Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights and in many other international and regional treaties. Privacy underpins human dignity and other key values such as freedom of association and freedom of speech. It has become one of the most important human rights issues of the modern age. And yet, for many, the GDPR is the beginning of privacy law as we know it. The most remarkable difference being the introduction of some really sizeable fines. So how does this affect the ethics of privacy?
Privacy is, in its nature, an element of compliance. Compliance with privacy laws and with the “intention” of privacy laws is how we show optimal data protection. When talking of compliance, I always say that “Compliance is not about just doing the right thing, but showing we are doing the right thing”. Compliance is only possible with accountability. No one ever challenges the concept that compliance is about doing the right thing. We should remodel our approach to privacy away from compliance with law, but towards the behaviour of doing the right thing. The GDPR helps us to show we are doing the right thing; it helps us to show our accountability, but it is not the reason privacy exists.
Why is this important for companies? Privacy is now a central element of business ethics. It forms part of the corporate approach to mitigating controversial subjects in order to gain public trust and support. No matter what industry, data is essential to the functioning of business. Without an ethical approach to treating data, it will not be entrusted to those who need it most to make business turn and of course, maintain reputation, help avoid significant financial and legal issues, and thus, ultimately benefit everyone involved.