OVERVIEW
KS OWNER – JOSHUA BUCHELI
KS DEPUTY – TBD
LAST UPDATED – 2022.11.01
Definition of Code of Ethics (Capitalised and Bolded = Defined Terms, just bolded = key terms):
A Code of Ethics (CoE) is a publicly disclosed set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group. The document is drafted and kept up to date by an entity’s Ethics Committee and outlines said entity’s shared moral framework within the Relevant Legal Frameworks, providing context to instances of Ethical Choice.
It should set out the entity’s moral principles and the associated standards of responsible and professional conduct for its employees, demonstrating due consideration of relevant risks to: human rights, equalities, anti-discrimination, access to goods and services, children’s laws, and other risks associated with the entity’s business activities (and associated data processing). The code of ethics should be detailed enough to act as a reasonable guide for employees to gauge when they are moving up against an ethical boundary in their activities.
In order to function as intended, a reasonable code must, at the very least be compatible with, if not explicitly affirm, those values which are fundamental to the Independent Audit of AI Systems (IAAIS). These include transparency, accountability, and trust. A code of ethics must be transparent in that it must publicly disclose an entity’s shared moral framework.
- If the code of ethics is not publicly disclosed, an organization’s shared moral framework is not transparent, and thus it can neither independently nor objectively be examined (e.g., by consumers, data subjects, users, auditors, other stakeholders).
- Furthermore, failing public disclosure of a declared shared moral framework, an entity’s actions cannot be judged for alignment with said proposed framework (do they do as they say?).
The code must also be transparent in that it must contain enough detail and clarity regarding its shared moral framework to allow for a reasonable degree of accountability. That is to say, it should allow for a reasonable degree of distinction between those actions and behaviors that conform to said framework, and those that violate them. This is to allow the code to fulfill the function of building trust through accountability.
Criteria for a good CoE:
N.B. ‘Must’ statements = sufficient, ‘Should’ statements = mature
- Must be publicly disclosed.
- Must be found in the employee handbook.
- Must be drafted, kept up to date, and overseen by the entity’s Ethics Committee, or, if applicable, by a recognised body of professional ethics (e.g., codes/boards of medical ethics, AICPA, Bar Associations).
- Must set out a shared moral framework/set of moral principles
- Must take into account/address Relevant Legal Frameworks (show that the entity take’s relevant risks into account)
- 1. Law as it applies to Data Subjects (specific to the jurisdiction of Data Subject)
- 2. Consideration of Human Rights, equalities, anti-discrimination law, access to goods and services, children’s law, laws regarding AI/data processing platforms or sector
- 2.1. Other relevant risks (personal gain, sustainability, etc.)
- Must be sufficiently detailed to give context to Ethical Choice (explicitly = preferred because instances must be disclosed)
- Must affirm that the entity also has a Code of Data Ethics.
- Must outline the relation between the Code of Ethics and the Code of Data Ethics as well as their respective scope and purpose.
- Must affirm that the entity has an Anti-Discrimination Policy.
- Must affirm that the entity has a Diversity-Policy
- Must be compatible with the values of transparency, accountability, and trust
- must be transparent (publicly disclosed – see point 1)
- must be transparent i.e. sufficiently detailed and precise in its formulation of a shared moral framework to allow for stakeholders to reasonably judge whether or not the entity and/or its employees is/are abiding by said moral framework
- must allow for accountability through trust as a consequence of above transparency
- Must be internally coherent (must not contradict itself)
- Should contain a commitment to making employees aware of the Code of Ethics and its presence in the Employee Handbook.
- Should contain a commitment to making employees aware of the Code of Data Ethics and its presence in the Employee Handbook
- Should contain a commitment to making employees aware of the publicly disclosed Anti-Discrimination Policy.
- Should contain a commitment to making employees aware of the Diversity Policy and its presence in the Employee Handbook.
- Should contain a commitment to regular training of employees on the code, its contents, and its implementation.
- Should be in the goldilocks zone (defined as not so long as to become unmanageable for employees but detailed/thorough enough to act as a reasonable guide (see criteria 8))
- Should contain fiduciary-based commitments/considerations in addition to compliance-based (see point 5) and value-based (see point 4).
