ABDULLAH GUL UNIVERSITY

FACULTY OF MANAGERIAL SCIENCES

DEPARTMENT OF BUSINESS ADMINISTRATION

BA403 – BUSINESS ETHICS

FINAL REPORT

Ethics & Digital Data Privacy

Prepared by

Hassan Mohamed – 130110174

Abstract

Introduction

Literature Review

Privacy

Ethical Dilemmas

Why Do Companies Need Users’ Data?

How Do Companies Reach Users’ Data?

Laws & Regulations

Findings & Discussion

Conclusion

References

Abstract

This paper will discuss the ethical and moral dilemmas regarding Data privacy in this digital era.

It will take a qualitative method of gathering the literature previously written in the field by

various academicians from different but relevant backgrounds. This topic is considered to be very

critical especially these days since the world is coming across a new ear, the era of automation,

and artificial intelligence (AI). And, in order to be able to develop to that stage, the bases of data

privacy must be set in both the awareness of the general mass of people as well as to the heads of

organizations and businesses. Moreover, laws should also be set regarding this area in order to
ensure more privacy, justice, and stability regarding this topic. Furthermore, suggestions for

solutions will be given in order to take a step in solving the current ethical dilemma of data

privacy violation and manipulation.

Introduction

Data is the keyword for understanding the technological and industrial era we all live in today.

Data and information, considering the slight difference between them, are the solid base that

machine learning and artificial intelligence (AI) is built upon in the 4th industrial revolution

(industry 4.0). The 4rth industrial revolution basically means automating processes by using

technology and AI which heavily depend on cleaned data. Data could be simply put as the pieces

of facts, numbers, statistics…etc. While information could be explained as structured and

organized data, which puts context to the data. This data could be anything from Facebook’s

user’s ages, genders, locations...etc. to the social security numbers of a whole country. And since

we are at the peak of the era of data and information, many specializations have been found in

order to study, mine for, clean, analyze, and even manipulate data. This is why this is such a

sensitive topic. Data is the only thing any human being can provide that almost all businesses,

organizations, and even governments could buy and put to good or bad use.

After understanding the meaning of the fourth industrial revolution that we live in today, data and

its meaning, and the importance and widespread of data, it is time to briefly introduce the ethical

issues that could arise from the availability and need of data today. Since companies and

organizations could use data for many profitable manners, like tracking customer’s purchasing

behaviors, most visited websites, product preferences, and much more, it became clear that
companies and organizations are willing to do much in order to get their hands on people’s data.

Now, this might not seem like an ethical issue or any issue at all from the first moment, however,

this fact has led to many ethical and moral dilemmas. This is what will be explained in the paper.

What are the ethical and moral dilemmas caused by the rise of the importance of people’s data

and what actions were taken in order to solve these dilemmas both from the official governmental

laws and from the reactions of people to this problem? Moreover, more solutions will be

suggested in order to try to participate in solving this issue that has lasted for a couple of years to

date. Furthermore, this paper is considered as secondary research, which means it will gather

most of, if not all, the literature that was written by the academic community in the field of data,

privacy, and ethical issues regarding digital personal data. Finally, the findings and discussion

section will be presented in order to summarize the efforts of the previously written papers in

order to come up with other practical solutions to take a step at least in solving this dilemma and

long-lasting debate.

Literature Review

Privacy

In order to understand the dimensions of the subject, every part of it must be clearly defined and

explained, leading to a solid understanding of each attached string that is directly related to the

subject. After that comes the matching and integration of these different definitions and concepts

in order to paint the full picture of the subject. Clearly, this will lead to the ability to find

effective and practical solutions much more efficiently.

solve anything regarding this dilemma. According to Parent (1983): “Privacy is the condition of

not having undocumented personal knowledge about one possessed by others”. This basically

means that anyone’s personal knowledge should only be under his\her hands and no one else.

Here emerges an issue, in the digital world we all live in today, it is not clear anymore who has

whose data. This is simply because the internet requires much data from all its users, this data can

basically become in the hands of almost anyone if not securely stored and maintained. And since

most transactions and processes are digitalized, it is also hard to know who even has your data

since it could be copied and pasted for an unimaginable amount of time without any cost and with

barley any time or workforce.

Parent (1983) argues that the knowledge of personal data can result that the person might be

power by this person knowing such information. The control might hurt that person especially if

the information is managed by people without morals. However, Hughes (2012) states that as

long as the information demanded by the user to be protected did not reach another party and no

strangers as reached it then there is no any concern about the invasion of privacy. Pavlou (2011)

maintains that the personal willing of the person is the only measure that is effectively considered

in order to share their private information with a consensus of the literatures studied regardless of

any other scales the researchers conducted.

