D3.3 POLICYCLOUD'S SOCIETAL AND ETHICAL REQUIREMENTS & GUIDELINES

This deliverable analyses the ethical, legal, regulatory, and societal issues related to PolicyCLOUD, also providing a synthetic review of the existing debate and literature.

With regard to ethical and societal issues, from a general standpoint, the main findings relate to the importance of ensuring the accuracy of the dataset used for performing the analytics and the policymaking to achieve an adequate degree of reliability on the policies developed based on the same analytics. Also, the respect of the principle of transparency appears relevant to ensure the engagement of the end-users and to obtain their trust in the policies developed through PolicyCLOUD. Moreover, the key issue is to ensure an adequate level of human engagement in the data processing and policymaking processes, to avoid the relevant ethical and societal risks related to a complete automatization of decisional processes, which may be jeopardised by biases (whether in the initial dataset or the algorithm), leading for example to discrimination phenomena.

The legal and regulatory issues generally concern contractual protection of data sources, legal protection of databases, copyright, and personal data protection, and privacy. Of these, personal data protection is the most important given the requirement to collect and process a considerable quantity of personally identifiable information. Therefore, compliance with the requirements defined by the GDPR and other applicable personal data protection regulations is paramount for the correct and sustainable implementation of PolicyCLOUD.

Also, by analysing in detail the ethical, legal, regulatory, and societal issues related to the components of the Project, the risks appear to be focused on the selection of the datasets to be used, from the perspective of both their accuracy and the legitimacy to collect and process the data for the Project. These issues need to be addressed whether the data used constitute personally identifiable information; however, when personal data are involved, appropriate safeguards shall be implemented, especially to comply with applicable data protection laws.

Examination of the specific issues related to each of the use cases highlights the risks associated with the first use case since the related activities can create interferences with some of the fundamental rights recognized by the CFREU, the ECHR, and other international legal instruments, not to mention the common constitutional tradition of the EU Member State. Therefore, it will be of the utmost importance to monitor the development of the activities related to this use case, to ensure their compliance with the applicable ethical, legal, regulatory, and societal requirements. Also, for the other use cases, some specific issues have been identified, mostly related to personal data protection.

At the end of the deliverable, some guidance is provided on how the ethical, legal, regulatory, and societal requirements shall be embedded in the solutions developed throughout the Project, also identifying a list of controls to be used to continuously monitor compliance with those requirements.