Ethics, privacy, and responsibility by design – a collaborative approach

COPKIT is developing data-driven policing technologies to support Law Enforcement Agencies in preventing, investigating, and mitigating crime and terrorism. In this blog, Trilateral Research present the ethical and legal governance of the project and how we apply responsibility and ethical, legal, and societal aspects by-design to ensure that our tools are ethically acceptable and socially desirable.


Terrorism and organised crime are evolving phenomena with high societal impacts. Increasingly, criminal organisations use new technologies to strengthen their capabilities to support their activities, such as phishing kits and malware. The COPKIT project aims to provide new technological solutions to support law enforcement in analysing, preventing, investigating, and mitigating the use of new information and communication technologies by organised crime.

While data analytics tools have much promise, the development and use of technology in the context of policing raises several ethical, legal (particularly regarding human rights and data protection) and societal questions with serious implications for the relationship between law enforcement and citizens.

It has been argued that technological solutions could result in Law Enforcement Agencies (LEAs) moving into wider and deeper aspects of social and public policy. Concerns regarding data-driven policing such as inaccuracy, bias and discrimination, privacy breaches, mass and individualised surveillance, transparency and accountability gaps, exacerbation of already existing issues of policing, technological solutionism, etc. may lead to weakened public trust in the police and damaged social cohesion. Furthermore, because of the increasing potential of novel technologies to impact people’s lives and society as a whole, there is an increasing need for research and innovation (R&I) processes and outcomes that are responsible, sustainable, ethically acceptable, and socially desirable.

COPKIT’s approach has included ethical, legal (particularly human rights and privacy) and societal aspects (ELSA) by-design in the development of its technological solutions right from the start. In this blog post we present the ethical and legal governance of the project and how the COPKIT partners apply responsibility and ELSA-by design to ensure that our tools are ethically acceptable and socially desirable. We do so by presenting the COPKIT approach to integrated impact assessment and our main findings.

Ethical and legal governance

COPKIT is subjected to two levels of ethical and legal governance, involving external and internal stakeholders.

As emphasised by the European Commission (EC), ‘ethics is an integral part of research from beginning to end, and ethical compliance is seen as pivotal to achieve real research excellence’.

COPKIT’s research and innovation activities follow the principles of ethical research conduct, which imply the application of fundamental ethical principles and legislation to scientific research. Therefore, COPKIT is subjected to the Ethics Appraisal Procedure by the EC, the process to assess and address the ethical dimension of all project’s research activities and includes the Ethics Review Procedure, conducted before the start of the project, as well as the EC’s Ethics Checks and Audits during the project and after its completion.

Furthermore, COPKIT is supported by the ethical and societal impact ethics advisory board (ESIAB) comprised of seven experts in law and ethics in the context of IT, data-driven policing, ethics of technology and artificial intelligence (AI). Their role is to engage with COPKIT partners and provide feedback and advice on the ethical, legal, and societal implications of the research undertaken in the project.

In addition to the external ethical and legal oversight and support, the COPKIT consortium involves three social sciences and humanities (SSH) partners representing academia, civil society, and industry comprising the ethical, legal, and privacy (ELP) team. Trilateral Research leads the ELP team’s efforts in collaboration with Law and Internet Foundation (LIF) and the University of Granada. The role of the ELP team is to:

  1. Ensure that technology development respects ethical principles and human rights (e.g., privacy and data protection).
  2. Support and advise partners on the ethical, legal, and societal impacts of their actions within COPKIT and collaborate with them to mitigate any adverse impacts.

It is crucial to emphasise that all partners of the project, including the coordinators, technical partners, as well as the participating LEAs, are jointly and individually responsible for implementing ELSA in the project’s R&I activities. As a result of these efforts, COPKIT has developed a collaborative approach where the COPKIT solutions embed fundamental values such as ethical principles, human rights, data protection and societal values at the stage of design and ELSA directly shape the architecture of the developed technology.

Integrated ethical, legal, and societal (ELS) impact assessment

Through integrating ethical, legal, and societal concerns ‘by design’ we intend to develop robust COPKIT tools that are legally compliant, ethically acceptable, and socially desirable.

The ELP team has developed a tailored-made approach to integration of ELSA within the COPKIT technologies based on a specific process involving a set of ethical and legal tools and evaluation criteria. Our ELS toolkit includes tools to identify and assess ethical, legal, and societal issues raised by a project, and to monitor and implement ethics throughout its duration.

