Skip to main content

Being a data professional: give voice to value in a data driven society


Data Analytics needs to have ethical standards. There are numerous examples of why this is so, and the paper cites four particularly egregious ones. The paper offers both reasons why such standards are currently missing or inadequate, and how they might best be introduced, or refined. Some Codes of Ethics, such as the Software Engineering Code of Ethics and Professional Practice, the ACM and IFIP Codes of Ethics, and the Web Analyst’s Code of Ethics are discussed, compared, and contrasted. The paper offers a comparative study, to help inform the process of the drawing up of guidelines where it is best undertaken, within the profession itself.


The central claim of this paper is that Data Analytics needs to have ethical standards. Our contribution is to isolate both reasons why such standards are currently missing or inadequate, and how they might best be introduced, or refined. Without appropriate standards, data analytics professionals can find themselves contributing to public harm, or, where they are resisting such harms, lacking the coherence and professional muscle a dedicated and properly focused Data Professional Code of Ethics might give them.

The public harm to which data analytics professionals are currently contributing is well documented. Just four headline-grabbing examples will paint a picture of a profession in crisis. First, the much-publicized scandal around the now defunct data-harvesting firm, Cambridge Analytica, in which the personal data of Facebook users was used for the micro-targeting of often deliberately misleading political adverts [6, 7]. Second, Hoan Ton-That’s new facial recognition app, Clearview AI, being used already by law enforcement agencies ranging from local police forces in Florida to the F.B.I. and the Department of Homeland Security [20]. Clearview AI incorporates a database of more than 3 billion images scraped from Facebook, YouTube, and other websites, and facial recognition software enabling you to take a picture of someone’s face with your smartphone, and immediately see other photos of them in the app—all too often revealing their identity [20]. Third, the epidemic of covert web tracking means that almost any website we now visit will be sending data about us to dozens of third parties, without our knowledge or consent, data which may follow us on Bluetooth and Public WiFi into physical public spaces, linking our behavior online with our physical movements and purchasing activity. As the Electronic Frontier Foundation author Bennett Cyphers describes it, “Corporations have built a hall of one-way mirrors: from the inside, you can see only apps, web pages, ads, and yourself reflected by social media. But in the shadows behind the glass, trackers quietly take notes on nearly everything you do. These trackers are not omniscient, but they are widespread and indiscriminate.” [11]

Fourth, and last, reminding us that a society can be judged on how it treats its weakest members, the phenomenon of welfare surveillance, by which AI and risk modelling are used in the administration of welfare benefits—the “digital welfare state” as campaigners decry it [45]—has been ruled a contravention of human rights by a Dutch Court, with an immediate halt to an automated surveillance system for detecting welfare fraud being ordered across the Netherlands [19]. Whether other countries, already implementing such systems, follow suit, remains to be seen.

Motivated, perhaps, by the egregiousness of the above, and similar examples, some Data Analytics professionals have in recent years been trying to prevent public harm by publicly displaying ethical standards, in ways potentially threatening to their employment. Famously, more than 4000 employees of Google signed a petition in 2018 to stop the company from developing technology for war. ‘Project Maven’, designed to enhance the analysis of drone footage with artificial intelligence—weaponizing facial and object recognition software — caused “about a dozen” employees to simply walk out [10]. The International Committee for Robot Arms Control published an open letter in support of these employees, signed by over 1000 academics and technical professionals, opposing Google’s participation in the project [21].

Similarly, Wayfair employees have protested about online sales to detention centers [18], and Amazon employees have complained about the company’s climate failures [33], among many other examples of a growing trend of activism amongst technology sector workers.

Now, although we do know that several people (ACM members at Google) actually cited the ACM Code of Ethics while resisting both Maven and Googles’ Dragonfly project [13], we do not know if codes of ethics inspired all of the ethical activism alluded to above. Codes of ethics, nonetheless, we can infer, give voice to the values of a profession, and can be used to educate aspiring professionals and help guide practitioners in their decision-making. When codes are supported from the top this reinforces an ethical culture that reinforces such actions. In the case of computing codes, we have seen the ACM Code also cited in the Oracle v. Google case about the Java API [31] and by the New York Times [27].

