06 Feb Assessing the Privacy and Ethical Impacts of new technologies: the RAMSES project case study
With expertise in privacy, data protection and ethics, Trilateral support responsible innovation and the operationalisation of privacy and data protection. A prime example of our work in this area is the use of a Privacy and Ethics Impact Assessment in the RAMSES project.
The RAMSES project
The RAMSES project is a collaboration between 11 European partners that will design, develop and deploy a law enforcement intelligence gathering platform, together with web crawler tools. The technology will support investigations and information-sharing regarding cybercrime across Europe, particularly banking Trojans and ransomware. RAMSES is envisioned as a means of optimising and enhancing intelligence work by law enforcement agencies and will operate with data collected from the surface and dark web.
In the RAMSES project, Trilateral chose to apply an integrated and combined Privacy and Ethics Impact Assessment as a way to achieve responsible use and innovation.
Like all tools that collect and process potentially personal data, RAMSES may interact with the rights and freedoms of individuals – in this case, cybercrime victims, perpetrators or other Internet users. The envisioned use of RAMSES as a law enforcement investigation tool for ransomware and banking Trojans requires a privacy-by-design approach during the technology development and a consideration of data ethics to create a proportionate tool for related law enforcement activities.
The Privacy and Ethics Impact Assessment was the tool of choice for these tasks.
RAMSES Privacy and Ethics Impact Assessment Methodology
Trilateral’s task began at the early stages of the technology’s conceptualisation and will continue throughout the partners’ design and development activities, as well as during the piloting of the RAMSES platform and tools. From day one, Trilateral became closely acquainted with the technology, its potential application and the role of personal data. By taking an interdisciplinary approach, Trilateral identified where privacy (including data protection) and ethical risks may arise, the severity of their potential impact, and subsequently proposed technical and operational means to mitigate them.
RAMSES Privacy and Ethics Impact Assessment Results
Some of the particular risks considered by Trilateral during our work on RAMSES includes the dangers related to algorithmic discrimination, lawful data processing, data minimisation, data accuracy, false positives and data security. Through a set of technical and organisational measures, RAMSES has incorporated and continues to integrate safeguards for these risks within the RAMSES technology.
By performing the Privacy and Ethics Impact Assessment, Trilateral supports the RAMSES partners in developing a product that will serve law enforcement by offering accurate intelligence to cybercrime units and investigators. Ultimately, it will help them identify criminal organisations and infectious campaigns of malware with minimum privacy interferences and personal data use.
Privacy Impact Assessment (PIA) is a continuous process through which Trilateral:
- studies a particular technology, product, service and/ or data processing activity;
- identifies arising privacy and data protection concerns;
- consults with external stakeholders;
- proposes technical and operational measures to mitigate such concerns in collaboration with designers and developers.
Why a Privacy Impact Assessment?
When performed from the outset of the development of technology, a Privacy Impact Assessment can help integrate privacy requirements into the very design of a product. This contributes to responsible innovation and puts the principles of “privacy by design” and “privacy by default” – legal principles incorporated in the General Data Protection Regulation (GDPR) – into practice. The Privacy Impact Assessment service is, therefore, perfect for any technology development which will collect or process personal data or information regarding individuals.
Much like a Privacy Impact Assessment, an Ethics Impact Assessment (EIA):
- studies a particular technology, product or service and/or data processing activity;
- identifies risks and concerns;
- proposes means to address and mitigate them.
In comparison to the Privacy Impact Assessment, the Ethics Impact Assessment’s scope is broader, examining ethical values and concepts, including non-discrimination, dignity, accountability, autonomy and equality.
Why an Ethics Impact Assessment?
An Ethics Impact Assessment is intended to augment the positive impacts of the developed service or product and to minimise any negative impacts the use of the technology may produce. It is appropriate to apply in cases where sensitive information will be used (e.g. information relating to health, ethnic and gender background, sexual orientation, religious or political beliefs) or where a product, service or technology are applied in a field of considerable importance to the life of an individual (e.g. law enforcement investigations, credit or loan rating, hiring decisions, educational assessments).
Trilateral Research’s interdisciplinary teamwork across the technology-social disciplinary divide. We use this unique integrated approach in our work when delivering services including Privacy and Ethics Impact Assessments.
Contact our Team for more information on Privacy and Ethics Impact Assessments
Anna Donovan, Senior Research Analyst at Trilateral Research