Ethical Dilemmas

After understanding what privacy means, and how it could easily be accessed and spread, a

question could arise which is: what are the harms of making this data public or in the hands of

many people? Violating and/or manipulating people’s privacy could mean putting people’s
mental-wellbeing, financial information, locations, passwords, and even life’s at sometimes at

stake. This is simply because people with bad intentions could use this data, which could seem

very simple and basic sometimes, to blackmail people for money, steal people’s financial

savings, hack into organizations, and even governments in order to acquire their private

information. All of these acts and much more could be done by simply giving access to people’s

data to someone or some organization, that is not trustworthy of it. Moreover, some organizations

even try to keep their consumers’ and stakeholders’ data and information safe and sound,

however, it is not that simple. Since the internet is available for everyone today, it becomes

possible for trained and experienced individuals to hack into systems in order to reach this poorly

secured data.

Why Do Companies Need Users’ Data?

Now, for the famous debate of individual data privacy and information security, it is important to

understand why companies and organizations ask for this data in the first place. The simple and

brief answer for that is that for companies having more data in general (meaning about the

market, suppliers, and generally all stakeholders), and having data for their customers in specific

is crucial to speed up their processes and make them more efficient. Now with a bit more detail.

Companies use customer’s data in order to know which market segment to market to. That way

they can save tons of money, time, and workforce to simply market for random segments of

people, or to gut-guess which type of customers are more likely to like and buy their product or

service. Moreover, having your customer’s data could also generally help to improve the

customer experience. This is because if a company or organization knows it’s customers’

purchasing behaviors, most visited locations & sites, personal preferences & tastes…etc. it

significantly improves the customers’ experience since the business knows where to find the
customer and what he/she will like or dislike as for their products or services. Furthermore,

companies and organizations can use data in order to secure more data. This means that if a

company is providing a service of cloud computing, for example, this company will need a lot of

data from the customer in order to have security questions for him/her in order to make sure no

one else can access this account except him/her. In simple words, simple data is sometimes

needed in order to secure more important or complex data.

Bowie and Jamal (2006) add another example of the importance of the cookies that has been the

concern of users over the previous years. They show that “Double Click” which is a business

acting as a bridge between websites and advertisers trying to elevate their products by reaching

the correct customers. Double click collects all the information of the users by the cookies button

appearing in popular websites and selling this information later to other websites attempting to

expand their businesses. Roger (2000) explains that with a single click on the cookies button

appearing on websites that has a direct contact with you via the email or that has any registration

process. With a unique ID for your information, double click can collect your data available in

Abacus database after a request from the advertisers, all happening automatically online.

How do Companies Reach Users’ Data?

Companies have various ways and methods in order to acquire people’s data. The simplest, most

common, and most ethical method is for the company to simply ask its users for their data.

Therefore, the user chooses either to provide his/her data to this specific company or not.

Moreover, the user could also choose which parts of his/her data are they willing to share and

which they are not willing to share. Another method that companies use to collect data is by

buying users’ data from other companies. This yet another common method of acquiring data,
however, this method could be a bit less straightforward, also some people would like to consider

it a bit unethical. As mentioned previously in this paper, today we live in the era of big data,

digitalization, and even automation. This means that data can be a very important currency or

asset people would like to buy or store for whenever it becomes handy. Also, the more data you

have as a company or organization the more upper hand you have when compared to your

competitors in the market. This is why you can find services such as data providers, or even data

brokers. Simply because data is very important and is sometimes hard to reach, so come

companies prefer buying clean, sorted, and relevant data.

Laws and Regulations

After briefly presenting the importance of data and its privacy, as well as the threats that may

occur if this data falls into the hands of the wrong people. It’s time to understand what kinds of

laws and regulations have been discussed, debated, and implemented in order to prevent any type

of violation or manipulation to peoples’ data. For example, the California Consumer Privacy Act

(CCPA) has been established in the USA in order to set rules, laws, and regulations in order for

data capturing and storage. Moreover, it also develops laws that are separated from the laws of

the companies’ decision-makers. Another example, this time from the European Union, is the

General Data Protection Requirements, also known as the GDPR. This has the same functions as

the California Consumer Privacy Act (CCPA), however, it also fines companies for misusing

consumer’s privacy. This is also a very effective way to implement these laws and rules in order

to prevent unethical dilemmas that might occur to users in these countries.

In addition, Bowie and Jamal (2006) conduct an overview on the privacy law in e-commerce by

comparing USA and the EU. While the EU is constraining usage of private information except

for explicit and legal purposes with a data protection rules placed by the European Directive and
has to be fulfilled by all the EU members generally, the USA is not having any regulations that

control the personal information of the user. The websites are free to use and collect any data

they are searching for without any limits. There are no legal actions that will be taken in case

unless for three exceptions: Financial and health care industries and Children’s Online Privacy

Act. A real example available is EBay website which requires questioning of the age to be able to

collect and process the data they collect from users.

