At the last World Economic Forum in Davos, Angela Merkel argued that Big Data would define the future of democracy, political participation and economic prosperity. All the data we produce, taken together, are of inestimable value, hence the battle between governments and web giants over who owns them. Data are so valuable because they are our identity, because they provide sensitive information, for example on our health and finances. At the cutting edge of cybercrime are things like digital identity theft and manipulating posts on social media. Cyberattacks like these, which are two of the most frequent, eventually led the European Union to make some significant previsions, most importantly the General Data Protection Regulation (GDPR), in force in all 28 member states since 25 May 2018. Its main aim is to let individuals take back control of their personal data. The GDPR obliges companies to clearly inform their users on how their information will be used and always ask their consent for it. At the same time, it obliges users to report potential or actual violations of data within 72 hours. Finally, the GDPR authorises companies to transfer data out of the EU only if the transfer can be monitored and the data protected. The EU has not been alone in feeling the need to set out precise rules on data personal protection. Other countries, in Asia and the Americas, are doing a range of things to change regulations. That said, the protection currently offered by law does not seem enough. Considering the possible impact of new technology on people's lives, we need to consider further rules and principles. Ethics play a particularly important role. The link between technology and ethics is becoming increasingly interesting. Commercial businesses need to change the message they put across. They must concentrate on the customer rather than the product, communicating not only their corporate identity but their values.
The European Commission has written a few guide lines on web ethics, with the means for putting them in action, like check lists, technical procedures and ethics by design. They also restate aspects of the GDPR, like responsibility, transparency, security, data governance and impact assessment. Essentially they are a wider application of the GDPR, adding an ethical perspective.