Go back to menu

Report by the German data ethics Commission on data handling and the use of algorithmic Systems

A roadmap for data handling and algorithmic systems.

13 November 2019

In July 2018, the German government asked the Data Ethics Commission (DEK) to come up with a set of ethical standards and guidelines and a roadmap for data handling and algorithmic systems. The DEK submitted its report on 23 October 2019.

In July 2018, the German government asked the Data Ethics Commission (DEK) to come up with a set of ethical standards and guidelines and a roadmap for data handling and algorithmic systems. The DEK submitted its report on 23 October 2019.

The DEK report starts by outlining the scope of what it was asked to do, focusing in particular on the issue of Artificial Intelligence (AI) which it defines as "a general term for those technologies and their practical applications which use digital methods based on potentially very large and heterogenous data sets to render an outcome via complex machine-based processing comparable to human intelligence and which may be automated if required".

The DEK report covers five main areas. The first of these is ethical and legal principles. The DEK emphasises the fact that there is still a need for legislation to complement the ethical principles outlined by it. Any such legislation should not pose an obstacle to technological or social innovation or to any dynamic market development.

The second part of the report describes the dual role of the state to promote R&D activities and to adopt legal standards and innovative regulatory structures which are sufficiently robust and flexible. The DEK also stresses the existing responsibilities of corporate entities and sets out various ways in which companies can live the principles of "Corporate Digital Responsibility" by supporting consumer protection, digital empowerment and the sustainable development of the digital economy.

The next, rather substantial section of the report outlines a variety of ethical principles of data usage and describes the rights and obligations for such usage which currently apply. The report also takes a closer look at the requirements for the use of personal data. Of particular interest are the DEK tips for researchers and research companies for obtaining due consent for the use of personal data (including health data). These practical tips make it much easier for developers of AI-based technology to meet statutory requirements in practice and increase the likelihood of reliable legal protection.

The final section concerns responsible use of algorithmic systems. The DEK specifies a number of principles and recommendations which can be used as a basis for determining any legal framework. This is based on a five-tier criticality pyramid underlying a risk-adapted regulatory system for the use of algorithmic systems. The key idea is that both the requirements placed on the system and the applicable regulatory instruments should be more extensive and more stringent in those cases where the use of the system has a greater potential to cause damage. The DEK takes the view that the regulatory regime should be structured to be flexible enough and should have a strong focus on risk-adapted approaches. One idea might be for regulatory bodies to put approval and pre-testing procedures in place for any systems which have the considerable to substantial potential to cause damage.

The report shows that legislation will need to respond quickly to the pace of technological change. This is particularly true of healthcare, which is at the forefront of innovation. The DEK gives the example of data processing using health apps, the need for anticipated consent for processing the data of vulnerable patients and extending digital infrastructures within the healthcare sector.

The report contains several welcome suggestions and proposals. It is now up to the German legislative bodies to develop practicable legal requirements reflecting the ideas put forward by the DEK.