Share with your friends

The future of data ethics and regulation

The future of data ethics and regulation

Data is an asset and a liability – coupled with regulation, data ethics plays an increasingly important role in staying on the right side of the line

Mark Thompson

Global Privacy Lead

KPMG in the UK


Also on


Data is one of the most important assets for any organisation. It informs and thus allows organisations to evolve, innovate, grow and even save lives. But as well as being an asset, data can be a liability. Used inappropriately or in a non-compliant way, trust can very quickly be eroded, resulting in reputational damage and financial loss. Regulation only goes so far in keeping the balance right. Data ethics is the other key player. 

In the digital economy, companies know more about their customers than ever before. Manufacturers, retailers and platform companies are already unlocking the value of data by configuring quicker, easier, more personalized experiences to win, retain and build trust with customers. Yet this value will not endure if companies fail to understand what consumers think about their data, how it is used and who they should trust to protect it. 

Data ethics is increasingly being part of this conversation as the use of Artificial Intelligence (AI) and Machine Learning (ML) becomes increasingly widespread, if largely invisible, part of our lives. 

AI and ML are rapidly taking businesses and customers into new and unfamiliar territory. As individuals, we tend to react strongly, and emotionally, about how our data is used. But how we react can also vary hugely depending on our age, nationality and personal views. What one person considers ‘cool’, another may view as distinctly ‘creepy’.

To understand the ethical questions that can arise from the analysis of data, we only have to consider a hypothetical scenario from the life sciences sector. The pharmaceutical and healthcare industries are already shifting their business models towards more personalised, data driven and technologically enabled patient outcomes. The widespread adoption of personal fitness tracking devices raises some potential opportunities for innovation. But different people are likely to feel very differently about possible developments such as:

  • Receiving a monthly personalised report suggesting ways to develop a healthier lifestyle
  • Being offered a reduction in health insurance premiums if they follow the suggestions in the report
  • Having their performance shared with an employer hoping to improve workplace health

The impossibility of identifying a single agreed view of how data, particularly personal data, should be used from an ethical stance presents further challenges to organisations. How do you maintain trust and still innovate?

  • Transparency. Some customers will be happy for their data to be used if they receive specific benefits in return, but others will not. Transparency is therefore essential to ensuring that each customer understands the choices they have about the use of their data.
  • Communication. Following the letter of regulation is rarely a recipe for increasing transparency.  Instead of long, legalistic terms and conditions, many organisations could do a better job of keeping individuals informed about the use of their data in a clearer, simpler and more innovative way.
  • Culture. Data ethics needs to be embedded into every organisation’s culture. Every employee needs to understand the vital importance of safeguarding customer trust.  
  • Leadership. Establishing the necessary transparency, communication and culture depends on strong leadership.  Those at the top need to be evangelical in their support for ethical data use and set the tone – while ensuring this is backed up by robust day-to-day behaviour.
  • Don’t cross the line: Understand where an organisation stands on data ethics, articulating where the line is and your appetite for pushing the boundary into new innovative and clearly risky areas of data.  

It’s increasingly apparent that a clear stance on data ethics needs to form an integral part of every organisation’s risk appetite. That will require close cooperation between two very different groups – those charged with extracting the greatest value from data, and those responsible with ensuring that it’s not only used effectively but ethically too. Resolving these potential tensions and ensuring a consistent, organisation-wide approach to data ethics will be crucial to success. 

In short, regulation is far from being the only future restriction on companies’ use of data – even the Department for Culture, Media and Sport’s recent consultation on the Centre for Data Ethics and Innovation shows that the ‘future proof’ GDPR will not be the last word on the subject. In the long term, getting data ethics right will be just as important as rules and enforcement – and could pose more challenging dilemmas for those hoping to derive sustainable value from data.


To discuss the topic further, please contact: 

Mark Thompson - Global Privacy Lead

Francesca Bell - Senior Manager, Data Privacy 

© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today