investment. Community libraries are
inspirational sources of up-to-date knowledge and advice. Furthermore, their services really
are free of charge. The catch of the digital age are free services, hence what is not paid for in
fees is paid for with personal data. Undoubtedly, this scenario is a win-win scenario for data
miners over consumers. By applying controls, paid services oblige the consenting parties to
the terms of a legally binding agreement and, accordingly, a legal basis applies.
As already alluded to, it is also a personal choice whether technology is used for a
benevolent or malevolent purpose. There are evidenced-based examples that some
enterprises are becoming more sensitive to public opinion. If these firms feel that profits will
RMJ diminish as public outcry increases or as their customer base abandons their services,
30,3 policies and policy decisions are sometimes changed, even reversed or abandoned. A case in
point was demonstrated when Microsoft removed the MS Celeb (the world’s largest publicly
available facial recognition database) from the internet because of privacy concerns; the
associated individuals had never given their consent for the facial images stored (Nuttall,
2019). Hence companies are being forced to rethink their strategies to adjust to public
404 perceptions and retain customer trust. For Microsoft, subsequently, user awareness is
resulting in a user behaviour that favours control over personal choices and personal data.
Also, company reputations are taking a foothold in the privacy sphere, and, in turn,
customers are starting to make decisions based on this branding.
Definition of staff roles are important for a company or institution to meet its
obligations. In a corporate environment, data subjects have recourse to a DPO, who can
provide advice on fit-for-purpose processing operations and many other privacy issues.
Such advice can be essential to perform as a data controller (EDPS, https://edps.europa.eu/
data-protection/data-protection/glossary/d_en), who, as initiator of an activity, is
responsible for specific operations that process personal data. In the event of legal defence, it
is therefore imperative that a data breach is associated with a data controller and not the
DPO of the organisation. Thus, the role of data controller is essential to protect personal
data. Personal data processes can be complex, particularly if multiple data sources, devices
and data collectors are involved; complexity is added if any of these operate outside of the
GDPR remit.
The role of Chief Ethical Officer (CEO) is becoming more prominent in European
institutions and committee task forces to establish and maintain ethical standards across
networks of institutions. The CEO oversees a group of Ethical Officers, who embed the
related ethical code and values into the culture and processes of an organisation to ensure
“ethics by design” compliance. Small institutions might favour an Ethics Officer who is
supported by a network of Ethical Ambassadors, who assume the responsibilities of an
Ethical Officer in addition to their main tasks. The same can be said of the Chief Compliance
Officer (CCO) vis-à-vis the role of the Compliance Officer and Compliance Ambassadors
respectively.
A less known international role is that of the AI Ethics Adviser and UN Young Leader, so
the United Nations has already recognised the importance of both AI and ethics at a global
level (AI Ethics Adviser and UN Young Leader of the United Nations, 2019, www.un.org/en/
ethics/). Indeed, many IT start-ups are founded by young scientists and leaders nowadays.
Significant is also the role of the whistleblower, when the ethical standards established and
generally accepted within an organisation go against the principles of human dignity and
respect. To make it meaningful, this role is afforded legal protection (Whistleblower
legislation in the EU and UK, https://whistleblowerprotection.eu and www.gov.uk/
whistleblowing).
The role that parenting and education plays is not one that grabs the headlines, but some
parents have noticed the addictive effects of certain video games and social media on their
children. This has led to the term addictive technology, although addictive technology is
officially contested given a lack of empirical evidence. Nonetheless, the Japanese now have a
word for people obsessed with video games and anime (i.e. “otaku”), and some claim to even
be married to their anime character (BBC, 2019a).

