The rules

Organisations are required by to comply with the requirements as set out in the General Data Protection Regulations (GDPR). These include: - capturing or only using the minimum necessary data, if required - seeking consent, - being clear who it will be shared with, - when/if it will be deleted after a certain period of time Sometimes information is shared with the users permission, for example when setting up a social media account or when shopping online. Other times, information is collected about users without them knowing about it, for example when data is sent to credit reference agencies, information gathered from store loyalty cards or travel passes, google map location information, cookies and trackers. How important is it that the policies on data use are adequately explained and accessible to users?

Why the contribution is important

The Scottish Government has committed to engaging with citizens and public, private and third sector organisations and is interested to hear your thoughts on this topic.

by Sophie_ScotGov on December 08, 2020 at 08:50AM

Current Rating

Average rating: 5.0
Based on: 2 votes


  • Posted by Ingrid December 10, 2020 at 10:51

    This is absolutely critical - individual's must have total ownership of their data and the freedom to make choices about that data at any time during it's lifecycle - it must be clear to individual's the benefits of making choices and clarity around what dis-benefits will arise if they don't share openly - making this clear is needed to ensure ownership, this is the right thing to do, irrespective of legal obligation
  • Posted by s1701 December 12, 2020 at 18:42

    GDPR is a good starting point but isn't good enough. Data that is collected on individuals should not be permitted to leave the jurisdiction from where it was gathered, as states have dramatically different laws. Especially out with the EU, how safe harbor was used and failed. Also, people's data shouldn't be allowed to be sold without their consent. People's data should be controlled by the subject and not the collector.
  • Posted by Anthony December 14, 2020 at 14:33

    Robust data policies are crucial to protect user's data. However, equally important is the communication of this to the user. Often this is wrapped in legalise or technical language that becomes a barrier to the user truly understanding the worth of their data or what they are agreeing to. Fair and transparency use comes when we make it easy for users to make an informed choice by giving them clear information on what, why, how their information is gathered and used.
  • Posted by deafscotland December 15, 2020 at 16:29

    There should be an overarching strategy - Inclusive Communication (based on the Principles of Inclusive Communication which lays out how the digital ethics framework will work for everyone. There also needs to be a training programme attached so that everyone understands what the Inclusive Communication Strategy looks like. All polices on data must be clear, easy to understand, inclusive, accessible and transparent. Accountability needs to be built in as well as how companies will ensure transparency and accountability.
  • Posted by SOCITM December 16, 2020 at 17:50

    Socitm considers that Ethics and data protection in artificial intelligence is vital to rule formulation – we would commend the International Conference of Data Protection and Privacy Commissioners (declaration on ethics and data protection in artificial intelligence that outlines the following guiding principles, as its core values to preserve human rights in the development of AI and Data analytics: • AI and machine learning technologies should be designed, developed and used in respect of fundamental human rights and in accordance with the fairness principle. • Continued attention and vigilance, as well as accountability, for the potential effects and consequences of, artificial intelligence systems should be ensured. • AI systems transparency and intelligibility should be improved, with the objective of effective implementation. • As part of an overall “ethics by design” approach, artificial intelligence systems should be designed and developed responsibly, by applying the principles of privacy by default and privacy by design. • Empowerment of every individual should be promoted, and the exercise of individuals’ rights should be encouraged, as well as the creation of opportunities for public engagement. • Unlawful biases or discriminations that may result from the use of data in artificial intelligence should be reduced and mitigated. see more at
  • Posted by KirstenHunter December 18, 2020 at 09:46

    This is vital to enable individuals to have ownership and control over their own data. Explanations should be in accessible, clear language to empower individuals to make informed choices.
  • Posted by DonaldClark December 18, 2020 at 11:38

    GDPR is enough. We are already way behind the curve and an obsession (different from consideration) of ethics in technology, is wasted effort. Why? There's an army of people out therein academia and institutions doing ethics in tech. Huge amounts of duplication of effort. Scotland is too small to have any international impact leave it to the larger international groups such as the IEEE and EU.
Log in or register to add comments and rate ideas

Idea topics