Additionally, it is clear that codes as documents expressing professional values need to be promoted and supported or they may be misused [46]. The misuse of ethics has been dubbed “ethics-washing”, or ethics theatre, where companies or organizations give the appearance of being very concerned about ethics to avoid the application of external regulations, whilst doing little to mitigate or respond positively to ethical concerns when they do arise. For example, promoting “AI for Good” while developing and selling questionable surveillance software is ethics-washing. This approach creates dissonance for the computing professional. Codes, therefore, need both support from the top and ground-level support to avoid their use by professional organizations and corporations as ethics-washing or their application by individuals viewed merely as boxes to be checked rather than a significant ethical decision.

The examples we have given highlight, however, single-issue concerns that were able to galvanize wide support. We argue in this paper, that these attempts, by Data Analytics professionals, to behave more ethically, and to force the companies they work for to abide by more ethical standards, could not just have been strengthened by a widely adopted Data Analytics Professional Code of Ethics—developed by and within the profession—but that such a Code would work in the minutiae of the daily activities of such professionals towards steering the application of Data Analytics for the public good, rather than merely trying to prevent the worst excesses of public harm. Academic work in this direction is evidenced by the EU Commission’s High-Level Expert Group on Artificial Intelligence [9], the Oxford Internet Institute’s ‘Governance of Emerging Technologies’ research program [32] and by the publications of, for example, Virginia Dignum [15, 44]. However, a dedicated Code is something that requires not just philosophical underpinnings, but a collaborative, bottom-up approach, as we argue in the following sections of this paper.


Over recent decades, to help software professionals address ethics opportunities and risk in computing, codified principles have been developed. Computing societies have tried to address the ethical obligations of computing professionals and to support the development of laws limiting the impact of unskilled or malicious developers. A recent World Economic Forum white paper on the “Responsible Use of Technology” repeatedly uses the phrase “new and disruptive technologies” [38]. This reflects a distrust in software developer's positive intentions that is challenged by the concerns highlighted in our introduction, and by industrial incidents like the Volkswagen emission testing fraud, and the crash of Boeing CMAX aircraft [40]. Review boards for software safety and certification standards have been developed for safety–critical software in attempts to help strengthen this trust, but, as yet, the data analytics profession lacks ethical oversight in the ‘wild west’ of the web, where it is beginning to have significant societal impact.

New practical applications of data analytics include using algorithms to identify new relationships predicting future behavior. Such systems incorporate underlying assumptions that some identified relationships can be deemed ‘meaningful’ and represent actual cause–effect relationships. Causality in information systems is an area of growing concern [25, 28], and such algorithmic assumptions are increasingly questioned. The “choice” of which relations actually represent a causal relationship is critical. In facial recognition systems, for example, a relationship between black skin and criminality coded into the algorithm reflects human bias, and not reality. Additional problems include variable reliability of data, and whether data are intentionally or accidentally biased or corrupted [8]. The profession is vulnerable to charges of unreasonable “algorithmic decision-making, profiling of individuals, and control and surveillance of individuals and lack of transparency…” [15, 29, 48]. Unexpected and biased outputs, for example, favoring privately educated students, and disproportionately downgrading their more deprived peers, in the UK’s algorithm calculated ‘A-level’ results fiasco, replacing actual examinations in the Summer of 2020, can have life-shattering effects [43].

A recent example of a failure to respect people, through the deliberate use of data to manipulate, has of course been seen in relation to social media giant, Facebook. A former Cambridge Analytica employee who blew the whistle on Facebook’s data collection practices, has claimed the 2016 Trump campaign wanted psychometrics for the purpose of nudging people’s ‘inner demons.’ “In what remains a murky and ethically dubious exchange, it appears that Kogan claimed to Facebook that he was collecting these data for only academic purposes, despite the clear commercial intent of his contract with SCL (page 67) and discussion of commercial purposes with his home university. Reselling these data in the fashion, GSR was contracted for was clearly a violation of Facebook’s terms of service. Facebook overlooked red flags about the amount of data being collected because of Kogan’s academic credentials, and now claims that he deceived people at Facebook about his intents” [30].

Yet, most data practitioners are well-intentioned individuals whose normal ethical insights are stretched by the ways their new technologies impact society—hence the examples above of attempts to prevent public harm. Moreover, ethics is a matter of professionalism, generally understood as being outside the purview of law and regulation. Though the law often embodies ethical principles, law and ethics are not co-extensive; laws are created based on a society’s ethics, to enforce behaviours we are expected to follow, but ethics suggest what we ought to follow, and help us explore options to improve our decision-making. The scope of this paper is that the only code of ethics available in this sector is inadequate, and needs improving.

