Privacy and data protection have been gaining traction globally, and even across the Caribbean region. Rishi Maharaj, the Founder and Managing Director of Privicy Advisory Services, joins us to discuss privacy and data protection, along with the emerging concept of ‘data ethics’. Our conversation explores, among other things: the difference between data protection and data ethics; the challenges he has observed as organisations reframe themselves to become more privacy and data protection-centric; and his thoughts on the class action lawsuit filed against OpenAI alleging that it engaged in theft by scraping data and content from internet users.

 

This episode is also available on SoundCloud, Apple Podcasts, Google Podcasts, Spotify, Amazon Music and Stitcher!

Over the past five years, privacy and data protection have grown in prominence globally, especially after the European Union’s General Data Protection Regulations took effect. We became familiar with key terms and the attendant rights individuals have over their personal data in particular, and over time, more countries have been implementing their own privacy and data protection frameworks.

However, as the space evolves, new concepts are beginning to emerge, such as ‘data ethics’, that are not only fighting for mindshare but also need to be considered and implemented by organisations. But what does ‘data ethics’ mean, and how does it relate to privacy and data protection? What are the implications for how that space is evolving? And how might AI be affected?  These are some of the questions we want to answer in this episode. 

 

Introducing our guest

Rishi Maharaj

Rishi Maharaj is the Founder and Managing Director of Privicy Advisory Services a boutique consulting firm delivering expert data protection and privacy advice and outsourced services to organisations within the Caribbean and to global organisations that focus on the Caribbean Market.

Rishi focuses on reducing the burden of complying with data protection laws and enabling organisations to use compliance as a differentiator that increases organisational value, improves trust and increases customer and stakeholder engagement. He also supports organisations to establish and maintain robust privacy frameworks in line with the European Union’s General Data Protection Regulations (GDPR) as well as recent data protection legislation in the region (Jamaica, Barbados, Cayman Islands, Bermuda, Bahamas, etc.).

Rishi is the holder of a Bachelor of Science and a Master of Science degree in Government from the University of the West Indies and is a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Professional/Europe (CIPP/E). He is a member of the Canadian Institute of Access and Privacy Professionals and the International Association of Privacy Professionals.

 

Insights into our conversation

Rishi is passionate about privacy and data protection, and he brings real-world pragmatism to not only how he explains the various concepts, but also the ways in which he suggests they can be into practice. However, the privacy and data protection field is growing, so our conversation had to be focussed.

An important subject that we discussed was data ethics, which is an emerging concept that, unlike the general concept of ethics, is not binary in its application – cognisant of the value and importance of data in today’s society. As a result, and in data ethically-centred organisations, data can still be collected, generated, analysed, used and disseminated, but systems and practices should be in place to ensure that people (and the society) at large are not adversely affected. Essentially, data ethics walks a tightrope between privacy and data protection, whilst also allowing organisations to benefit from having access to individuals’ personal data.

Below are a few of the questions posed to Rishi during our conversation.

  1. What is meant by the term ‘data ethics’ and is it different from the term ‘data protection?
  2. What are the key principles that comprise data ethics?
  3. Several Caribbean countries have either implemented or are in the process of implementing data protection frameworks. What are some of the challenges you have observed as organisations reframe themselves for that paradigm?
  4. What system could organisations put in place to facilitate data ethics-related accountability?
  5. There was a news report earlier late last month that a class action lawsuit was filed against OpenAI, the company behind ChatGPT and DALL-E, alleging that it engaged in theft by scraping data and content from internet users. Typically, AI requires large volumes of data to train the models, and that data is used by the model to synthesise its outputs. What are your thoughts on the lawsuit and its implications with respect to data ethics and protection?
  6. What key trends are you seeing in privacy and data protection of which we should be aware?
  7. What would be 3 to 5 things you would advise Caribbean businesses to do to better handle data privacy and become more ethically forward?

 

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Select links

Below are links to some of the organisations and resources that either were mentioned during the episode or otherwise, might be useful:

 

 

Images credit:  R Maharaj; Towfiqu barbhuiya (Unsplash); Jason Dent (Unsplash); Tumisu (Pixabay)

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell

Podcast editing support:  Mayra Bonilla Lopez