Current practices for regulating the processing of personal data are oriented principally towards notions of governance, risk management, and regulatory compliance - based on data protection laws that have, in some jurisdictions, been in place for decades. Despite this framework, individuals are likely to encounter uses of their personal data which, while legal, may appear to lack fairness or legitimacy. Such uses may lead us to conclude that third parties are failing to take due account of our wishes and preferences. An organisation’s handling of personal data might fall short of our expectations in a number of ways, such as through over collection, insufficient care, unexpected or unwelcome use, or excessive sharing. For data controllers, greater focus on ethics (beyond legal compliance), might align them more closely with the expectations of their users and customers. Ethics has been core to the practice of medicine at least since the formulation of the Hippocratic oath , but the digital era introduces new risks which require ethical responses. Guidance for data controllers should be based on a clear understanding of digital privacy and its complexities, so that abstract notions of trust and ethics can be transformed into applicable principles and practical measures, while reflecting the diverse stakeholder motivations and interests. This article explores the trust-related factors and challenges that arise from the digital and online processing of personal data, particularly in the context of healthcare. The article proposes ethical principles, and approaches and resources for putting those principles into practice.
For the purposes of this paper, by “data controller” I mean an entity which collects and uses (personal) data in ways covered by data protection legislation; by “data subject” I mean an individual to whom personal data relates (I use “subject” in the grammatical sense, rather than in the sense of subordination to the data controller).