Now, many codes are written to merely exact punishment for a failure to follow the organization’s code (retributive justice) rather than to provide proactive guidance to aid in following the rules in novel and complex situations. We argue such a focus needs to change from ‘retributive’ ethics, which blindly concentrates on blame and retribution for unintentional misdeeds or negative ethical consequences, towards a positive ‘proactive’ ethics, which helps guide the data professional, towards avoiding or mitigating any negative impacts of their well-intended choices. Data professionals, in short, need help determining which of their skills to apply in complex situations.

Data professional and the fatal premise

What is a data professional?

A profession generally deals with a complex information domain that can significantly impact people positively or negatively. Work in these domains generally requires some form of accreditation by a sponsoring organization or a legislature, or permission recognized by a license. Part of the accreditation requires evidence of certified mastery of the relevant skills by education and apprenticeship. It also requires a commitment to use these skills in a positive way which is defined by the particular profession’s code of ethics. The administration of a legally recognized profession is managed by law and the profession’s self-defined regulations. In general, professionals are allowed to regulate themselves because they promise to use their skills in the service of society and have a social good associated with the profession; e.g. doctors facilitate health, teachers facilitate education.

Medicine law, accountancy, and architecture are legally recognized professions where membership in a professional organization and adherence to its code of ethics are grounds or conditions of continued membership in that organization and for continued permission to practice that profession. Research has shown that at a high level of abstraction, these codes all focus on nine common principles: Be impartial, Disclose information others ought to know, Respect the rights of others, Treat others justly, Take responsibility for your actions, Take responsibility for those you supervise, Maintain your integrity, Continually improve your abilities, and Share your knowledge, expertise, and value [37]. These principles are then further explained in their application to particular professions.

Some occupations, like teachers, and computer practitioners, have organizational bodies and the practitioners are not legislatively or formally recognized as professionals, but their work nonetheless has such an impact on society that they too share the moral responsibility of licensed professionals. These organizations adopt codes of ethics to help educate aspiring members concerning their ethical obligations, to help practitioners engage in ethical decision-making, and to educate the public about what to expect from them. Following these standards is what distinguishes a professional from an ordinary practitioner. Professionals thus have a unique work ethic that requires of them a higher order of care beyond following minimalistic laws. Professionals pledge to use their skills for the good of society and not merely act as agents for the client doing whatever a client asks [24]. This is different from the principle of “due care”. For example, plumbers are responsible for ensuring the results of their work will not injure their customers or users of the plumbing system. But the plumber does not bear the responsibility to advise the customer concerning potential negative impacts a new system may have on the customer’s business, customer’s quality of life, or the environment. The computing professional commits to a “higher degree of care” for those affected by a computing product [23]. The concern to maximize the positive effects for those affected by computing artifacts goes beyond “due care”, beyond mere avoidance of direct harm. The additional layer of ‘positive responsibility’ [17] is what is necessary to change a practitioner into a professional. Positive responsibility incorporates moral responsibility and what is ethically commendable. So, a ‘data professional ethics’ should recognize the nature of data analysis as a service to society beyond ‘due care,’ and data professionals would be accountable for the consequences of their decisions on society. The specification of this requires a data professional code of ethics at a lower level of abstraction than a more general computing code of ethics, to state the conscience of the profession, provide a tool for ethical decision-making, and to educate the public about what to expect from the ethical data professional.

The concept of a higher order of care is often overlooked in developing highly complex software. There are several reasons for this. Sometimes issues are missed because of groupthink. The group is not diverse enough to anticipate particular problems or identify the need for a particular type of testing. Data analysts are mostly Asian or white males. While 59% of the American workforce is female, in a Forbes study of all the technical education fields, data science had the lowest representation of female students, at just 35.3% [36]. Less than half of those women went on to work in the field; within Data and Analytics, less than 17% of all roles are filled by women [5]. Forbes also reports that the profession is 70% Asian/white. This lack of diversity in gender and skin tone contributed to the problems Google had when biased facial recognition software only recognized people if they had pale skin [42].

