As part of the development of the toolkit, we’ve created a list of the areas we think organisations operating digital services should be focusing on.
1. Design services around people’s rights
Design services in a way that respects people’s rights and ensures people can easily exercise those rights.
2. Only collect data that is needed
Collect the minimum amount of data necessary to provide a service and avoid collecting data ‘just in case’. Only store data for as long as it’s needed to operate the service.
3. Understand the flow of data
Make sure the decision makers in the organisation know what data is collected and why. Also ensure they know what inferences are made from that data and what is passed to third parties.
4. Keep data safe
Build internal systems that make it possible to control and verify how data is being used and who can access it, so it’s easy to make sure data isn’t misused.
5. Make permissions and consent understandable
Write terms of service in plain English. Give people the time and context to make informed decisions by distributing consent and permissions throughout the service — all-or-nothing is not a true choice. Regularly test these with people to ensure they can be understood.
6. Be open about how data is used
Maintain a public record of changes to terms of service. Make it easy for people to understand what data is held about them and what happens to it. Ensure people can change their preferences or object if they disagree about how data will be used.
7. Explain automated decisions
Provide explanations about how automated decisions are made and make it easy for people to challenge those decisions. Explain what you’ve done to minimise bias.
8. Empower teams to focus on data ethics
Ensure the teams designing and operating services are empowered to make decisions about data ethics, and that they have the skills to understand the impact of their decisions on people’s lives.
Publicly explain how the service will keep the people who use it safe.
If you’ve got thoughts we’d love to hear from you — please write to us at firstname.lastname@example.org.