Data analytics Giving values a voice Ellis Parry joined the Information Commissioners Office (ICO) as its first data ethics adviser at the end of 2019. Impact caught up with him to discuss how organisations can build a more ethical approach to data What are your responsibilities, and what is the ICOs role in this space? My role is to articulate the interplay between the data protection principles over which the ICO has regulatory oversight and the emerging field of data ethics, and communicate and consult on those views, raising awareness and buy-in to the mutually reinforcing nature of the concepts underpinning each discipline. The majority of people feel its important that companies use their data ethically, but few trust organisations to do this, according to Open Data Institute research. What needs to be done to build trust? The ICOs mission is to uphold information rights for the UK public in the digital age. The number one goal of the ICOs Information Rights Strategic Plan is to increase the publics trust and confidence in how personal data is used and made available, by creating a culture of transparency and accountability. What are the key ethical blind spots for businesses and organisations? These are quite context specific. Articulating their values, the principles that enable those values, and building those into their decision-making processes can help organisations identify and deal appropriately with the ethics raised by their proposed personal-data processing. What practical steps can companies take towards a more ethical approach to data? As part of establishing and building a culture of transparency, fairness and accountability, organisations should share their values and behaviours, and make suitably senior people 58 responsible for ensuring they are considered and subject to continuing review at the appropriate stages of their process-based governance frameworks. Are organisations too focused on consent at the expense of data ethics? Much has been said on the limitations of consent as a lawful processing ground, given the novel possibilities for processing personal data that technology is now making possible. I view robust, structured and recorded deliberations on the ethics of any given proposed processing as a tangible step towards organisations showing a culture of accountability. For public authorities, those deliberations could be made public private organisations should consider whether that level of transparency would be appropriate, too. How does data ethics overlap with data protection? Do organisations need to reframe how they think about data to place more focus on people? Many of the publicly available data ethics frameworks have a human-centric approach as their foundation. So we will be talking to stakeholders about what, in their view, is the intersection between the data protection