This lack of diversity is not the only reason for some ethical missteps. Although according to Forbes, 90% of data analysts have college degrees, the curricula do not generally include any study of the humanities or ethics which would help practitioners develop ethical identification and reasoning skills. A study done by the ACM task force developing a data analytics curriculum found that “Nearly all of the programs offering a bachelor’s degree in data science required courses in programming skills and statistics. In addition, the majority of programs also required data management principles, probability, data structures and algorithms, data visualization, data mining, and machine learning” [2]. Only some of the programs offered courses in ethics. Not only is there a lack of training, but the same report indicated that “industry respondents did not report data security and privacy as a required competency area for job applicants” [2].

‘Data security and privacy’ are what many industries consider to be the totality of ethical concerns. Given this lack of diversity and training, there is no firm foundation for data analysts to tackle ethical problems. The right-minded, well-intentioned data analyst faces another problem in pursuing ethical choices which is not about their training, but about human nature.

The fatal premise

In a talk on “Professionalism in Computing”, Tom DeMarco described a position that often leads to ethical issues. He called it “The Fatal Premise”. Often professionals believe “Evil is done by evil people; I am not an evil person and therefore I cannot do evil” [14]. Professionals who take this view go into the world ethically unarmed. This is an ethical blank check, in other words, where they think anything they do is acceptable.

Psychological studies on ethical decision-making [4] show that DeMarco’s Fatal Premise is very common. In an effort to professionalize, this premise is manifested when an organization puts its primary focus on skills acquisition, leaving training about the need to consider the impacts of technical decisions on society as an afterthought. Although the International Federation for Information Processing established Four Pillars of Professionalism [23], the primary emphasis of this initiative has been on establishing and updating skills frameworks and skills certification. In the early 1990s, the Association for Computing Machinery debated whether social impact discussion should even be included in their standard curriculum. Ethics in an early ACM curriculum merely required that students “must be able to anticipate the impact of introducing given product into a given environment…” [47].

Only partially professional—due care

The Fatal Premise thus only supports a limited view of professionalism, where the primary responsibility of the professional is just the successful application of their technical skills in the competent creation of a product. The concept of “a higher order of care” is overlooked. The complexity of computing and its rapid changes often lead even the most conscientious workers to focus primarily on the technical issues of completing a task. This added concentration is understandable. The way ICT systems work in the logic of programs and algorithms is distinct from work on other commodities. The logic and structure of a software solution follow a continuous model where a single flaw can bring down the whole system, rather than a discrete model where a single flaw like a missing nail in a building will not destroy the building. Software solutions that direct and manipulate this computing power are complex. So, without attention to the guidance provided by computing ethics, it is difficult for developers to anticipate the impacts of what they are working on.

Many professional technical societies maintain the profession’s body of knowledge and provide support to the professional members. The Digital Analytics Association is one such society. Their mission statement is “Advancing the use of data to understand and improve the digital world through professional development and community.” The DAA [12] lists their support for the professional data analyst as: standardize terms; influence legislation; develop training and certification to strengthen professionalism; and promote common interests.

This emphasis is inward-looking, on positive effects for their members. Many such professional organizations primarily focus on training and skills; they also promote laws to put malicious or unskilled people in jail, or to certify skilled people. Ethical behavior—in line with the Fatal Premise—is assumed. Now, most people’s ethical decisions, it is true, are easy, based on effective training we have had from parents, peers, schools, legal rules, and religions. But, the potential impacts of data analytics were not known or addressed by any of this training; people in general are unprepared to deal with electronic stalking, harassment, and surveillance on social media, or third-party tracking. Ethical decisions about these kinds of problems are not second nature for us. Using big data to predict your behavior and thoughts is not analogous to someone reading your mail. We have no decision patterns based on previous experience about these new possibilities. This lack of past experience explains in part some of our confusion about professional data ethics.

Although the DAA makes statements about how data analysts will protect data in their care, at the moment, there are no clear statements about what constitutes ethical versus unethical use of big data. This is a significant problem for Professional Digital Analytics.

Applied ethics is an essential part of being a data professional

A Professional Code of Ethics identifies core values on which a profession’s mission is based. It summarizes broad ethical principles that reflect the profession’s core values and establishes a set of specific ethical standards that should be used to guide professional practice. For data professionals, ethics should be about any behavior in the performance of their profession that has either a positive or negative impact on anybody, that means any decision which impacts others. A higher order of care requires that a data professional approaches every expression in an algorithm that affects others as an ethical decision, guided by the values expressed in their Professional Code of Ethics. Every choice of what level of reliability and clarity of data to use is an ethical decision. Ethics, thus, is outward-facing.

Giving voice to values as a data professional: ethically armed for professional practice

An effective professional code of ethics identifies ethical values or the conscience of a profession, distilled into a set of principles. It then provides some insight into using those principles in an analysis to determine the appropriate form of behavior, and then—with the support of the global community who accept those principles—gives them the moral courage to do it. Crucially, professionalism maintains a proactive posture toward potential risks. An anticipatory approach produces better artifacts more efficiently; the same is true for ethics. By adopting a proactive attitude, the professional can avoid many ethical problems.

Positive responsibility in codes of ethics

Because of their roles, professionals have significant opportunities to do good or cause harm, to enable others to do good or cause harm, or to influence others to do good or cause harm. Two recent computing codes of ethics address these possibilities and embody the goals of the computing profession. The Software Engineering Code of Ethics and Professional Practice (SECEPP) [16, 41] has been initially adopted by both the IEEE–Computer Society and the Association for Computing Machinery (ACM). SECEPP is unique in that it, unlike other codes, is intended as the Code for a profession and is distinctive in that it has been initially adopted by two international computing societies. It has more recently been adopted by industry organizations and by other professional societies including the Spanish Software Engineering Society.

In 2018, the ACM completed a three-year project to update its 1992 Code of Ethics (ACMCoE). The guiding principle of the update was to identify the global principles of the computing profession which could be used to help guide the aspirations of all computing professionals in doing their work. The participation of professionals from around the world in developing the ACM Code of Ethics demonstrated that the global computing community understands the impact their work has—and that they take seriously their obligation to the public good.

Both these codes indicate that a professional’s responsibility goes beyond the application of technical skills to produce a product. There is a clear ethical commitment to quality, and that the professional has a responsibility to the client and to the product. Both Codes advocate a higher order of care and emphasize the professional’s responsibility to society. They explicitly extend professional responsibility to all stakeholders. They encourage professionals to see their actions and decisions as part of and contributing to a broader global social community.

The Preamble to SECEPP addresses several specific problems with codes of ethics in general [26]:

  1. 1.

    What to do if two principles in the Code seem to conflict? Which principle has priority?—SECEPP gives priority to human well-being as the decision tool.

  2. 2.

    SECEPP includes a paragraph on how to use the Code in decision-making. “These principles should influence SE to consider broadly who is affected by their work, to examine if they or their colleagues are treating others with due respect…”.

  3. 3.

    It specifically denies that the Code is to be viewed as a complete list.

  4. 4.

    SECEPP makes it clear that one supports the profession by being responsible to people who are affected by software engineering products, so the SECEPP requires software engineers to speak out against shoddy work.

Ladd [26] further argues that codes of ethics are oxymoronic because ethics requires autonomy of the individual while a code assumes the legitimacy of an external authority imposing rule and order on that individual. This may be true of canonical codes with categorical imperatives, but both the ACMCoE and SECEPP are aspirational codes providing principled aspirational guidance. The ACM Code includes principles formulated as statements of responsibility, based on the understanding that the public good is always the primary consideration.

Two clauses were added to ACMCoE to facilitate addressing the public good. One clause provides a standard to help resolve ethical tension that may exist among Code principles in a particular situation: “3.4 Ensure that the public good is a central concern during all professional computing work.” This type of clause in an ethics code is often called a “paramountcy clause.” It helps a decision-maker determine what has priority in her decision. Because it includes this clause, the Code emphasizes the professional’s obligations to the public at large. This obligation should be the final arbiter in all professional decisions.

Data analytics due care

Now, a major data analytics code of ethics, consisting of 5 primary principles, has been developed and supported by the Digital Analytics Association. This “Web Analyst’s Code of Ethics” [35] “represents an industry effort to treat consumer data with the respect and attention it deserves. It is a commitment to data stewardship and an effort to educate organizations and Internet users globally of digital data collection and utilization practices.” It is highly laudable that such an effort has been made. Unfortunately, this Code is a commitment to the data, not society.

The principles are:

  1. 1.

    PRIVACY—I hold consumer data in the highest regard and will do everything in my power to keep personally identifiable consumer data safe, secure, and private….

  2. 2.

    TRANSPARENCY—encourage full disclosure of my clients/employer consumer data collection practices and to encourage communication of how that data will be used in clear and understandable language.., work with my clients/employer to ensure that the privacy policy is up-to-date and provides a clear and truthful reflection of our collection

  3. 3.

    CONSUMER CONTROL—inform and empower consumers to opt out of my clients/employer data collection practices and to document ways to do this.

  4. 4.

    EDUCATION—educate my clients/employer about the types of data collected, and the potential risks to consumers associated with those data.

  5. 5.

    ACCOUNTABILITY—act as a steward of customer data and to uphold the consumers’ right to privacy as governed by my clients/employer and applicable laws and regulations [35].

There is an absence of a higher order of care principle in this Code. Each element falls short of a higher order of care. The Privacy principle only identifies personally identifiable information. Some are arguing for higher standards—“demographically identifiable data”—a broader classification than Personally Identifiable Information (PII)—which could cause various harms to entire classes of people [39]. The transparency principle only addresses making a clear statement to client and employer about data collection practices, omitting to notify the information producer of any potential risks. In the Consumer Control principle, only opt-out is addressed. There is no warning to the consumer of potential danger or ethical problems nor is there a commitment to change things if a problem is noted. Although there is care about how the data is used, the professional should use their skill to mitigate ethical risks, not just allow injured stakeholders to opt out. In the education principle, there is only attention to educating management and no suggestion of corrective action on the data analyst’s part if these principles of privacy are violated. The analyst’s accountability is to the law and to their employers not to society.

The Web Analysts Code of Ethics fails to be a data professional code of ethics, as we have described above, because it only advocates a technically competent creation of what the client wants or a technically competent execution of the client’s requested service. In this ‘competent creation’ model, questions of professional responsibility are not considered, or they are considered secondary to simply satisfying the technical aspects of the customer’s request. If the customer is dissatisfied with the product, then the process continues and it is the customer who must opt out. Finally, it should be remembered that the Web Analytics Code of Ethics was the draft of a single individual in a 24-h period, which was then modified by the Data Analytics Association and others [34]. This Code is not a condition of membership in the Data Analytics Association.

Multinational codes of ethics

Clearly there is a need to modify codes like the DAA Code to provide more guidance for the ethical decisions data professionals are forced to make—and might be unaware they are making—daily, all over the world.

Developing a code of ethics should be a collaborative effort that involves all of the stakeholders in a community. It needs to establish principles that are intended to function as a foundation or outline of what a universal code of ethics should emphasize. Computing professionals have more in common than separates them. Different nationalities have diverse cultures, but multinational organizations based on a common profession share significant values. Computing professionals from different nationalities may disagree about how many times you kiss on the cheek in greeting but they will not disagree about the significance of testing a pacemaker’s software. Those common values are the values to be embodied in a Code for the data analytics field. Professional ethics is not relative, as a Code based on cultural differences would imply. A good professional Code articulates the global values of the profession, not the differences of the cultures. Intercultural global values all have in common established discursive ethics on which we can make decisions. Interestingly, an evaluation of the ACMCoE from an Islamic viewpoint revealed that it shared many similar ethical values with the Quran and Hadiths (sayings of the Prophet) [3].

The involvement of multiple stakeholders from across the profession, therefore, is an important part of the development of a successful Code of Professional Ethics. SECEPP was developed by a multinational task force with additional inputs from other practicing professionals, and other representatives from industry, governments, military, and education. SECEPP was developed in the international arena; reviews, redrafts and balloting on the code were conducted, and an international consensus on what software engineers and computing professionals believe to be their professional ethical obligation was sought. SECEPP was published in multiple versions for review and revision including the formal review process for becoming an IEEE technical standard. The Code passed that review and was unanimously approved by the governing bodies of the ACM and the IEEE-Computer Society.

The ACM Code development followed a similar path of transparent development across continents. This was a repeated process of review and revise, circulate for comment—with adequate response time, review the comments and revise, until satisfied the best of what had been received was captured, and then seek a public response. The development process was open to all. One did not have to be a member of the ACM.