- Should generally cover 5 key areas: integrity, objectivity, professional competence, confidentiality, and professional behavior (or something similar)
- Should include a commitment to regular (no less than annual) review or reconfirmation of values and practices (including the CoE, CoDE, Anti-Discrimination Policy, and Diversity Policy)
- Should recognise and urge its employees to respect the philosophical principle of charity (AKA charitable interpretation) when engaging in discussion with other parties (colleagues, clients, superiors, etc.)
- Should contain a framework or set of procedures to guide ethics officers in determining the source of reasonably diverse inputs and multi-stakeholder feedback as well as how to judge whether or not these inputs are reasonable in and of themselves i.e. the extent to which they should be heeded or incorporated.
- Should contain a commitment to using the standard of Explainability Plus as a virtuous feedback loop for considering ethical business practices.
- Should explicitly affirm the values of transparency, accountability, and trust
EXAMPLES OF GOOD AND BAD PRACTICE
MATURE: More than enough to pass the audit
SUFFICIENT: Enough to pass the audit
INSUFFICIENT (TO BE ANONYMISED PRIOR TO PUBLICATION): Not enough to pass the audit (all examples must be anonymised prior to publication)
Indicators (above and beyond those listed above) that related controls and practices have reached a mature state:
● The code commits to making employees aware that the code resides in the Employee Handbook
● The code contains a commitment to making employees aware of the Code of Data Ethics and its presence in the Employee Handbook
● The code contains a commitment to making employees aware of the Anti-Discrimination Policy and the fact that it is publicly disclosed.
● The code contains a commitment to making employees aware of the Diversity Policy and its presence in the Employee Handbook.
● The code contains explicit affirmation of the values of transparency, accountability, and trust
● The code explicitly lays out steps that the entity will take to periodically assess its adherence to the shared moral framework set out in its Code of Ethics.
● The code recognises and urges its employees to respect the philosophical principle of charity (AKA charitable interpretation) when engaging in discussion with other parties (colleagues, clients, superiors, etc.)
● The code contains a commitment to making employees aware of the Code of Data Ethics and its presence in the Employee Handbook
● The code contains a commitment to making employees aware of the Anti-Discrimination Policy and the fact that it is publicly disclosed.
● The code contains a commitment to making employees aware of the Diversity Policy and its presence in the Employee Handbook.
● The code recognises and urges its employees to respect the philosophical principle of charity (AKA charitable interpretation) when engaging in discussion with other parties (colleagues, clients, superiors, etc.)
● The code commits to regularly training employees on its contents and implementation.
● The code is publicly disclosed
● The code is Drafted, kept up to date, and overseen by the entity’s Ethics Committee
● The code sets out a clear shared moral framework
● The code takes into account/explicitly addresses all Relevant Legal Frameworks (shows that the entity take’s relevant risks into account)
● The code gives explicit context to Ethical Choice
● The code contains a framework or set of procedures providing guidance as to when/what kinds of instances of Ethical Choice are to be referred/elevated to professionals with training, experience, and expertise in “Ethical Choice” (Ethics Committee/Ethics Officer)
● The code is sufficiently detailed to act as a reasonable guide for employees to gauge when they are nearing an ethical boundary
○ The code is also not so long that it becomes unmanageable for the average employee to use (goldilocks zone)
● The code contains a framework or set of procedures to guide ethics officers in determining the source of reasonably diverse inputs and multi-stakeholder feedback as well as how to judge whether or not these inputs are reasonable in and of themselves i.e. the extent to which they should be heeded or incorporated
● The code contains a framework or set of procedures to guide ethics officers in determining the source of reasonably diverse inputs and multi-stakeholder feedback as well as how to judge whether or not these inputs are reasonable in and of themselves i.e. the extent to which they should be heeded or incorporated.
● The code contains elements of compliance-based, value-based, AND fiduciary-based commitments/considerations
○ The code covers 5 key areas of professional responsibilities: integrity, objectivity, professional competence, confidentiality, and professional behavior (or something similar.)
● The code includes a commitment to no less than an annual review or reconfirmation of values and practices (including the CoE, CoDE, Anti-Discrimination Policy, and Diversity Policy.)
● The code is internally coherent (does not contradict itself).
● The code contains an explicit commitment to using the standard of Explainability Plus as a virtuous feedback loop for considering ethical business practices
EXAMPLES –
● Link to Child Page 1: ACM Code of Ethics and Professional Ethics
● Link to Child Page 2: Microsoft Standards of Business Conduct
Summary bullets as key things to identify for auditors and/or links out to an in depth guide.