Bowie and Jamal (2006) illustrate the application within the scope of marketing in e-commerce

with the application of two principles. Firstly, having a privacy policy and secondly the easiness

of finding and reading the policy itself. The first principle is considered as a requirement in terms

of morality to attain the awareness of the reader and meet it with criterion. Additionally, the

second principle refers again to the awareness the user as it is crucial for the data collected of the

user to be known and approved from his side with a clear and obvious privacy policy with a

single click away on the main homepage.

Findings & Discussion

It is relatively clear by now that the ethical issues regarding the privacy of digital data is truly

important and worthy of discussion and research. Moreover, to summarize and the findings and

simply state a proposal for what should be done in order to achieve more privacy for users while

not harming organizations or businesses. There are two main factors that take the main role in

solving this digital privacy issue, the people and the government. Both sides play a major role

and the issue cannot be solved by one side on its own. The government is responsible to establish

and implement rules and regulations like the California Consumer Privacy Act (CCPA) and the
General Data Protection Requirements (GDPR). This part is crucial to ensure that a superior force

is monitoring the market. On the other hand, people also have an important role to play in order

to solve this issue. People should be very aware where they share their data and to whom they

give access to. This will prevent a lot of ethical violations to happen in the first place. By

combining both these forces, the governmental regulations, and the awareness of the people, it

will become very difficult for organizations or individuals with bad intentions to penetrate or use

people’s private data in an unethical manner.

Conclusion

After presenting the meaning of data, privacy, ethical dilemmas regarding data manipulation,

violation, and hacking; answers for questions like why do companies need users’ data and how

do companies reach users’ data, the paper finished off by explaining the laws and regulations

regarding digital data privacy while giving practical solutions on how to solve this problem.

Moreover, further research should be done by academicians from the field of law in order to

discuss the optimal set of rules and regulations in order to achieve the best balance of privacy but

while having an acceptable level of customer satisfaction and organizational profit.

References
- Bowie, N., & Jamal, K. (2006). Privacy Rights on the Internet: Self-Regulation or

Government Regulation? Business Ethics Quarterly, 16(3), 323-342. Retrieved August

15, 2020, from www.jstor.org/stable/3857919

- Cohen, J. (2012). Reimagining Privacy. In Configuring the Networked Self (pp. 127-152).

New Haven; London: Yale University Press. Retrieved August 15, 2020, from

www.jstor.org/stable/j.ctt5vm24d.9

- Fried, C. (1968). Privacy. The Yale Law Journal, 77(3), 475-493. doi:10.2307/794941

- Hughes, K. (2012). A Behavioural Understanding of Privacy and its Implications for

Privacy Law. The Modern Law Review, 75(5), 806-836. Retrieved August 15, 2020, from

www.jstor.org/stable/41682872

- Kulhari, S. (2018). Data Protection, Privacy and Identity: A Complex Triad. In Building-

Blocks of a Data Protection Revolution: The Uneasy Case for Block chain Technology to

Secure Privacy and Identity (pp. 23-37). Baden-Baden, Germany: Nomos

Verlagsgesellschaft mbH. Retrieved August 15, 2020, from

www.jstor.org/stable/j.ctv941qz6.7

- Parent, W. (1983). Privacy, Morality, and the Law. Philosophy & Public Affairs, 12(4),

269-288. Retrieved August 15, 2020, from www.jstor.org/stable/2265374

- Pavlou, P. (2011). State of the Information Privacy Literature: Where are We Now And

Where Should We Go? MIS Quarterly, 35(4), 977-988. doi:10.2307/41409969

- Regan, P. (1995). Privacy‚ Technology‚ and Public Policy. In Legislating Privacy:

Technology, Social Values, and Public Policy (pp. 1-23). University of North Carolina
 Press. Retrieved August 15, 2020, from

www.jstor.org/stable/10.5149/9780807864050_regan.5

- Richards, N. M., & King, J. H. (2014). Big data ethics. Wake Forest L. Rev., 49, 393.

https://www.rdalliance.org/system/files/documents/Richards%20%26%20King

%20%282014%29%20Big%20data%20ethics.pdf

- Rodger, W. 2000. "Activists Charge DoubleClick Double Cross." USA Today (February

21), available at usatoday.com

- Singh, S. (2011). PRIVACY AND DATA PROTECTION IN INDIA: A CRITICAL

ASSESSMENT. Journal of the Indian Law Institute, 53(4), 663-677. Retrieved August

15, 2020, from www.jstor.org/stable/45148583