This transparent methodology has positive results. Both codes went through rigorous reviews before passage. Each revised Principle in ACMCoE received over 96% positive response and the Clause of SECEPP passed an international IEEE technical standard review. The success of the effort at identifying common global values for the profession is better indicated by the adoption of the Codes by other professional societies or the incorporation of the principles they identified into individual societies codes. The ACMCoE, moreover, has recently been adopted by the International Federation for Information Processing (IFIP), representing over 38 countries and regions [22].

Recommendation to professional society on code development

A professional code of ethics defines a profession’s commitment to a social good associated with that profession. Public good, rather than merely advocating technical skill or trying to prevent the worst excesses of public harm, must be the key underpinning values of a Code of Ethics.

Such a Code’s imperatives are the ethical glue that connects our professional practices to society. It is not sufficient to limit any computer discipline to addressing purely technical issues. As a profession, we must not retreat behind the obscurity and complexity of computing artifacts. We must acknowledge and embrace our role in shaping society and take responsibility for our part in those changes. Codes of ethics can never completely define every single circumstance, but they can provide principles to help guide our judgment. We need to revisit digital analytics’ ethical standards beyond the “stewardship of data” to clarify how they apply to the decisions of data professionals.


  1. 1.

    ACM Code of Ethics and Professional Conduct. ISBN 978-1-4503-6626–7 Copyright © 2018 by the Association for Computing Machinery, Inc. (ACM)

  2. 2.

    ACM Data Science Task Force (2019) Computing Competencies for Undergraduate Data Science Curricula. ACM.

  3. 3.

    Al-A‟ali, M.: Computer ethics for the computer professional from an Islamic point of view. J. Inf. Commun. Ethics Soc. 6(1), 28–45 (2008)

    Article  Google Scholar 

  4. 4.

    Bazerman, M., Tenbrunsel, A.: Blind Spots: Why We Fail to DO What’s Right and What to Do about IT. Princeton University Press, ISBN 9780691156224 (2011)

  5. 5.

    Butler, A.: The Gender Gap in Data Analytics (2020)

  6. 6.

    Cadwalladr, C.: Tech Is Disrupting All before It: Even Democracy Is in Its Sights: The Information Revolution Is Threatening Our Political System. The Observer. (2016)

  7. 7.

    Cadwalladr, C: Fresh Cambridge Analytica leak ‘shows global manipulation is out of control. The Observer (2020)

  8. 8.

    Clarke, R.: Big data, big risks. Inf. Syst. J. 26(1), 77–90 (2016).

    Article  Google Scholar 

  9. 9.

    Coeckelbergh, M.: AI ethics. MIT Press, Cambridge (2020)

    Book  Google Scholar 

  10. 10.

    Conger, K.: Google Employees Resign in Protest Against Pentagon Contract. (2018)

  11. 11.

    Cyphers, B.: Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance. (2019)

  12. 12.

    DAA Digital Analytics Association (2020)

  13. 13.

    Daniel, E.: What is Project Dragonfly, Google’s controversial venture? Verdict. (2018)

  14. 14.

    DeMarco, T.: (2012) The Responsible Software Engineer: Selected Readings in IT Professionalism. In: Colin, M., Tracy, H., Dave, P. (eds.) Springer Science & Business Media, p. 4

  15. 15.

    Dignum, V.: Responsible artificial intelligence. Springer, Cham (2019)

    Book  Google Scholar 

  16. 16.

    Gotterbarn, D., Miller, K., Rogerson, S.: Software Engineering Code of Ethics is approved, vol. 42, No. 10. Communications of the ACM (1999)

  17. 17.

    Gotterbarn, D.: Informatics and professional responsibility. Sci. Eng. Ethics 7(2), 221–230 (2001)

    Article  Google Scholar 

  18. 18.

    Helmore, E.: Wayfair employees walk out in protest over sales to migrant detention camps (2019)

  19. 19.

    Henley, J., Booth, R.: Welfare surveillance system violates human rights, Dutch court rules. The Guardian (2020). Accessed 9 Feb 2020

  20. 20.

    Hill, K.: The Secretive Company That Might End Privacy as We Know It The New York Times (2020)

  21. 21.

    ICRAC. Open Letter in Support of Google Employees and Tech Workers (2018)

  22. 22.

    IFIP Code of Ethics. Adoption announcement

  23. 23.

    IP3: IP Three Declaration, World Computer Congress 2008. (2008)

  24. 24.

