Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Data Ethics and Protection'

ANU COMP2420 / COMP6420 - Introduction to Data Management, Analysis and Security
Topic Outline

Roger Clarke **

Version of 4 May 2021

© Xamax Consultancy Pty Ltd, 2020-21

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at


This 2-hour segment addresses important issues arising from data analysis. It comprises two lectures, delivered at two different stages of the semester-unit:

The Examinable Materials

The examinable materials comprise the following:

The Further Reading is not examinable. It's provided in order to enable you to 'drill down' on topics you're particularly interested in, or need to understand more about.

Lecture Outlines
Lecture 1: IT and Data Ethics

Week 6 - Wed 31 Mar 10:00-11:30 - Online

The slides are available in PDF for viewing, and PDF-4up for printing

The video-presentation is available in mp4 format


1. Introduction

2. Ethics in Data Science / Data Analysis

3. Applied Ethics


The Power of IT

s.4.1 Information Infrastructure, at


The Introduction section to 'Ethics', International Encyclopaedia of Philosophy, at

Codes of Ethics

Australian Computer Society (ACS), at

Ethical Issues in Data Science

s.4.2 Data Harm, at

Case Studies

Centrelink's Big Data 'Robo-Debt' Fiasco of 2016-20, at

s.2.5 Data Scrubbing, at

s.2.7 Decision Transparency (2016), at

Guidelines for Data Analytics

Guidelines for the responsible application of data analytics (2018), at


The Power of IT

What Drones Inherit from Their Ancestors, at

Cyborgs Today (2017), at


The remainder of 'Ethics', International Encyclopaedia of Philosophy, at

Kinch N. (2019) 'Data Ethics in tech; Here's why it's so hard' Medium, 4 Jan 2019, at


s.4.3 Market Segmentation for Privacy-Enhancing Technologies (PETs), at

s.4.4 Risk Assessment for Whistleblowers, at

Codes of Ethics

Association for Computing Machinery (ACM), at

IEEE, at

Engineers Australia, at

Ethical Issues in Data Science

Data Values harmed by Data Analytics (2016), at

Big Data, Big Risks (2016), at

Case Studies

Doctorow C. (2017) 'Australia put an algorithm in charge of its benefits fraud detection and plunged the nation into chaos' BoingBoing, 1 Feb 2018, at

Cossins D. (2018) 'Discriminating algorithms: 5 times AI showed prejudice' New Scientist, 12 April 2018, at

s.2.2 The Rationale Underlying a Decision (2014), at

s.4 The Digital Surveillance Economy, at

Codes for Data Analytics

'Data Science Association Code Of Professional Conduct' (2016), at

'American Statistical Association Ethical Guidelines for Statistical Practice' (2016), at

Guidelines for Data Analytics

Article on 'Guidelines for the Responsible Application of Data Analytics' (2018), at

Business Processes

'Towards Responsible Data Analytics: A Process Approach' (2019), at

Anonymisation / De-Identification

s.3, at


Slide 5: Some Ethical Issues

How does IT generally, and Data Analytics in particular, contribute to:

  1. Climate change
  2. The political impacts of location and tracking
  3. Unfair discrimination against lower economic demographics
  4. Continuous disruption of organisations and occupations
  5. The casualisation of labour

Slide 11: Ethical Issues in Data Science

What are your expectations about the results you are awarded by the ANU for the courses you do? In particular, what do you think about the ideas of:

  1. Transparency of decision-rationale
  2. Automated decision-making
  3. Due process / procedural fairness

Slide 14: Case Study #1 - Robodebt

What ethical issues arise from the Robo-Debt case?

Surely Centrelink should have discovered in advance that the design of the new system was highly unreasonable. But how should they have discovered that?

Slides 21-26: Case Study #5 - The Digital Surveillance Economy

Companies that you deal with on the Web do the following things, in order to maximise their revenue or profit. As a shareholder, are you happy that they do these things? As a consumer, are you happy that they do these things?

  1. They gather a lot of data about you
  2. They share that data with many other companies
  3. They use that data to categorise you
  4. They apply ad targeting, i.e. select ads to display to you that appear most likely to influence your purchasing decisions
  5. They make offers to you at the highest price your profile suggests you're prepared to pay

Lecture 2: Data Protection & Data Privacy

Week 10 - Wed 12 May 10:00-11:30 - Online

The slides are available in PDF for viewing, and PDF-4up for printing

The video-presentation is available in mp4 format


  1. Introduction
  2. Data Security
  3. Privacy
  4. Data Privacy
  5. Safeguards


Data and Information

Fundamentals of Information Systems, at

Knowledge, at

Data Quality and Information Quality Factors, at

The Conventional Security Model

Appendix 1, at


Introduction to Privacy, at


Categories of Persons-at-Risk, at

Privacy Law

The Australian Privacy Principles (APPs), at

(Make sure you understand what each Principle is about. Where what's on that page isn't clear enough, dive down into the links provided).

The Notifiable Data Breaches scheme, at

Privacy-Enhancing Technologies

Categories of PETs, at

'Privacy in a pandemic: Keep calm, and remember first principles' (Johnston, 2020), at


The Conventional Security Model

User-Friendly Security Solutions, ss.3 and 3.1 and Table 1, at

Appendix 2: Baseline Security Features, at

Data Values harmed by Data Analytics (2016), at


'What's Privacy?', at

The EU's General Data Protection Regulation

'What is the GDPR?', at

(Compare the European Principles with the Australian Privacy Principles, and work out which offer better privacy protections).

Privacy-Enhancing Technologies

'Introducing PITs and PETs: Technologies Affecting Privacy', at


Slides 3-4: Data and Information

Think about what you're learning in this unit, COMP2420/6420. Now give some examples from this unit of data, information, knowledge and wisdom.

Slides 5-6: Data and Information Quality

The ANU gathers data about your performance in this unit of study. It makes most of it available to you. It publishes some of it on your transcript. Various people will use that data for various purposes.

Consider each of the 7 data quality and 6 information quality factors, and give examples of good quality and bad quality data and information about your performance.

Slides 8-15: The Conventional Security Model

Apply the concepts of threat, vulnerability, security incident, harm, asset, stakeholder and safeguard to a day-care centre that looks after children under 5 years of age while their parents are at work.

Apply the concepts of threat, vulnerability, security incident, harm, asset, stakeholder and safeguard to the personal data that the ANU holds about you.

Slides 17-19: Privacy Needs, Harm, and Risk Categories

What kinds of data are most likely to be privacy-sensitive for:

Identify a couple of examples of privacy concerns that you have. (If you don't think you have any, use examples of concerns your friends or relatives have).

Which needs, harms and risk categories are relevant to those privacy concerns?

What circumstances might arise that would increase the levels of concern that people feel about those particular privacy issues?

Slide 23: The Lifecycle of Personal Data

Why is it likely that Disclosure of Personal Data may be subject to even more risks than Use of Personal Data?

Do any privacy concerns arise in relation to the Access and Correction rights that each of us has (in Australia under Australian Privacy Principles 12 and 13)?

Slides 25-28: Privacy Protections

In relation to the privacy concerns you've just discussed, to what extent do you think that the law provides adequate protections?

Slides 29-38: Privacy-Enhancing Technologies

What PETs do you use?

What extra PETs should people use who face more serious risks than you do?

Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Research School of Computer Science at the Australian National University,, and in the Cyberspace Law & Policy Centre at the University of N.S.W.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 9 March 2020 - Last Amended: 4 May 2021 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy