1 Introduction

The digital transformation has resulted in drastic change at every level of society (Floridi 2014). Enabled by the increased capabilities, miniaturisation and proliferation of computer hardware, the possibilities for collecting, connecting and analysing vast amounts of data from a wide variety of sources have grown exponentially, along with the complexity and ubiquity of the algorithmic systems employed to analyse and utilise this data.

Building upon the foundations laid by computer and information ethics since the second half of the Twentieth Century (Moor 1985; Bynum 2018; Floridi 2013), the young field of data ethics (Floridi and Taddeo 2016) has been tackling the ethical challenges posed by both the data expansion and the accompanying algorithmic advances. The former include, for example, privacy concerns, as personal data from different areas of life can be combined and recombined to reveal ever more comprehensive and intimate insights into the habits and preferences of individuals and groups (Mittelstadt and Floridi 2016). The latter concern bias, transparency and responsibility issues arising around the development and function of algorithms (Rochel and Evéquoz 2021; Mittelstadt et al. 2016), as well as the increasing inscrutability and sophistication of machine learning approaches that have precipitated a recent flourish of enquiry into the ethics of artificial intelligence (AI) or more broadly automated decision-making-systems (Hagendorff 2020; Mökander et al. 2021b).

2 Digital ethics challenges for science and technology companies

Whilst some principles—such as responsibility, transparency, beneficence and justice—feature almost universally in digital ethics, others apply more specifically to certain types of organisations. For example, in the case of companies seeking to develop and deploy novel digital technologies, it may be particularly important to weigh the opportunity costs of foregoing a potentially profitable new product, service or innovation against the potential risks of a mis- and overuse, especially in areas of regulatory uncertainty. Balancing these principles has significantly impacted regulatory adoption and consumer acceptance of innovations (e.g., as previously observed with genetically modified crops in the European Union) and seems to be important for developing new digital technologies too, as indicated by a recently stalling consumer uptake of digital health solutions due to mistrust in companies and lack of understanding (Safavi and Kalis 2020). Regulatory and cultural differences between countries (ÓhÉigeartaigh et al. 2020) may exacerbate some of these challenges for companies operating internationally. This makes a strong case for considering ethical and societal expectations when planning business strategies (Handelsblatt Research Institute 2015; Institute for Business Ethics 2018), to allow companies to “identify and leverage new opportunities that are socially acceptable” whilst avoiding socially unacceptable courses of action that may be “rejected, even when legally unquestionable [and lowering] the opportunity costs of choices not made or options not grabbed for fear of mistakes” (Floridi et al. 2018).

Another specific challenge facing companies and similar organisations that pursue practical digital innovation are that ethical principles need to be operationalised for business purposes to provide useable tools in a variety of contexts. These range from business case analyses and panel evaluations to guidance for individual employees and external communications aiming to build trust. Any tools developed should also be universal and flexible enough to be applicable and adaptable to the organisation’s various sectors, projects and stakeholders, which may all feature different perspectives.

As a multinational science and technology company operating across healthcare, life science and performance materials, Merck KGaA (henceforth Merck) has, like other corporations, experienced digital changes and challenges to both its internal workings and the ways in which it conducts and develops its business. AI-based approaches now feature for example in drug discovery and supply chain integrity protection (Merck 2020a), and big data applications are used in human resources and—perhaps most prominently—are at the heart of Syntropy, a partnership between Merck and Palantir Technologies Inc. specialising in integrating healthcare data from different sources to give scientists and research centres access to a collaborative technology platform for cancer research (Merck 2020b).

Due to the rapid nature of digital developments, comprehensive legal regulations have not yet been developed in all relevant areas (Gordon 2021). Given this regulatory gap, companies such as Merck that wish to operate responsibly and guided by ethically sound principles, need to be proactive about finding, communicating and implementing suitable standards for innovations that are not yet covered in detail by regulatory frameworks. Moreover, many ethical “should” questions go beyond the scope usually provided in legal regulations, which provide practitioners mainly with answers to “could” questions. However, finding answers to the ethical questions are important for building and maintaining trust in a company’s operations (Morley et al. 2021b). Merck has a strong track record of proactively seeking and implementing ethical guidance, especially in the biomedical field which has also often progressed rapidly beyond the scope of current regulation. Here, the Merck Bioethics Advisory Panel, which consists of disclosed external experts from diverse backgrounds in bioethics, philosophy and law, has provided practical guidance to the company’s healthcare and life science businesses in areas of high regulatory uncertainty. Based on the panel’s advice, Merck has published principles to guide the company’s research and development process in the areas of genome editing (Sugarman et al. 2018), stem cell research, and fertility research, in accordance with ethical standards.

Whilst the Syntropy partnership clearly belongs to the biomedical sphere, its business model, which involves enabling the integration and exchange of large amounts of highly sensitive patient data, is raising ethical challenges that are not fully covered by prevailing bioethical principles and fall outside the core expertise of the Merck Bioethics Advisory Panel. To be able to specifically address issues of digital ethics, Merck has, therefore, installed a new expert committee, the Merck Digital Ethics Advisory Panel, which operates as a separate yet interconnected advisory body (Merck 2021). Additionally, Palantir has a long history (since 2012) of drawing upon the advice of its Palantir Council of Advisors on Privacy and Civil Liberties (PCAP) as a group of independent experts in privacy law, policy, and ethics to understand and address the complex issues encountered in the course of its work.

3 Seeking a principle-based Code of Digital Ethics

To develop a scientifically valid foundation to guide ethical decision-making throughout the company, we sought to develop a Code of Digital Ethics for Merck that is both ethically rigorous and suited for operationalisation across the full scope of digital ethics challenges arising at Merck. Such an internal guideline should function as a common groundwork from which to derive suitable strategies and procedures for different business sectors and individual employees to enable them to navigate areas of high regulatory uncertainty. It should also provide a clear structure for the assessment of ethical questions by the new Merck Digital Ethics Advisory Panel and other decision-makers, and help to build trust with customers and business partners.

Due to the recent rapid increase and the pervasive nature of digital developments, many different organisations have started to develop practical ethical guidance in this sphere. This has led to a plethora of guidelines, ranging from individual companies’ big data or AI codices (Deutsche Telekom 2018; SAP 2018; Telefónica 2018), to recommendations for specific societal sectors like the healthcare system (Deutscher Ethikrat 2017; Mittelstadt and Floridi 2016), to high-level frameworks that target society as a whole at national (Die Bundesregierung 2018; Datenethikkommission 2019; UK Government 2018) or even international (EGE 2018; ICDPPC 2018; CEPEJ 2018) levels.

Recognising that “the sheer volume” of individual principles proposed in such a frontier situation “threatens to overwhelm and confuse” (Floridi and Cowls 2019), there have been several attempts to compare this abundance of heterogeneous and yet overlapping documents, to extract common core principles and recurring topics from them and to synthesise these into unified frameworks of digital or AI ethics (Floridi et al. 2018; Jobin et al. 2019; Fjeld et al. 2020; Hagendorff 2020). Such meta-analyses offer valuable orientation but cannot necessarily provide the specific perspective needed for individual organisations with their unique digital challenges, needs and values, or for translating high-level principles into robust practice (Mittelstadt 2019; Floridi 2019; Hickok 2020; Blackman 2020). We, therefore, decided to pursue a tailor-made approach that combines an analysis of the most relevant data and AI ethics guidelines with the extraction of key principles suitable for Merck and their translation into guidelines that can serve as a foundation for the diverse operationalisation requirements within the organisation.

4 Crafting the CoDE

Creating the CoDE took three steps, (1) principle analysis, (2) principle mapping and (3) CoDE derivation (see Fig. 1). The first step involved the selection of relevant literature according to predefined criteria and the identification and consolidation of the topics and ethical principles contained in these documents, using a reconstructive social research approach (Vogd 2009; Özbilgin 2006; Bohnsack 1999). During the second step of the project, we defined the most important core principles and mapped the remaining principles to them in subsidiary groups. All principles were then, in the third and final step, translated into the guidelines that constitute the CoDE.

Fig. 1
figure 1

Course of the project

4.1 Principle analysis

In our analysis, we considered recentFootnote 1 literature that fulfilled three criteria: First, all documents included had to refer to the ethical handling of data and/or AI, machine learning or other aspects of algorithmic systems.Footnote 2 Secondly, each document had to contain normative statements about data and/or algorithmic systems. Thirdly, the editor had to be from Europe. Across Europe, there has been especially strong commitment to stringent scrutiny of the ethical challenges around digital developments, at the level of both data and algorithmic systems. Attempts to devise appropriate, innovative and trust-building ways of tackling these have been developed by individual countries (e.g. Agenzia per l’Italia Digitale 2018; Datenethikkommission 2019; Deutscher Ethikrat 2017; Ekspertgruppe om dataetik 2018; Schweizerische Eidgenossenschaft 2020; UK Government 2018; Villani 2018) as well as at EU level (e.g. EGE 2018; EDPS Ethics Advisory Group 2018; AI HLEG 2019; European Commission 2020), with pioneer projects like the EU General Data Protection Regulation and the recently proposed first-ever legal framework on artificial intelligence, the EU Artifical Intelligence Act, also likely to affect and inspire regulatory development beyond Europe (EU Commission 2021; Mökander et al. 2021a). Merck has a long history of operating within a European values framework and a clear commitment to upholding these values. A clear focus on European guidelines was, therefore, expected to provide the best match for the perspective and requirements of an internationally operating EU-based science and technology company like Merck, with its demonstrated commitment to developing and adhering to rigorous ethical standards in business contexts.

As a baseline, we used the compilations of recommendations, guidelines, frameworks and sets of principles on data and algorithm ethics (henceforth referred to as “guideline documents”) by the Harvard Internet Institute (later published by Fjeld et al. 2020) and Algorithm Watch’s crowd-sourced AI Ethics Guidelines Global Inventory (https://inventory.algorithmwatch.org). This yielded 32 and 83 publications, respectively, and was complemented by internet searches for the keywords “digital ethics”, “data ethics” and “corporate digital responsibility”, yielding two additional publications. After eliminating 15 duplicates from this collection of 117 documents, we excluded a further 60 guidelines that did not originate from European sources, leaving a total of 42 European guideline documents (see Online Resource 1).

These documents were subjected to the reconstructive social research approach in four steps: First, we examined the documents for explicitly named principles, recording all text passages with such explicit mentions.Footnote 3 We also included certain recurring topics that could not be directly identified as principles but were related to them and considered relevant due to their frequency. This resulted in an initial list of 29 recurring principles and topics (see Fig. 2) that either represented, or bore a close connection to, ethical principles. As a second step, we formulated preliminary definitions of the topics thus uncovered, guided by the scope of the recorded passages. In a third step, we used these definitions to examine the documents a second time, to uncover and extract passages that mentioned the corresponding topics implicitly. Implicit mentions were discussed in the team and only recorded as referrals to the previously agreed topics if a match was agreed unanimously.

Fig. 2
figure 2

Frequency distribution of the initially identified 15 principles and 14 further topics, ordered from highest number of mentions to the lowest

We then reduced the list of 29 topics to 20 central digital ethics principles in the fourth and final step (see Fig. 3). This reduction process aimed to remove some ambiguities and overlaps discovered upon further scrutiny of the preliminary definitions and the newly recorded implicit text passages: Some topics could not be directly identified as ethical principles but might be assigned to one (for example “data and AI usage” and “data collection” to the principle of proportionality). Others were not suitable for such assignment and instead dropped from further analysis (“research practices” and “societal ethics”). The principles “equality” and “fairness” were combined under the principle of “equality” since the latter, although lexically subordinate to “fairness”, constitutes a more specific and thus easier to operationalise principle with particular relevance for digital innovations and businesses. Finally, some topics were of such a basic nature or of such overarching importance that it appeared more appropriate to introduce them in a foundational preamble to the main principles. The topic “respect law”, for example, was moved to the preamble of the CoDE since in a business context, compliance with the applicable law is considered a fundamental prerequisite that needs to be met before further ethical principles are discussed. And while a specific aspect of the topic “governance mechanisms”—reliability—found translation into the final set of principles, the topic’s broad scope also warranted its inclusion in the preamble. Similarly, the topics “human rights”, “ethical design” and “trustworthiness” were also placed in the preamble.

Fig. 3
figure 3

The process of transforming the initial 15 principles and 14 further topics to 5 preamble topics and 20 final principles

4.2 Principle mapping

We next strove to facilitate understanding and navigation of the identified principles, as well as their suitability for later operationalisation, by refining their preliminary definitions, elucidating their relationships to each other, and structuring them further in a hierarchical model with core principles that have the remaining principles mapped to them as subsidiaries.

The final definitions of the 20 principles were derived in an iterative process by further analysing the text passages from the 42 guideline documents that had previously been recorded as explicit or implicit referrals to the principles. Care was taken to ensure that no nuances were lost where terms from the initial list of 29 topics and principles had been combined or transformed. The full definitions of all 20 principles are listed in the appendix of Merck’s Code of Digital Ethics.

Five particularly far-reaching principles were selected as core principles as they represent the essence of larger thematic clusters that are arguably suitable as a foundation of digital ethics: autonomy, non-maleficence, beneficence, justice and transparency. Of these, the first four appear as classical principles of biomedical ethics and have been championed in this field since the 1970s (Beauchamp and Childress 2019). Their affinity to digital ethics has previously been highlighted by Floridi et al. (2018), who state that “[o]f all areas of applied ethics, bioethics is the one that most closely resembles digital ethics in dealing ecologically with new forms of agents, patients, and environments”. Although limitations of their applicability to digital ethics have also been pointed out, referring to the comparative recency and heterogeneity of digital developments (Mittelstadt 2019), the four principles of biomedical ethics feature heavily in many digital ethics guidelines, albeit adjusted to the specific digital challenges discussed (e.g. Floridi et al. 2018; Jobin et al. 2019).

For the purpose of developing Merck’s CoDE, choosing an integrated methodology around Beauchamp and Childress’ principled ethics seemed plausible because the four-principle-approach has proven convenient to analysing a broad spectrum of ethical dilemmas in medicine and bioscience and has become one of the most influential frameworks in applied ethics generally over the past decades. Moreover, Merck has been successfully utilizing principle-based thinking and ethical analysis to guide business decisions in areas of regulatory uncertainty related to its healthcare and life science operations, e.g. by implementing ethical guidance of the Merck Bioethics Advisory Panel.

However, the four principles clearly cannot cover all ethical issues raised by data use and algorithmic systems. Therefore, we selected transparency as a fifth core principle. Transparency had by far the most mentions in the guidelines analysed (39 of 42, see Fig. 2) and works well as the core of a final cluster to structure related principles and to complement the clusters around the biomedical ethics principles. Although transparency has traditionally been regarded as an integral part of the autonomy principle in the field of bioethics, its reach beyond the individual patient perspective and its outstanding relevance for ethics in data and AI warrant its appreciation as a distinct principle in digital ethics. For example, while the asymmetry of information between a patient and a physician is an important factor influencing the autonomy principle in medical ethics, it does not fully capture the importance of transparency with regards to complex data ecosystems and algorithmic systems, which for the most part operate invisibly and are unintelligible to the vast majority of observers, yet affect far more people. The importance of transparency is reflected by how much consumer confidence depends on comprehension of, and trust in, digital offerings, including how and by whom data and results will be used (Safavi and Kalis 2020). Thus, we arrive at similar conclusions as Floridi et al. 2018, who chose explicability as a fifth key principle, which shares many features with the transparency principle as defined by us.

Indeed, these shared features can serve as an example to illustrate how we mapped the remaining 15 principles uncovered in our analysis to the five core principles. We sought to assign additional principles to each core principle to highlight and address its key aspects and characteristics. Assignment was initially undertaken independently by two team members, already resulting in a high level of agreement. Any remaining discrepancies were discussed by the entire team and resolved consensually. Initial attempts to map the principle explainability (which is synonymous with explicability) to one of our core principles resulted in uncertainty whether autonomy or transparency would provide a better fit. According to our final definition, “In the context of digital solutions, explainability means that users can understand how the results of algorithm-based processes are achieved [,] that users know the reason for their decision wherever they are directly or indirectly affected by automated decisions [and that] users receive sufficient information about the models used and the architecture of the algorithmic system”. This definition fits well with the core principle of transparency because explainability serves to increase transparency, but it also increases the autonomy of users by enabling them to make better-informed evaluations of the algorithms affecting them. We ultimately chose to assign explainability to autonomy, due to our definition’s focus on strengthening users’ decision-making abilities, but the strong connection to transparency obviously remains. The final mapping of the CoDE’s principles is shown in Fig. 4.

Fig. 4
figure 4

Final structure of the principles

Within each cluster of principles, descriptions follow a clear pattern. Each core principle (see Fig. 5) is introduced by (1) listing the other principles assigned to it; followed by (2) a definition of the core principle; (3) risks that may result from not respecting it; and (4) a description of the relationship between the core principle and the principles assigned to it. Subsidiary principles (see Fig. 6) are introduced by (1) stating the reference level(s) addressed by the principle—data, algorithmic systems or both—; followed by (2) a definition of the principle in the context of digital solutions; (3) the risks involved if it is not taken into account by organisations; (4) examples of solutions to help organisations counteract these risks and to preserve this principle; and (5) an explanation of why the principle supports the associated core principle.

Fig. 5
figure 5

Structure of the core principle autonomy

Fig. 6
figure 6

Structure of the subsidiary principle explainability

4.3 CoDE derivation

In the third and final step of this project, we sought to transform the principles into guidelines for ethical decision-making around digital applications and to present them in a CoDE that clearly expresses how Merck intends to handle its data and algorithmic systems and any associated services and products. The target audience of the CoDE should be everyone who develops, operates, uses or decides on the use of Merck’s digital offerings. Scrutiny of the existing guideline documents analysed by us revealed considerable heterogeneity. The level of reference, underlying principles and recommended measures or organisational elements were frequently not easily identifiable. Indeed, the translation of “lofty” principles (Mittelstadt 2019) into robust and operationalisable guidelines that can enable truly informed decisions on the ground has been identified as a key challenge for digital ethics (Floridi 2019; Blackman 2020; Morley et al. 2021a). We decided to tackle this challenge with a strong dual focus on clarity and operationalisability.

Towards this end, we first took advantage of the clear structure previously established for the 20 principles by mirroring this structure in the CoDE guidelines. By firmly grounding our guidelines on relevant principles well established in the current digital ethics literature and elucidating both their meaning and their relationships to each other, we strove to arrive at guidelines that are relatable and understandable from the various perspectives found inside a company such as Merck whilst also maintaining a strong connection to the academic discourse on digital ethics. We hope that this approach offers a more rigorous foundation for developing a strong practice of digital ethics in a company than a code of conduct compiled with less reflection and reference about the origin, meaning, and relationship of the principles underlying its guidelines. Moreover, this clear foundation offers Merck the opportunity to learn from, and respond to, new developments in both the academic discourse on digital ethics and the company’s own efforts to operationalise digital ethics throughout its practices, based on these guidelines.

We then selected three criteria to ensure operationalisability for business purposes and suitable to Merck’s diverse activities and needs in the digital sphere. Further analysis of existing digital ethics guidelines (ITI 2017) as well as consultation of best practice recommendations from the established field of corporate social responsibility (FMLS 2020) convinced us that for successful operationalisation, guidelines should (1) avoid oversimplified closed normative statements (“dos and don’ts”), (2) instead strive to be universal (i.e. not limited to specific applications, technologies, ventures or measures) and (3) be open to multiple perspectives (i.e. not limited to addressing specific stakeholders). At the same time, the guidelines should be written from the perspective of Merck as a private-sector company with digital offerings and follow a consistent structure that clearly expresses the commitment of the company to each principle discussed and elaborates on specific intentions for implementing these commitments.

Figure 7 illustrates the result of employing these criteria, using as an example the core guideline autonomy and its subsidiary guidelines. Each core guideline consists of a central statement that shows what Merck wants to achieve, followed by an elaboration of the content of the statement, the reference level(s) addressed, and an explanation of which subsidiary guidelines, derived from which principles, support the organisation in following this specific core guideline. The subsidiary guidelines follow the same structure, and the contents of all statements are derived from the principles on which these guidelines are based.

Fig. 7
figure 7

Final structure of the guidelines

The full CoDE, including the preamble which explains the structure of the guidelines and introduces the CoDE’s aim, building on the five fundamental topics identified in the analysis step (4.1), can be found in Online Resource 2.

5 Discussion

Our goal was to identify principles suitable for the development of a Code of Digital Ethics for Merck and to transform these into clear guidelines that lay the foundation for operationalising ethical reflection, evaluation and decision-making across the full spectrum of digital developments encountered and undertaken by the company. The CoDE should furthermore serve to clearly communicate to customers, business partners, and other external stakeholders the principles that underlie Merck’s decision-making around its digital offerings, policies and initiatives.

A simple compilation of high-level principles would likely have been too unwieldy and unstructured for these purposes, which is why we chose to further cluster and hierarchically order the individual principles. Even a cursory glance at other guideline documents and meta-analyses of such guideline documents shows that there are many ways to define, label and structure the principles, values and recurring topics at the heart of digital ethics. Our final five-by-four matrix of five core and 15 subsidiary principles resembles the structuring proposed by Floridi et al. 2018 but works with a somewhat different set and mapping of principles tailored to the needs of Merck’s businesses. Others have chosen similar but longer (Jobin et al. 2019) or shorter (AI HLEG 2019) lists of core principles or hierarchical structures that appear quite different (Fjeld et al. 2020; Zeng et al. 2018), or they have foregone attempts at hierarchical structuring entirely (Hagendorff 2020). We believe that the nested structure chosen by us, with its clear overview at the top level of core guidelines and the details and relational information added by the subsidiary guidelines and levels of reference is well suited for a code that aims to be broadly accessible for diverse stakeholders and yet sufficiently nuanced to guide ethical decision-making in complex business contexts.

The very heterogeneity of digital developments has been proposed as an obstacle to finding common principles or rules that will be applicable across all potential ethical facets of the digital transformation and has highlighted the importance of devising and combining tailor-made solutions for different stakeholders, to enable them to share responsibility (Mittelstadt 2019; Blackman 2020; Deutscher Ethikrat 2017). This makes it all the more important to be clear about the process by which certain principles are defined or given priority, as well as the relationships between principles and the reference levels—data and/or algorithmic systems—addressed by them. Such clarity of structure, which we have strived to achieve in the CoDE, helps different actors and stakeholders to understand each other and to find common ground whilst recognising important differences in their perspectives and needs. As a multinational company operating across several sectors and comprising different businesses and partnerships, Merck relies on creating such understanding and common ground between different parties.

By selecting a scientific methodology for creating the CoDE and fully documenting the process we also wish to offer a transparent baseline for other companies that may face similar challenges to obtain ethical guidance for digital innovation in a complex business environment. At the same time, our approach creates the opportunity to participate in the academic discourse on digital ethics and to learn from any feedback and further developments in the field that may inform the ongoing operationalisation and refinement of our own ethical guidance in the digital sphere. We consider such engagement essential to appropriately continue and further develop a process of reflection on, and implementation of, digital ethics in a multifaceted science and technology company such as Merck.

Given the variety of viewpoints, ventures and challenges encountered in the context of digital innovation we designed the CoDE as a multi-purpose tool—a robust framework for consistent ethical analysis and decision making that can be adapted to diverse business cases and against different national, international and culturally varied backgrounds. The three criteria applied during the formulation of the CoDE’s guidelines—avoidance of closed normative statements; preference for universality; and openness to multiple perspectives—have yielded a document that we hope will be easy to operationalise in such varied situations. Towards this end, Merck’s new Digital Ethics Advisory Panel is currently utilising the CoDE in a first test case for operationalisation to tackle ethical questions around patient data sharing that have arisen at Syntropy, with promising initial results. Other operationalisation efforts currently under development include the development of a tool that will enable standardized use of the CoDE in evaluating the criticality of data analysis projects.

We thus believe that the CoDE constitutes a suitable tool to accompany digital innovation and associated business decisions by sound ethical reasoning. Actively employing this tool, and clearly explaining the selection and meaning of the principles that guide digital offerings, can serve to create trust, transparency and, perhaps, competitive advantage.