Technologies that are shaping our future

Looking back in history, to the period of the Industrial Revolution, the steam engine ushered
in far-reaching societal change, such as job creation that led to a surge in the middle class,
working women and a concentration of people in the metropolis. The Internet Revolution is Code of ethics
characterised by the worldwide infiltration of digital technology. Particularly, the Internet of
Things (IoT) is influencing global societies (Sadiku, 2019). By linking objects in the real
world with objects in the virtual world, the IoT connects anything at anytime and anywhere.
It is all-encompassing, from home to office and factory environments. By connecting all
devices, the IoT is also the next phase in the Internet Evolution (Sadiku, 2019). The IoT can
hence be defined as a global network infrastructure of interconnected devices (Sadiku, 2019).
In short, datasets and IoT-enabled technologies are combining with mind-sets to generate
405
digital innovation on an unprecedented scale.
The spectrum of IoT technologies includes radio frequency identification, cloud
computing, social networks, Wi-Fi and 1G to 5G (G = generation) wireless
telecommunication networks (Sadiku, 2019). The high impact that IoT technologies can
have on all aspects of life has galvanised governments (particularly of the USA, the UK,
China and India) into applying such technology to every industry sector, i.e. transport,
agriculture, health care, power grids, etc. (Sadiku, 2019). At the cross-roads of digital
technology and digital innovation is a surge of smart technologies, which will add the prefix
“smart” to all industrial sectors. Smart living aims to provide a better quality of life that is
also fair and equitable (Sadiku, 2019).
In the face of such powerful technology and overpowering global companies, it seems
that while we have rights, people also easily adapt to their environments and circumstances.
Design trends have ethical implications, hence the importance of ethics by decision and
ethics by design to be applied at the start of any new concept, that is, during the pre-design
phase. The software may provide benefits, yet, at what cost? Ethical principles, evidence
and transparency are important aspects required to build trust. The ease of use of many of
today’s IT tools and applications can have us selling our rights, our data, our privacy, even
our identities, without our awareness or consent. Global tech corporations have made the
weaknesses of human psychology and emotions a critical factor of their success.

How blockchain is chronicling provenance in the art world

Blockchain technology is based on a distributed ledger technology, so it is not part of the
technologies covered under the IoT. Until recently, it has been used primarily for the trading
of cryptocurrencies, such as Bitcoin.
Blockchain provides a work of art the inalterable documented evidence that determines
its current market value, these are:
 provenance;
 authentication; and
 proof of ownership.

Provenance (https://en.wikipedia.org/wiki/Provenance) is the documented chronology of

ownership or ownership history of a certain work of art. Authentication is the proof that the
painting is what the titleholder or owner purports it to be, that is, if it is real or a good copy;
certificates of authenticity are often used to verify authenticity. Proof of ownership (https://info.
courthousedirect.com/blog/everything-you-need-to-know-about-proof-of-ownership) traces the
owners, one after the other, as the piece changes hands; a note indicating proof of purchase
is also made to determine the financial value in a lineal sequence of time. The reason why it has
caught the interest of the art world lies in its ability to replicate updates via nodes or devices
that operate through a peer-to-peer network; hence a single authoritative database does not
exist. When a ledger update occurs, the respective node builds the transaction and then all
RMJ nodes vote via a consensus algorithm to determine the correct copy. Once a consensus is
30,3 reached, all the other ledgers update themselves with the new and correct copy of the ledger. A
secure environment of cryptographic keys and signatures ensures a high standard of
cybersecurity that cannot be altered or tampered with, so the integrity of the ledger remains
undisputed at all times (Blockchain, Wikipedia, 2020: https://en.wikipedia.org/wiki/Blockchain
Only when these three qualities are proven through recorded evidence is the rightful
406 owner allowed to be remunerated as the titleholder to the IPRs, and therefore to any print or
digital editions that are made therefrom. This is the reason why blockchain is becoming so
popular with young artists who want to secure their IPRs and therefore their royalties and
remuneration by the time their artistic contribution to the world of art is appreciated. In
short, it allows artists to exercise their moral rights (https://en.wikipedia.org/wiki/
Moral_rights) as creators of their work. In the future, it will also support the work of auction
houses, such as Sotherby’s, to determine the provenance and art valuation of an art object
before a transfer of ownership can take place.

Fifth generation mobile communication technology

The fifth generation (5G) of upcoming wireless technology networks enables devices to send
and receive data at speeds ranging from 10 to 100 times faster than before, allowing for
download speeds that can reach 10 gigabits per second. 5G is predicted to enable new
technologies that will impact public and private sector operations. Early initiators of the
technology expect immense profits, job creation and technological innovation, and they will
set the standards for later adopters, as devices and trends extend worldwide.
As with AI, both China and the USA consider 5G an essential part of world tech
dominance, therefore, both strive to set 5G industry standards that define the digital
economy. Paradoxically, real success lies in the exploitation of big data via 5G technology.
The dependencies of supply chains between the two countries, and thus the potential for
spyware on 5G hardware and software, are raising national security concerns. In early 2020,
revelations pertaining to the Swiss company Crypto AG are of a similar nature (https://en.
wikipedia.org/wiki/Crypto_AG), USA and (West) German secret services allegedly
compromised the encryption machines produced), so market players are already distrustful.
Undoubtedly, 5G will continue to foster the IoT (Sadiku, 2019), thereby inherently
expanding the potential for digital risk and cyber threats. It is therefore already
questionable whether 5G technology can deliver a culture of ethical excellence in its stride.

