This questionnaire is based on DataEthics.eu’s Principles of Data Ethics.
Human At The Centre
Is your data processing based on the fact that you borrow data from the users (not owner of their data)?
Do you ensure that the user’s rights are prioritised, rather than commercial or institutional interests?
Do you ensure that primarily users benefit from their own data – not just the organisation?
Do you use privacy-by-design principles, and can you describe them clearly and transparently?
Individual Data Control
Do you ensure that users’ data – as far as possible – is processed directly on the users’ own device(s)?
When the processing of data is necessary other than on the user’s own devices, such as your server or a cloud solution, is collected data not related to an identifiable person?
Do you use profiling?
If so, do you allow the user to influence and determine the values, rules and input that underlie the profiling?
Do you use data to predict individual-level behaviour or only patterns?
In which country is your data stored?
Where is the storage solutions provider headquartered?
Does the transmission of data go through countries outside of the EU?
Do you use machine learning / artificial intelligence?
If so, can you explain the algorithms – the criteria and parameters?
Do you use personal data to influence user behaviour?
Do you ensure that it is transparent when the use of personal data may influence a user’s behaviour?
Do you ensure that the design does not create addiction and thus influences the person’s self-determination and empowerment?
Can the technology be used to monitor a human throughout his life cycle?
Is data used exclusively for societal or research purposes?
Does data processing affect the individual’s reputation?
Is data used to consciously influence the individual’s future possibilities?
Do you operate with open source software, so others can use it and possibly develop it further?
When do you anonymise personal data?
Do you use end-to-end encryption of data?
Do you minimise the use of metadata and explain how it is done?
Do you use zero knowledge as a design principle?
Sales of Data
Do you sell data to third parties?
Do you sell data as personal identifiable data?
Do you sell data as patterns on an aggregated level?
If you sell data, are you making sure that it is fully anonymised information only describing patterns, not individuals?
Do you use third-party cookies?
Does this include SoMe (social media) cookies and SoMe logins?
Do you use Google Analytics or similar tracking tools?
If you use third-party cookies, are your users fully aware that your cookie use leads to sharing of data about your users with third parties and do they agree with it?
Do you enrich data with external data, such as social media data, bought data or web scraping?
Does this enrichment occur in response to, or in cooperation with, your users?
Do you have an individual or a department responsible for the ethical managing of data?
How is the work with data ethics embedded in the organisation?
How do you ensure that your data ethics guidelines are respected?
Can the processing of data be audited by an independent third party?
Do you require and control the data ethics of your subcontractors and partners?
Do you engage in dialogue with your users on a public platform?
Do you have guidelines for using the platform?
Do you moderate the platform in order to remove sensitive personal data?
If your services are offered to children, do you ensure parental consent?
Reuse of data
Is data used to develop or train an algorithm?
Do you ensure that the use of data does not lead to discrimination?
Do you ensure that the use of data does not expose the vulnerabilities of individuals?
Do you ensure that the use of artificial intelligence / machine learning is to the benefit of the individual?
And does not cause physical, psychological, social, or financial harm to the individual?
Sustainable and environmentally friendly AI
Did you establish mechanisms to measure the environmental impact of the AI system’s development, deployment, and use (for example the type of energy used by the data centres)?
Did you ensure measures to reduce the environmental impact of your AI system’s life cycle?
Did you assess whether the AI system encourages humans to develop attachment and empathy towards the system?
Did you ensure that the AI system clearly signals that its social interaction is simulated and that it has no capacities of “understanding” and “feeling”?
Did you ensure that the social impacts of the AI system are well understood?
For example, did you assess whether there is a risk of job loss or de-skilling of the workforce?
What steps have been taken to counteract such risks?
Society and democracy
Did you assess the broader societal impact of the AI system’s use beyond the individual (end-)user, such as potentially indirectly affected stakeholders?