This episode explores the connections between data science and law, as well as keeping personal data safe in research.
Xengie Doan is currently working on her PhD in transparency, security and privacy in user-centred e-health data processes in the EU. She's conducting research as part of the LeADS Marie Curie Actions - Innovative Training Network (ITN) at the University of Luxembourg. LeEADS stands for Legality Attentive Data Scientists, an EU-funded project to bridge the gap between data science and law. In our conversation, she shares her personal experiences with the program but does not speak on its behalf.
An essential element of the ITN projects is to bridge the gap between disciplines that have no apparent connection, like bioethics, privacy, security, law and human-centred design. For Xengie, this means looking for answers in her work with health data.
Data science students learn what law is about, while at the same time, law students and lawyers are being brought closer to technologies and how they work. However, both disciplines commonly reply 'it depends' when you need a specific answer to a question! And this is the heart of the matter — to get to know the other side better with training courses and projects that are accomplished together as one team. Many ITN project topics focus on building a foundation and collaborating well, plus centring on what's happening in the EU.
Both disciplines are fundamentally different. Lawyers tend towards broadness and room for interpretation, whereas data science follows specific, precise rules to tick boxes to validate that something works. So for data scientists, asking about GDPR compliance can be ticked off with a checklist, but a lawyer might say it depends on the context, country, etc.
As my discussion with Xengie explains, it's critical for data scientists to understand the fundamentals of GDPR from a legal perspective and why context is vital. This helps to find better and more flexible ways of implementing GDPR in the work of a data scientist and how to be more ethical within those legal guidelines.
From the legal perspective, it is equally essential to have a deeper understanding of the different fast-evolving technologies and their complexity — as a regulatory legal perspective does not apply in the same way in all cases. For example, some participants in Xengie's training course were concerned with regulating AI parameters, unaware that for such parameters, you have to tweak them each time you run them. It's a laborious process with multiple parameters for each new data set you want to test. So you cannot apply one regulation for all AI parameters, because as soon as someone comes up with a different technique that works better for a specific data set, those rules do not apply anymore. So a lot of flexibility is required here on both ends.
With limited resources of time and money, why spend weeks learning about GDPR and other laws when you have so many other deadlines to meet as an engineer? I asked Xengie, and she imagines the answer lies in company culture. If there is no value and purpose beyond economic success, teams are hard-pressed to implement ethical considerations into their workflows. Within engineering teams, ethical considerations must be more than a checklist — not just a cursory impact assessment. A company should give employees the bandwidth to work with data ethics and not just leave them in the hands of a GDPR officer.
Curious to hear more? Grab your headphones and enjoy the show!