Humans and artificial intelligence: a duel of power

There are assembly lines that use AI and robotics to aid human intervention. As a result,
humans are working side-by-side with robots (BMW X2 (2018) production line, www.
youtube.com/watch?v=pGqPjYALB50). While the same car manufacturer might also rely
on assembly lines fully automated by algorithmic robotics (BMW X7 and 5-series (2019)
assembly line, www.youtube.com/watch?v=P7fi4hP_y80), where humans direct the robots
and only conduct some finishing touches on the end product.
AI is permeating and determining many aspects of social life, whether we realise it or not.
From the drones with cameras that give us spectacular panoramic views of otherwise
unreachable corners of our planet to the drones used for warfare. From the job applications
that are vetted by AI algorithms and generate an invitation to a job interview within
seconds to the customer service robot called Pepper that might greet you when entering the
Mandarin Oriental Hotel in Las Vegas, USA (www.youtube.com/watch?v= 45fSFR7Xk8).
Both work and leisure experiences are being formed around AI and changing the world
with it.
 As of 2018, the online retailer, Amazon, started to open the first Amazon Go stores (www. Code of ethics
amazon.com/b?node=16008589011) in the USA to create a grab-and-go shopping experience
that saves time as invoicing is digitalised and time is not wasted by standing in checkout
lines. As then Amazon has announced the opening of further stores in the USA – the
investment Amazon has made in algorithmic technology to make this user experience a
reality is obviously paying off.
However, the turning point in the development of global technological intelligence is
perhaps attributable to another type of Go experience: that of the long-revered Chinese 407
board game known as Go. With a continuous history spanning more than 2000 years, Go is
more than a game in China; becoming a Go champion is the ultimate proof of dexterity and
proficiency. In March 2016, Google’s gaming programme AlphaGo was tested in a recorded
game against a Go master (BBC, 2019b). The Go master held the upper hand until AI
demonstrated that the balance of power had finally shifted. This event seems to have also
been a turning point for the Chinese people, as their AI prowess appears to have taken off
since then. It was probably the decisive test between man and machine that would leave the
world forever changed, as China realised the time had come to create a new world order.

Two nations and one artificial intelligence race

As mentioned, technology can act as a positive or negative force, and this is particularly true
of AI. As humanity plans for the intended use of achieving excellence on a global scale in the
economy, education, health services, to name just a few, humankind cannot afford to lose
sight of unintended misuse (Webb, 2019). If unintended misuse becomes the default solution,
humans could face a future beyond our imagination in a negative sense, instead of breathing
life into a positive vision of the future.
It is unlikely to have occurred to anyone 25 years ago, when Amazon was founded, that
today we would be asking Alexa (Amazon’s e-personal assistant) to carry out commands for
us. We convince ourselves that Alexa’s programming limits the ability of a machine to think
as a human. What we are less aware of are the invisible ways that data, in many occasions
personal data, is being mined and linked, to the point that we lose sight of the extent to
which systems take decisions on our behalf, but without our consent.
Philosophical questions about what it means to be human have been posed (Webb, 2019).
The origins of robotics are attributed to a mechanical figure created by a Spanish
clockmaker in 1560. Queries probing reasoning have also arisen, such as, if humans are able
to reason and robots learn from humans, then surely a robot will eventually reason.
Naturally, those robots will also inherit the same prejudices their programmers possess. So
far, self-awareness, original thought and ethical thinking are some of the vital features that
distinguish humans from robots, but as AI develops, the gap might close faster than we
think. In only a few years, AlphaGo has already been replaced by AlphaGo Zero, which
teaches itself to make choices based on self-judgement. By enlarging the network with deep
neural networks and deep learning – and removing human constraints – Zero is free to
explore its own path of discovery. Thus, AI machines are already demonstrating that they
are capable of original thought, which by its nature is not reproducible (Webb, 2019). As we
have seen, an element of the EU’s AI Strategy on the ethical guidelines for trustworthy and
safe technology is that AI-based leading edge technologies must be reproducible. We can
only hope that AI’s thought processes respect worldwide ethical standards. The current
surge of geopolitical tensions might be concealing rival geotechnical supremacies, not just of
a disruptive nature, but of potentially devastating consequences for humankind.
As a force, AI is geographically emerging from two epicentres at present: the USA
and China. However, future progress is likely to be quite different in both of these
RMJ countries. In the USA, the dynamics of free-market capitalism are leaving ethical and
30,3 legal decision-making to the six tech giants, namely Google, Microsoft, Amazon,
Facebook, IBM and Apple (referred to as the G-Mafia by Amy Webb). Moreover,
consumerism can be demanding on innovation when consumers expect the newest
gadget to be even smarter than the last. Although these corporations intend to serve the
greater good, the commercialisation of innovation can be short-sighted and could result
408 in a short game. Instead, China is playing the long game, where state-owned enterprises
operate within a market economy, as is the case with the three Chinese tech giants,
Baidu, Alibaba and Tencent. This set-up is more conducive to adapting AI to
government plans, to create and develop an AI superpower that captures, processes and
analyses in a myriad of combinations every dataset generated by its vast population, in
support of machine technologies and intelligent control systems (Webb, 2019). After all,
the divide between everyday reality and virtual reality is disappearing faster in several
Eastern countries – including China – than in the West. Both China and the USA are
proving AI leadership, but it remains to be seen if one worldwide vision will surface as
the rest of the world is caught in the midst of the two largest world economies
competing for world dominance. As with the Industrial Revolution, probably only with
hindsight will we truly gain an understanding of the era we are presently experiencing.
The race is on, and it is the human race that is at stake.
Artificial intelligence is the future, not only for Russia, but for all humankind. It comes with
enormous opportunities, but also threats that are difficult to predict. Whoever becomes the leader
in this sphere will become the ruler of the world. – Vladimir Putin, President of the Russian
Federation (www.rt.com/news/401731-ai-rule-world-putin/)