Essential inclusions
● The code MUST be available in the employee handbook
● The code MUST be publicly disclosed
● The code MUST be drafted and overseen by the entity’s Ethics Committee
● The code MUST set out a shared moral framework/set of moral principles
● The code MUST take into account/address Relevant Legal Frameworks (show that the entity take’s relevant risks into account)
● The code MUST be sufficiently detailed to give context to Ethical Choice
● The code MUST outline the relation between the Code of Ethics and the Code of Data Ethics as well as their respective scope and purpose.
● The code MUST affirm that the entity has an Anti-Discrimination Policy.
● The code MUST affirm that the entity has a Diversity-Policy
● The code MUST be compatible with the values of transparency, accountability, and trust
● The code MUST be transparent (publicly disclosed – see point 1)
● The code MUST be transparent i.e., sufficiently detailed and precise in its formulation of a shared moral framework to allow for stakeholders to reasonably judge whether or not the entity and/or its employees is/are abiding by said moral framework
● The code MUST allow for accountability through trust as a consequence of above transparence
● The code MUST contain a framework or set of procedures providing guidance as to when/what kinds of instances of Ethical Choice are to be referred/elevated to professionals with training, experience, and expertise in “Ethical Choice” (Ethics Committee/Ethics Officer)
● The code MUST be sufficiently detailed to act as a reasonable guide for employees to gauge when they are nearing an ethical boundary
● The code MUST affirm that the entity also has a Code of Data Ethics.
● The code MUST outline the relation between the Code of Ethics and the Code of Data Ethics as well as their respective scope and purpose.
● The code MUST affirm that the entity has an Anti-Discrimination Policy.
● The code MUST affirm that the entity has a Diversity-Policy
● The code MUST be internally coherent
Benchmarks for good practice
● The code spends more time on most Relevant Legal Frameworks and less time on less Relevant Legal Frameworks
● The code references instances of Ethical Choice (preferred because instances of ethical choice must be disclosed for compliance)
● The code contains elements of compliance-based, value-based, and fiduciary-based (CoE among professionals) commitments/considerations
● The code covers 5 key areas: integrity, objectivity, professional competence, confidentiality, and professional behavior (or something similar)
● The code includes a commitment to no less than an annual review or reconfirmation of values and practices.
Summary bullets as key things to identify for auditors and/or links out to an in depth guide.
Essential inclusions
● The code MUST be available in the employee handbook
● The code MUST be publicly disclosed
● The code MUST be drafted and overseen by the entity’s Ethics Committee
● The code MUST set out a shared moral framework/set of moral principles
● The code MUST take into account/address Relevant Legal Frameworks (show that the entity take’s relevant risks into account)
● The code MUST be sufficiently detailed to give context to Ethical Choice
● The code MUST contain a framework or set of procedures providing guidance as to when/what kinds of instances of Ethical Choice are to be referred/elevated to professionals with training, experience, and expertise in “Ethical Choice” (Ethics Committee/Ethics Officer)
● The code MUST be sufficiently detailed to act as a reasonable guide for employees to gauge when they are nearing an ethical boundary
● The code MUST affirm that the entity also has a Code of Data Ethics.
● The code MUST outline the relation between the Code of Ethics and the Code of Data Ethics as well as their respective scope and purpose.
● The code MUST affirm that the entity has an Anti-Discrimination Policy.
● The code MUST affirm that the entity has a Diversity-Policy
● The code MUST be internally coherent
Benchmarks for good practice
● The code spends more time on most Relevant Legal Frameworks and less time on less Relevant Legal Frameworks
● The code references instances of Ethical Choice (preferred because instances of ethical choice must be disclosed for compliance)
● The code contains elements of compliance-based, value-based, and fiduciary-based (CoE among professionals) commitments/considerations
● The code covers 5 key areas: integrity, objectivity, professional competence, confidentiality, and professional behavior (or something similar)
● The code includes a commitment to no less than an annual review or reconfirmation of values and practices.
