Assessing the Privacy and Ethical Impacts of new technologies: the RAMSES project case study

With our experience in privacy and ethics, we support responsible innovation and the operationalisation of privacy and data protection in practice. A prime example of our work in this area is the use of a Privacy and Ethics Impact Assessment in the RAMSES project.

The RAMSES project

The RAMSES project is a collaboration of 11 partners which aims to design, develop and deploy law enforcement intelligence tools and a platform, which will support investigations and information-sharing regarding cybercrime across Europe. RAMSES is envisioned as a means of optimising and enhancing intelligence work by law enforcement agencies and will operate with data submitted by officers, as well as with information from the surface and dark web.

In the RAMSES project, Trilateral chose to apply an integrated and combined Privacy and Ethics Impact Assessment. Those are applied to the RAMSES system and tools as a sure way to achieve responsible use and innovation.

Like all tools that collect and process potentially personal data, RAMSES may interact with the rights and freedoms of individuals – in this case cybercrime victims, perpetrators or Internet users. The envisioned use of RAMSES as a law enforcement investigation tool for ransomware and banking Trojan horse infections required a methodical assurance of the project’s responsible innovation activities and the incorporation of privacy-by-design in the tools, integrating proportionality within the technology itself.

The Privacy and Ethics Impact Assessment was the tool of choice for these tasks.

RAMSES Privacy and Ethics Impact Assessment Methodology

Trilateral’s task began at the early stages of the tools’ conceptualisation and will continue throughout the partners’ design and development activities, as well as during the piloting of the RAMSES platform and tools. From day one, Trilateral became closely acquainted with the technology, its potential application and the role which data played therein. By taking an interdisciplinary approach, Trilateral highlighted privacy, data protection and ethical risks, the severity of their potential impact and proposed technical and operational means to mitigate them, effectively collaborating with the technical partners of the project.

RAMSES Privacy and Ethics Impact Assessment Results

The particular risks which Trilateral had to examine in RAMSES included the dangers related to algorithmic discrimination, lawful data processing, data minimisation, data accuracy, false positives and data security.Through a set of technical and operational measures, RAMSES has incorporated and continues to integrate safeguards for these risks within its structure.

By applying the Privacy and Ethics Impact Assessment, Trilateral seeks to support the RAMSES partners in developing a product which will be able to serve law enforcement and offer accurate intelligence to officers and investigators. Ultimately, it will help them identify criminal organisations and infectious campaigns of malware with minimum privacy interferences, personal data use and protected from ethical misconduct.

 

RAMSES

 

Trilateral Research’ interdisciplinary team is made of technology developers and social scientists with ethical, legal and social specialisms which can work across the technology-social disciplinary divide, designing bespoke sustainable technological solutions. We use this unique integrated approach when working both in research and in technological development more broadly.

A Privacy Impact Assessment (PIA) is a continuous process through which Trilateral:

  • studies a particular technology, product, service and/ or data processing activity;
  • identifies arising privacy and data protection concerns;
  • proposes technical and operational measures to mitigate such concerns in collaboration with designers and developers.

Why a Privacy Impact Assessment?

When applied from the start of the inception and conceptualisation of a product or service, a Privacy Impact Assessment can help integrate privacy requirements into the very design of a product. This contributes to responsible innovation and puts the principles of “privacy by design” and “privacy by default” – legal principles incorporated in the General Data Protection Regulation (GDPR) – into practice. The Privacy Impact Assessment service is, therefore, perfect for any technology development which will collect or process personal data or information regarding individuals.

Much like a Privacy Impact Assessment, an Ethics Impact Assessment (EIA):

  • studies a particular technology, product or service and/or data processing activity;
  • identifies risks and concerns;
  • proposes means to address and mitigate them.

In comparison to the Privacy Impact Assessment, the Ethics Impact Assessment’s scope is broader, examining ethical values and concepts, including privacy, non-discrimination, dignity, accountability and beneficence.

Why an Ethics Impact Assessment?

An Ethics Impact Assessment is intended to augment the positive impacts of the developed service or product and to minimise any negative externalities the use of the technology may have. It is appropriate to apply in cases where sensitive information will be used (e.g. information relating to health, ethnic and gender background, sexual orientation, religious or political beliefs) or where a product, service or technology are applied in a field of considerable importance to the life of an individual (e.g. law enforcement investigations, credit or loan rating, hiring decisions, educational assessments).

Contact our Team for more information on Privacy and Ethics Impact Assessments

Anna Donovan, Senior Research Analyst at Trilateral Research

Anna Donovan Research Analyst

 

Christina Hitrova, Research Analyst at Trilateral Research