Empowering people: the data labellers

Any information manager will argue that metadata is probably the most important
component of any structured data system. Therefore, it might not come as a surprise
that AI-based technologies require a lot of data tagging and data labelling behind the
scenes. For this purpose, data annotation vendors are emerging in India, Africa and in
fact globally: some are led by women, many have predominantly female workforces
from low-income rural communities. These companies are training thousands of people
to be data labellers, who in turn train computer vision algorithms used in augmented
reality systems required, for instance, in self-driving vehicles. More importantly, these
data annotators are part of ethical supply chains that are empowering communities, to
the extent that businesses that do not support ethical AI supply chains could be left
behind (Mugia, 2019). As the invisible process which embeds decision-making into
repeated technological operations, subsumption ethics (Gleason, 2006) is increasingly
in the hands of these data annotators, and the ethical codes and ethics of technology
their companies abide by.

Defining and establishing a code of ethics

An ethical framework for organisations and businesses must cover more than just
employee/employer/third-party relations, which are mainly the realm of business ethics.
Hence, it must go beyond Concepts and Principles, General Policies, Disclosure,
Employment of Industrial Relations, Environment, Combating Bribery, Consumer Interests,
Science and Technology, Competition, Taxation, accepting gifts, behaviour with
suppliers, etc.
 Personal data can be sent to any part of the world. Information which includes personal Code of ethics
data may be stored in the cloud. If the storage is subcontracted by the cloud provider – do
we still know where the data is stored, who has access and how secure it is? How can this be
monitored? If a company task is outsourced, customer personal data may be kept in several
global locations – is the customer aware? Is it sufficient to apply anonymisation? We face
more questions than answers.
Upon joining a company, all employees should be subject to induction programmes that
409
inform them of company policies and ethical values. Employees should be made aware of
the need to comply. Company policies should state expected behaviour and contracts should
be defined to make expectations clear for both parties. Employees and employers should
respect their agreement. Within the realms of the associated privacy legislation, the
monitoring of employee social media as a viable approach to avoiding damage to company
reputation is in fact becoming commonplace (Flynn, 2014).
Employers are responsible for the safety of their staff at work and for checking potential
employee participation in extremist groups, unethical activities, etc. which can save lives
and keep a certain level of respect amongst colleagues in a workspace, which may be shared
for decades. Technology changes, but dignity and respect toward fellow-human beings is a
constant. A good work climate enhances performance and output.
Establishing a code of ethics entails ten steps that should be followed in a sequential
order. The steps are repeated in the same sequence to create a lifecycle that preserves the
integrity of the code.
Code of ethics in 10 steps, based on our evaluation of best practices:
(1) Choose a high-level sponsor to promote the introduction of an ethics policy, and to
ensure company commitment and usefulness.
(2) Secure endorsement of the chairperson and the board is essential, as values and
ethics are part of governance.
(3) Communicate with employees to ascertain which ethical topics they need advice
on and to make ethics relevant to each and every staff member.
(4) Select a model that has proven its worth in practice. Use a framework that
addresses issues which impact the different constituents or shareholders of a
company. Generate discussions on ethics. Seek participation.
(5) Produce a company code of conduct. Define criteria for ethical decision-making, i.
e. an ethics-by-decision, include this in the ethics code and distribute it.
(6) Pilot and test the ethics code.
(7) Publish the ethics code to foster effective internal and external relations.
(8) Promote and establish the ethics code with the support of Ethics Officers/
Ambassadors. Ensure the e-version of the ethics code is continuously accessible
and updated going forward.
(9) Make it work – provide practical examples of the code in action, offer induction
and training courses, and ensure managers endorse the code.
(10) Establish a review and compliance mechanism. The feedback loop from Step 10
then feeds back into Step 1 again. At regular time intervals, the CEO should go
through the list and tick each box to create a lifecycle that keeps the code of ethics
up-to-date, endorsed by management, promoted by Ethics Officers/Ambassadors
and kept alive by every staff member of the organisation. Individual reputations
and the company brand can then stand strong in the face of adversity.
RMJ Constant changes in the external environment have an impact on an organisation and need
30,3 to be continuously assessed; stances of global organisations and ethical threats should also
be considered on an ongoing basis. A case in point is the sale of the .org (https://en.
wikipedia.org/wiki/.org) internet domain registry (used by many non-profit groups as a
symbol of strong ethics branding and owned by Internet Society, a United States non-profit
group) to Ethos Capital (a private equity firm) for financial returns. Therefore, the purpose
410 of this domain has changed and users called on ICANN (www.icann.org/, the authority that
ensures the smooth functioning of internet addressing) to halt the sale. This transaction
proves that internet domains are sellable assets, but the ethical issues are potentially huge.
Similarly, as companies may select compliant software, the principles may change overnight
when the firm is sold, thus monitoring of contractual changes becomes a challenge.
Additionally, cyber insurance (https://en.wikipedia.org/wiki/Cyber_insurance) is a growing
part of the insurance industry that no longer just covers business continuity and e-
commerce but also data breach risk, and, interestingly, also the fines imposed because of
GDPR-related data breaches. Cyber insurance policies not only offer compensation after an
interruption of services but also provide practical help, such as forensic investigations, to
find the root cause of the disruption and offer solutions, public relations experts to mitigate
reputational damage and expert negotiators in the event that ransoms are demanded. So,
companies are relying ever more on insurance cover. In both scenarios, the ethical
parameters set at the start (the .org case) or an ethical norm established over time by an
organisation (and safeguarded with legally binding contracts or insurance) are threatened
by a changing environment that revolves around technological disruption as a result of
shifting loyalties and financial gain.