EXAMPLES –
● Link to Child Page 3: Code of Business Conduct and Ethics for Deutsche Bank Group
Does not include (any of the following):
● A shared moral framework
● Context for ethical choice
● Sufficient detail to act as a reasonable guide for employees to gauge when they are nearing an ethical boundary
● A commitment by the ethics committee to draft, oversee, and update or reconfirm the code at least annually
● Compatibility with the values of transparency, accountability, and trust.
● A shared moral framework set out in such a way that it can be used to assess or judge the entity’ adherence
● An affirmation that the entity also has a Code of Data Ethics.
● An affirmation that the entity has a publicly disclosed Anti-Discrimination Policy.
● An affirmation that the entity has a Diversity Policy that is published in its Employee Handbook
Fails to consider (any of the following):
● Relevant legal frameworks
● Context for ethical choice
● Inclusion in employee handbook
● Public disclosure
● Issues beyond mere compliance (values, fiduciary duty)
● Compatibility with the values of transparency, accountability, and trust
● Whether the shared moral framework set out can be used by third parties (or the entity itself) to assess the conformity of an entity’s actions to the values it sets out in said shared moral framework.
● The relation between, scope, and purpose of the Code of Ethics and the Code of Data Ethics
● Internal coherence
EXAMPLES –
● Link to Child Page 4: CFA Code of Ethics and Standards of Professional Conduct
● Link to Child Page 5: Facebook Corporate Human Rights Policy
FAQs
Capture whatever you feel are a good initial set of FAQs
‘Reasonable’ is a legal term used by ForHumanity in to refer to the standard that a reasonably prudent person would uphold in a given situation.
The Code of Ethics is a document with company-wide scope that lays out the general values of a business, providing guiding principles for ethical choices that all employees throughout a business must abide by. The Code of Data Ethics, on the other hand, provides detailed guidance on handling data and algorithms in an ethical manner, and may be longer and contain more detail regarding the individual responsibilities of different positions within an entity than the Code of Ethics.
The Code of Ethics is a document with company-wide scope that lays out the general values of a business, providing guiding principles for ethical choices that all employees throughout a business must abide by. The Code of Data Ethics, on the other hand, provides detailed guidance on handling data and algorithms in an ethical manner, and may be longer and contain more detail regarding the individual responsibilities of different positions within an entity than the Code of Ethics.
‘Fiduciary’ implies a legal or ethical relation of trust. In the context of a Code of Ethics, it is important that it lays out who employees are entrusted to serve (is it the public, the employer, clients? etc.)
The principle of charity (AKA the principle of charitable interpretation) is a principle of philosophy and rhetoric which holds that one must take an opponent’s arguments in their strongest form i.e. one should give one’s opponent the benefit of the doubt and consider their points in their strongest possible interpretation. It is based on the idea that disagreement can be productive and constructive, so long as it is conducted honestly, in good faith and with an ambition to improve mutual understanding.
LINKED KNOWLEDGE STORES AND CONTENT
This is where you list or link to other related knowledge stores e.g. Ethics Curriculum would link to Code of Ethics. It would also link to GDPR articles, AI Audit criteria, Audit Explanatory Notes, relevant laws and regulations.
TAGS FOR GDPR ARTICLES
GDPR Art. 40
TAGS OR LINKS TO AI AUDIT CRITERIA
Criteria 17: the entity shall have a code of ethics adhering to industry standards; the entity shall have a code of ethics in compliance with the Relevant Legal Frameworks. (employee handbook)
TAGS OR LINKS TO LEARNING OBJECTIVES
The learner shall know the definition of a code of ethics and understand what the contents/elements of an industry standard code of ethics contains. The learner shall understand that a publicly disclosed code of ethics is a set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group.
The learner shall know the definition of Ethical Choice and understand that it is directly related to the entity’s code of ethics.
The learner shall understand the definition of Ethical Choice. The learner shall be aware that the Board of Directors is aware that instances of Ethical Choice with regards to data processing should be disclosed. The Board shall endorse the creation of an ethics committee and they shall be suitably trained in Ethical Choice and be responsible for the Code of Ethics.
TAGS OR LINKS TO FH DEFINITIONS
Ethical Choice: awareness of a set of options to be made In the context of automated and intelligent systems, using a set of principles and rules concerning moral obligations and regards for the rights of humans and for nature, which may be specified by a given profession or group. The result, outcome or judgment is made using a shared moral framework. or set of moral principles based upon the entity’s Code of Ethics (DPIA Part 6)