    Kreps, D.: Corporations and professionalism: awkward bed-fellows? J. Inf. Commun. Ethics Soc. (2017).

    Article  Google Scholar 

  25. 25.

    Kreps, D., Rowe, F., Muirhead, J.: Understanding Digital Events: process philosophy and causal autonomy. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020). 7–11 Jan 2020

  26. 26.

    Ladd, J.: The Quest for a Code of Professional Ethics: An Intellectual and Moral Confusion Ethical issues in the use of computers, pp. 8–13. Deborah G. Johnson, John W Snapper (1985)

  27. 27.

    Markoff, J.: Apple’s Engineers, If Defiant, Would Be in Sync With Ethics Code. The New York Times Bits Blog. (2016)

  28. 28.

    Markus, L., Rowe, F.: Is IT changing the world? Conceptions of causality for information systems theorizing. MIS Q. 42(4), 1255–1280 (2018)

    Google Scholar 

  29. 29.

    Martin, K.E.: Ethical issues in the big data industry. MIS Q. Exec. 14(2), 67–85 (2015)

    Google Scholar 

  30. 30.

    Metcalf, J.: Facebook may stop the data leaks, but it’s too late: Cambridge Analytica’s models live on. MIT Technology Review (2018)

  31. 31.

    Mullin, J.: Google Puts Its Expert on the Stand to Combat Oracle, Wraps up Its Case. Ars Technica. (2016)

  32. 32.

    OII: Governance of Emerging Technologies Research Programme (2020)

  33. 33.

    Paul, K.: Hundreds of workers defy Amazon rules to protest company's climate failures (2020)

  34. 34.

    Peterson, E.: The Web Analyst’s Code of Ethics. (2011)

  35. 35.

    Peterson, E., Lovett, J.: The Web Analyst's Code of Ethics. (2011)

  36. 36.

    Priceonomics (2017) The Data Science Diversity Gap

  37. 37.

    Quinn, T. M. J.: ‘Professional ethics’, in Ethics for the Information Age, Pearson/Addison-Wesley, Boston, Chapter 9, pp. 428-429 (2017)

  38. 38.

    Quintanilla, P., Allison‐Hope, D., Darnton, H., Hunter, A.: Responsible Use of Technology World Economic Forum (2019)

  39. 39.

    Raymond N.A.: Beyond “Do No Harm” and Individual Consent: Reckoning with the Emerging Ethical Challenges of Civil Society’s Use of Data. In: Taylor L., Floridi L., van der Sloot B.: (eds.) Group Privacy. Philosophical Studies Series, vol 126. Springer, Cham (2017)

  40. 40.

    Schaper, D.: Boeing Safety Engineer Filed Ethics Complaint Last Year Over 737 Max Safety Upgrades (2019)

  41. 41.

    SECEPP IEEE-CS/ACM Joint Task Force on Software Engineering Ethics and Professional Practices, Software Engineering Code of Ethics and Professional Practice. Science and Engineering Ethics. 7(2), 231–238 (2001)

  42. 42.

    Simonite, T.: The Best Algorithms Struggle to Recognize Black Faces. Wired. (2019)

  43. 43.

    Smith, H.: Algorithmic bias: should students pay the price? AI Soc. (2020).

    Article  Google Scholar 

  44. 44.

    Theodorou, A., Dignum, V.: Towards ethical and socio-legal governance in AI. Nat. Mach. Intell 2 10–12 (2020)

  45. 45.

    Toh, A.: Welfare surveillance on trial in the Netherlands. (2019)

  46. 46.

    Tractenberg, R.E., Russell, A.J., Morgan, G.J., Fitz Gerald, K.T., Collmann, J., Vinsel, L., Steinmann, M., Dolling, L.M.: Using ethical reasoning to amplify the reach and resonance of professional codes of conduct in training big data scientists. Sci. Eng. Ethics (2015).

    Article  Google Scholar 

  47. 47.

    Tucker, A.B.: Computing Curriculum 1991. Communications of the ACM, 34, 6

  48. 48.

    Zuboff, S.: The age of surveillance capitalism. Profile Books, London (2019)

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to David Kreps.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Gotterbarn, D., Kreps, D. Being a data professional: give voice to value in a data driven society. AI Ethics 1, 195–203 (2021).

Download citation


  • Data analytics
  • Ethics codes
  • Professionalism