Conclusion
Several aspects of ethics in relation to current and upcoming new technologies have been
discussed. The rapid increase in devices, the speed of transmission, interconnectivity,
intelligence and our dependence on technology, call for clear rules that establish ethical
behaviour and generate transparency and trust. Technology is becoming life-infiltrating,
perseverant, ever-present. How does it affect our physical health, our mental health, our
social relationships and our conscience? How can we deal with the exposure of our privacy?
How does technology impact the environment, e-waste, relationships between nations and
the demand for raw materials? Which common values can we agree on across the planet?
We face the challenge of global governance.
Even political change may be more rapid than before and more difficult to control. With
more devices, more data, more exchanges, the possibilities are innumerable. Can we attain
agreement on respect, privacy and human rights and build these into all technology? What
would the sanctions be for non-compliance? Perhaps we have to consider, more than ever,
what sort of a world we are creating, where it is going and how it should be. How can we
make it more human, more nature-friendly, better for our health and well-being – for us and
for our planet? We are the people who decide. We form our future. But we can only do this if
we have defined our ethics, our ethics-by-decision, ethics-by-design or an ethics-by-debate
before and after design.
This paper has addressed many ethical issues for the individual, the organisation, technology,
for national and global aspects. Generally, global governance includes rules, processes and
behaviour that affect the way in which powers are exercised, especially openness, accountability
and participation (Kizza, 2016). With our data captured and shared, how can we assert our
freedom if we do not know which data is captured, who does what with it, and if we do not know
who knows what about us? Perhaps we need to spend less time on devices for a moment and
consider the future we want to create, instead of letting technology and key players determine our Code of ethics
future. We need to ask more questions and not merely click the consent buttons. Maybe we will
be forced to speak once the repression is too intense, maybe then we will start to seek new
possibilities. Will we still exist as individuals if we are just part of endless chains of data, without
any privacy, one data mass, and no longer private persons? If it is not too late, only a fundamental
encounter will force us to rethink (Deleuze, 2007).
411
References
AI Ethics Adviser and UN Young Leader of the United Nations (2019), available at: www.un.org/en/
ethics/ (accessed 5 July 2019).
London Business School (2020), “Algorithmic ethics”, available at: www.london.edu/lbsr/algorithmic-
ethics-lessons-and-limitations-for-business-leaders) (accessed 1 July 2019).
Amazon Go available at: www.amazon.com/b?node=16008589011 (accessed 16 July 2019).
BBC (2019a), “Why I ‘married’ an anime character”, British Broadcasting Corporation, 17 August 2019,
www.bbc.com/news/stories-49343280 (accessed 18 August 2019).
BBC (2019b), “Artificial intelligence: go master Lee Se-dol wins against AlphaGo program”, British
Broadcasting Corporation, 13 March 2019, available at: www.bbc.com/news/technology-
35797102 (accessed 27 July 2019).
Blockchain, Wikipedia (2020), available at: https://en.wikipedia.org/wiki/Blockchain (accessed 18 July 2019).
BMW X2 (2018), “Production line”, Bayerische Motoren Werke, YouTube, available at: www.youtube.
com/watch?v=pGqPjYALB50 (accessed 27 July).
BMW X7 and 5-series (2019), “Assembly line”, Bayerische Motoren Werke, YouTube, available at:
www.youtube.com/watch?v=P7fi4hP_y80 (accessed 27 July).
Bradford, A. (2020), The Brussels Effect – How the European Union Rules the World, OUP.
Conboye, J. (2019), “British Airways hit with record £183m fine for data breach”, Financial Times
Europe, 8 July 2019, available at: www.ft.com/content/197a6758-a148-11e9-a282-2df48f366f7d
(accessed 15 July 2019).
Crane, A. and Matthen, D. (2007), Business Ethics – Managing Corporate Citizenship and Sustainability
in the Age of Globalization, 2nd ed, Oxford University Press, New York, NY.
De Broglie, C. (2016), “We need to talk about digital ethics”, Charlotte de Broglie at OECD Forum 2016, available
at: https://ww.oecd.org/fr/science/we-need-to-talk-about-digital-ethics.htm (accessed 23 July 2019).
Deleuze, G. (2007), Difference and Repetition, Bloomsbury Academic, London.
EGE (2019), “European group on ethics in science and new technologies”, European Commission,
available at: https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-ai
(accessed 30 May 2019).
Einstein, A. (2020), “Good reads quotes”, available at: www.goodreads.com/quotes/8144295-the-world-
will-not-be-destroyed-by-those-who-do (accessed 30 June 2019).
European Commission (2019), “Ethics guidelines for trustworthy artificial intelligence”, available at:
https://ec.europa.eu/knowledge4policy/publication/ethics-guidelines-trustworthy-ai_en (accessed
30 June 2019).
Flynn, N. (2014), “Should companies monitor their employees’ social media?”, Wall Street Journal, 22
October 2014, available at: www.wsj.com/articles/should-companies-monitor-their-employees-
social-media-1399648685 (accessed 12 April 2016).
Ghillyer, A. (2012), Business Ethics Now, 3rd ed, McGraw-Hill, New York, NY.
Gleason, D.H. (2006), “Embedded ethics: how to build better IT mousetraps”, Handbook of Business
Strategy, Vol. 7 No. 1, pp. 325-329, available at: www.emerald.com/insight/content/doi/10.1108/
10775730610619016/full/html (accessed 30 April 2019).
RMJ Kizza, J.M. (2016), Ethics and Secure Computing: A Concise Module (Undergraduate Topics in Computer
Science), 1st ed, Springer International Publishing, Switzerland.
30,3
Nuttall, C. (2019), “Microsoft pulls faces database”, Financial Times Europe, 6 June 2019,
available at: www.ft.com/content/6ba46784-8890-11e9-97ea-05ac2431f453 (accessed 25
June 2019).
Renucci, J.F. (2005), Introduction to the European Convention of Human Rights. The rights guaranteed
and the protection mechanism, Council of Europe Publishing, Strasbourg.
412
Sadiku, M.N.O. (2019), “Emerging internet-based technologies”, Internet of Things, pp. 1-7, Smart
Everything, p. 17, CRC Press, Boca Raton, FL.
Snowdon, E. (2019), Permanent Record, Main Market edition, Macmillan.
Webb, A. (2019), “The big nine”, Before it’s too late, pages 1-10; Mind and Machine: A Very Brief
History of AI, Hachette Book Group, New York, NY, pp. 45-49.

