FACT CHECKED
The need to reimagine how business is handled is fuelling AI adoption efforts at modern enterprises.
Gains in productivity, decision-making, and automation have enabled systems capable of performing human-level functions. These systems learn from huge data pools accumulated over several decades of cross-industry tech innovations.
The rise of big data adoption raises serious ethical questions about how this data is collected, used, and protected. If not mitigated, the misuse of sensitive data containing personal or company information can have serious real-world impacts.
From user privacy breaches to attacks by threat actors, improper data ethics can quickly turn digital transformation into damage control.
This article will explore 5 data ethics examples enterprises can learn from to ensure their data projects are aligned with best practices for success.
1. Uber’s “God View” tool exposed rider data privacy
Uber faced backlash in 2014 for tracking riders through its ‘God View’ tool.
At an event hosted by the company’s former CEO, Travis Kalanick, guests viewed the live locations of passengers waiting for rides with blacked-out silhouettes of their profiles. Party-goers at another event were exposed to the real-time location and movement of up to 30 high-profile Uber users.
A former employee sued Uber, stating, “Uber’s lack of security regarding its customer data resulted in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.”
Uber reportedly let all employees access sensitive user and driver data without restrictions. This included ride details, usernames, payments, device types, and customer names and emails—some users didn’t know they were sharing this. Driver Social Security numbers were also stored without proper security.
These failures put both riders and drivers at risk, raising serious concerns about Uber’s data practices. This case serves as a warning about mishandling customer data.
For enterprises, ethical considerations around how data is stored, used, and managed must be prioritized. They can adopt industry-recognized frameworks, revisit organizational policy around data use, and ensure governance, risk, and compliance (GRC) with industry regulations.
Any firm handling sensitive data must align with ethical standards or risk eroding customer trust and privacy.
2. Google’s unethical data tracking
Tech giant Google has come under fire several times over the years for its unethical data use.
In 2020, a lawsuit was filed against Google’s parent company, Alphabet Inc. The lawsuit claimed users browsing the web via Google Chrome’s “Incognito” and “Private” browser modes were unknowingly tracked.
Even with private browsing enabled and location tracking disabled, data collection methods continued. User data was collected via Google websites and apps, device location data, and third-party cookies and analytics.
Plaintiffs of the lawsuit claim that the company’s practices “give Google and its employees power to learn intimate details about individuals’ lives, interests, and internet usage; and make Google “one-stop shopping” for any government, private, or criminal
actor who wants to undermine individuals’ privacy, security, or freedom.” The case eventually settled in 2024, with Google ordered to pay $5 billion.
Similarly, in 2019, Google was found to be collecting data on children under the age of 13 via YouTube, a subsidiary of the company.
The COPPA (Children’s Online Privacy Protection Act) stipulates that data collected via websites, apps, and online services directed at children or knowingly collecting information must obtain parental consent beforehand. The Federal Trade Commission (FTC) fined Google $170 million in response to these breaches.
Examples like these reiterate how even industry-leading firms aren’t immune to unethical data use. To avoid financial penalties and remain compliant, today’s companies must establish transparency and adhere to non-negotiable rules regarding user data collection.
3. Data misuse by Cambridge Analytica and Facebook
The former political consulting firm harvested data from up to 50 million Facebook users, which were then used to design software predictions for manipulating political outcomes.
The software was able to profile millions of US voters to create realistic psychological models based on political characteristics. Political entities were then allowed to purchase these hyper-realistic profiles to target US voters with political messaging.
The data was unlawfully obtained via Facebook tests where tens of millions of data and their friend’s data were harvested. This is a clear breach as Facebook policy bars the selling of users’ friends’ data for advertising purposes.
Data was also obtained when students took a paid personality test via an app called “This Is Your Digital Life” and agreed to have their data collected for academic purposes.
Facebook was unaware of the data breach until 2015 and was slow in its response to recover the data and alert users once it became aware of the breach. This breach highlights the risks enterprises can face when failing to set up the right security measures around data privacy and protection.
It also teaches how companies with seemingly robust internal measures around data can still become the target of threat actors with deeply unethical motivations.
4. Tesla’s internal data leaks
Thousands of Tesla employees’ names, addresses, employment records, and social security numbers found their way into the hands of a German media outlet after two insiders unlawfully obtained and sold them the data.
This data leak shows that data ethics concerns are about handling external threats and operational mistakes and managing internal risks. Over 100GB of data on Tesla employees, proprietary information, customer complaints, and banking details were leaked.
Tesla claims that former employees broke its data protection rules and is taking legal steps to prevent this from happening again. A German media company holding the data has stated they won’t release it publicly, and Tesla says there is no proof that the data was used in a harmful way.
While cybersecurity often focuses on outside threats, Tesla’s data breach highlights the need for better internal controls. Companies must limit data access based on job roles and enforce strict rules on data use.
Regular audits and monitoring of employee actions are essential to avoid these situations. Companies should also offer training, set clear security rules, and routinely assess internal threats.
5. Meta’s misuse of data for targeted advertising
The last data ethics example comes from social media giant Meta and how it asks to use users’ data in ad targeting.
Questions around choice and how much say a user has in their data being collected, stored, and used have been asked for some time. Questions like these arise once again, notably in Meta’s lack of options around how users consent to data use and how it can impact their accessibility to the platform.
The Irish Data Protection Commission (DPC) said that Facebook and Instagram used “forced consent,” by pushing users to leave the platform if they disagreed with how their data was used in targeted advertising. This lack of genuine choice resulted in a €390 million (USD 430 million) fine for breaching the EU’s General Data Protection Regulation (GDPR).
Privacy advocates want to shape how Meta handles data in the future and make sure users have real control over how their data is used.
Breaking data laws can quickly lead to serious consequences. Companies that use customer or business data must be careful or risk legal limits, big fines, and a damaged reputation.
Firms need clear terms that explain how data is collected, stored, and shared. They must give users real opt-in and opt-out choices and spell out rules for data use, storage, and third-party access.
Regulators are now watching consent more closely, targeting vague or sneaky tactics. Companies must make sure consent is clear, specific, and easy to take back. This avoids legal trouble and helps build digital trust.
Why is the need for data ethics increasing?
The need for robust data ethics standards today, especially in light of historic breaches from some of the leading tech firms, cannot be overemphasized.
As data becomes more integral to the functioning of enterprise tech (E.g., AI), setting up measures to ensure data violations do not occur is non-negotiable.
Good data transformation includes steps like limiting access with strong controls, using anonymization, conducting vulnerability tests, and training employees on ethics.
Enterprises must adapt policies in real time as regulations shift and evolve. Proactive governance is key for preventing gaps that could lead to them becoming the next major scandal.
People Also Ask
-
Which global regulations govern data ethics?Laws like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. protect personal data. They make sure companies are honest about how they collect, use, and store data, keeping people’s information safe and private.
-
How can organizations ensure they are using data ethically?Companies should be clear about how they collect and use data. They need to ask for permission and let people say no if they don’t want their data used. They must also keep data safe and only share it with the right people. Regular checks can help.
-
What are the risks of not following data ethics principles?If companies don’t follow data regulations, they could break the law and be fined. They might also lose customer trust, hurt their reputation, and lose business, which can make it harder for them to grow or keep customers.