Further reading
.org “Wikipedia”, available at: https://en.wikipedia.org/wiki/.org (accessed 25 February 2020).
Al-Rodhan, N. (2015), “The many ethical implications of emerging technologies”, Scientific American,
13 March 2015, available at: www.scientificamerican.com/article/the-many-ethical-implications-
of-emerging-technologies/ (accessed 10 April 2016).
Business Ethics Briefing (2018), “Institute of business ethics”, Issue 62, pp. 1-12, available at: www.ibe.
org.uk/userassets/briefings/ibe_briefing_62_beyond_law_ethical_culture_and_gdpr.pdf (accessed
6 May 2019).
Cavoukian, A. “Wikipedia”, available at: https://en.wikipedia.org/wiki/Ann_Cavoukian (accessed 1
March 2020).
Charter of Fundamental Rights of the European Union (2000), “Official journal of the European
communities”, 2000/C/364/01, available at: www.europarl.europa.eu/charter/pdf/text_en.pdf
(accessed 6 July 2019).
Cheng, F. (2006), The Way of Beauty, Simon and Schuster, New York, NY.
Crypto AG “Wikipedia”, available at: https://en.wikipedia.org/wiki/Crypto_AG (accessed 1 February
2020).
Cyber insurance “Wikipedia”, available at: https://en.wikipedia.org/wiki/Cyber_insurance (accessed 15
August 2019).
ECHR “European Convention of Human Rights”, available at: www.echr.coe.int/Documents/
Convention_ENG.pdf, (accessed 10 February 2020).
EDPS (European Data Protection Supervisor) (2019), “Glossary of data protection terms”,
available at: https://edps.europa.eu/data-protection/data-protection/glossary_en (accessed
12 August 2019).
EDPS (European Data Protection Supervisor) (2019), “The history of the general data protection
regulation”, available at: https://edps.europa.eu/data-protection/data-protection/legislation/
history-general-data-protection-regulation.en (accessed 22 November 2019).
EDPS Glossary available at: https://edps.europa.eu/data-protection/data-protection/glossary/d_en
(accessed 23 February 2020).
EI (Ethical Intelligence) (2019), “Ethical intelligence for environment, social and governance
investment”, available at: www.ethical-intelligence.com/ (accessed 18 July 2019).
Ethics “Merriam-Webster dictionary”, available at: www.merriam-webster.com/dictionary/ethic
(accessed 15 June 2019).
Ethics and Data Protection (2018), “European commission”, available at:https://ec.europa.eu/research/
participants/data/ref/h2020/grants_manual/hi/ethics/h2020_hi_ethics-data-protection_en.pdf
(accessed 2 May 2019).
EU Digital Services Act (2019), “European Union”, available at:https://euinternetpolicy.wordpress.com/ Code of ethics
2019/07/30/the-eu-digital-services-act-what-it-is-and-why-it-shouldnt-happen/ (accessed 2
August 2019).
European Union (2019), “Online harms and the EU’s digital services act”, available at: www.gov.uk/
government/consultations/online-harms-white-paper (accessed 16 April 2020).
GDPR “General data protection regulation – regulation (EU) 2016/679 of the European Parliament and
of the council of 27 April 2016 on the protection of natural persons with regard t0 the processing
of personal data and on the free movement of such data, and repealing directive 95/46/EC”, 413
available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&
from=EN (accessed 6 July 2019).
GDPR Enforcement Tracker available at: www.enforcementtracker.com (23 February 2020).
Hill, B. (2016), “The advantages of ethical behavior in business”, Small Business, available at: https://
smallbusiness.chron.com/advantages-ethical-behavior-business-21067.html (accessed 16 April
2016).
ICANN “Internet corporation for assigned names and numbers”, available at: www.icann.org/
(accessed 13 February 2020).
IEEE “Code of ethics”, Institute of Electrical and Electronic Engineers, available at: www.ieee.org/
about/corporate/governance/p7-8.html (accessed 28 July 2019).
Information ethics “Wikipedia”, available at: https://en.wikipedia.org/wiki/Information_ethics
(accessed 9 July 2019).
Medin, M. and Louie, G. (2019), “The 5G ecosystem: risks and opportunities for department of defence,
defence innovation board”, US Department of Defence, 3 April 2019, available at: https://media.
defense.gov/2019/Apr/03/2002109302/ 1/ 1/0/DIB_5G_STUDY_04.03.19.PDF (accessed 25
April 2019).
Moral rights “Wikipedia”, available at: https://en.wikipedia.org/wiki/Moral_rights (accessed 19 May
2019).
Murgia, M. (2019), “AI’s new workforce: the data-labelling industry spreads globally”, Financial Times
Europe, 25 July 2019, available at: www.ft.com/content/56dde36c-aa40-11e9-984c-fac8325aaa04
(accessed 5 August 2019).
Newton, L., Englehardt, E. and Pritchard, M. (2012), Taking Sides: Clashing views in Business Ethics and
Society, 12th ed., McGraw-Hill, New York, NY.
Oxford Internet Institute “Digital ethics”, available at: www.oii.ox.ac.uk/research/diigital-ethics-lab/
(accessed 1 July 2019).
Pidd, H. (2014), “Social media monitoring by employers predicted to rise”, The Guardian, available at:
www.theguardian.com/money/2014/aug/18/social-media-monitoring-employers-rise-pwc (accessed
12 April 2016).
Privacy by design “Wikipedia”, available at: https://en.wikipedia.org/wiki/Privacy_by_design
(accessed 1 March 2020).
Proof of Ownership “Court House Direct”, available at: https://info.courthousedirect.com/blog/
everything-you-need-to-know-about-proof-of- ownership (accessed 23 July).
Provenance “Wikipedia”, available at: https://en.wikipedia.org/wiki/Provenance (accessed 20 July 2019).
Putin, V. “Quote in September 2017”, RT Question More, available at: www.rt.com/news/401731-ai-rule-
world-putin/ (accessed 15 June 2019).
Ram, A. (2019), “Google to set up German team to tackle privacy and safety issues”, Financial Times
Europe, 14 May 2019, available at: www.ft.com/content/9e236e3c-7619-11e9-be7d-6d846537acab
(accessed 15 May 2019).
UNESCO “United Nations educational, scientific and cultural organization”, available at: https://en.
unesco.org/ (accessed 10 March 2020).
RMJ Universal Declaration of Human Rights “Wikipedia”, available at: https://en.wikipedia.org/wiki/
Universal_Declaration_of_Human_Rights (accessed 4 March 2020).
30,3
Van den Hovea, S., Le Menestrelb, M. and De Bettigniesc, H. (2002), “The oil industry and climate
change: strategies and ethical dilemmas”, Science Direct, Vol. 2 No. 1, pp. 3-18, available at:
www.sciencedirect.com/science/article/abs/pii/S1469306202000086 (accessed 15 April 2016)
Whistleblower, EU legislation (2019), “European Union”, available at: https://whistleblowerprotection.
eu (accessed 10 July 2019).
414
Whistleblower, UK legislation (2019), “Government of the United Kingdom”, available at: www.gov.uk/
whistleblowing (accessed 10 July 2019).
Woiceshyn, J. (2012), “How to be profitable and moral: ethics of energy”, Profitable and Moral, available
at: https://profitableandmoral.com/ethics-of-energy/ (accessed 15 April 2016).
Your Europe, European Union – Working hours (2019), “European Commission”, available at: https://
europa.eu/youreurope/business/human-resources/working-hours-holiday-leave/working-hours/
index_en.htm (accessed 25 July 2019).
YouTube. “Pepper at the Mandarin Oriental Hotel in Las Vegas/USA”, available at: www.youtube.com/
watch?v= 45fSFR7Xk8 (accessed 29 July 2019).

About the authors

Bernice Ibiricu is an Information Management Specialist at the European Central Bank (ECB). With
linguistic and administrative qualifications from the University of Sheffield and work experience in
Sheffield’s engineering and steel industry, she took up the challenge of becoming part of a pioneering
team of staff which established the European Monetary Institute, the forerunner of the ECB. After 10
years as an administrative professional, she was recruited in 2005 as one of the ECB’s first Records
Management Specialists. She holds BSc (Hons) in Records and Information Management from
Northumbria University. She was also a recipient of the Records Management Team Award in 2008,
awarded by the Information and Records Management Society (UK). In recent years, she has
specialised in data protection. Prior to May 2018, she actively participated in GDPR implementation
at the Central Bank of Ireland. Bernice Ibiricu is the corrosponding author and can be contacted at: e-
motion@hushmail.com
Marja Leena van der Made is the Data Protection Officer of the European Space Agency. She has
previously held positions in Information Technology, Information Management and Data Protection
at the Finnish National Bank, the European Central Bank and the HypoVereinsbank. She holds MBA
in Project Management from Aspen University, master’s degree in Business Analysis from the
University of Villanova, BSc (Hons) Information and Records Management from Northumbria
University, Honours in History of Art and was recipient of the Steiner Stiftung Award, the Pro
Exzellenzia Award, the UK Records Management Team Award and is currently completing PhD
with the focus on innovation. She is involved in working groups on new technology and data
protection, AI, Ethics, art authenticity and provenance.

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com
Reproduced with permission of copyright owner. Further
reproduction prohibited without permission.