The ethical and legal tools applied in the COPKIT project include:

  1. Ethical and legal guidance for the consortium through developing a framework which lays down the legal rules and ethical principles and values with which all partners of the project are expected to comply regarding their respective tasks.
  2. Ethical and legal awareness raising among partners through internal workshops, webinars, and legal and ethical dialogue sessions.
  3. Monitoring of the ethical and legal aspects in the project via the integrated ELS impact assessment using Touchpoint Risk Assessment TableTM (a tailor-made version of the original tool developed by Trilateral Research), dialogue sessions between the ELP team, technical partners, LEAs and the ESIAB, as well as through the ELP team’s participation in technical partners meetings, webinars, demonstrations, and ethics reviews of deliverables.

Additionally, the ELP team applied various approaches to the impact assessment process, such as the Ethical Impact Assessment (EIA), Privacy Impact Assessment (PIA), Data Protection Impact assessment (DPIA), Social Impact Assessment (SIA), political, economic, social, technological, environmental, and legal factors analysis (PESTEL), and various technology assessment approaches (TA). These assessment approaches informed both the impact assessment process (strategy, steps, timing) and content in the form of evaluation criteria.

The integrated impact assessment focuses on the impact of the tools produced by COPKIT and provides recommendations for the tool developers and end-users that need to be considered in order for these tools to support law enforcement activities that are ethical, privacy-preserving, and follow data protection and human rights laws.

For each tool developed by COPKIT, specific benefits and risks are identified with their likelihood of occurrence and intensity/severity, and recommendations for risk mitigation actions are included within COPKIT’s outputs. If it’s not possible to apply a recommendation within the duration of the project, we set out considerations future end-users need to take into account in order to ensure that their use of the COPKIT tools supports ethical, legal, and privacy for those that use it and those they serve through its use.

For the purposes of the COPKIT project, the integrated impact assessment comprises of two elements:

  1. Ethical, Legal and Societal Impact Assessment (ELSIA).
  2. Data Protection Impact Assessment (DPIA).

The purpose of the ELSIA and DPIA in the COPKIT project is to assess the positive impact (benefits) and negative impact (risks) that the project technology poses for ethics, privacy, and other fundamental rights. It proposes how to mitigate negative impact (risks) with suggested recommendations and solutions, either by reducing the likelihood of the risk occurring or by reducing the intensity of its impact.

The analysis carried out in the ELSIA and DPIA informs the technology development and fills a knowledge vacuum on how the relevant technology should be developed to ensure it abides by, and protects, ethics and law (specifically privacy and data protection).

Our integrated ethical, legal, social and data protection impact assessment considers ethics, law, societal values, and privacy in the relevant context; namely the nature of the situation and the context in which the technology will be used as well as the technology itself. That context involves the use of a technological platform for LEAs to extract and analyse data from the Internet and the Dark Web to create an intelligence and knowledge ecosystem (and technical system), bridging the gap between operational and strategic levels of investigation, within the context of the fight against organised crime and terrorism. Some of the risks raised by the ordinary use of the platform may be automatically minimised when the platform is deployed by its intended end-user in the context of formal criminal investigations. In the meantime, the COPKIT project partners stood in the shoes of LEAs in the development and testing/pilot phases.

We applied a three-step approach with various feedback-loops:

Round 1: Assessment by the ELP Team

    • Conducted by the ELP team corresponding to the ethical, legal, and societal requirements identified for COPKIT.

Round 2: Dialogue with tool developers

    • Preceded by an internal webinar on the ethical, privacy and societal impact assessment in COPKIT.
    • Conducted by using online dialogue sessions and jointly conducting an ELSIA and DPIA.

Round 3: Dialogue with LEAs and the ESIAB

    • Conducted by using the project’s demonstration events, survey and review of the integrated impact assessment report.

Highlights and Conclusions

The COPKIT approach provides a concrete and applied understanding and management of ethical, legal, and societal considerations as part of the research and innovation process.

The main advantages of this approach lie in its:

  1. flexibility and agility to meet the needs and sprints of technology development,
  2. diversity and inclusiveness through bringing together different types of expertise within the project, as well as meaningful feedback from the ESIAB and other relevant stakeholders,
  3. anticipation and reflection, since it enhances dialogue between the ELP team, the tool developers, LEAs and the ESIAB throughout the project, and
  4. systematicity thanks to the integration of different impact assessment methodologies, covering ELSA as an integral part of the technology development, fulfilling principles of responsible research and innovation (RRI).

Potential end-users (LEAs) can be reassured that the project partners have considered and addressed ELSA throughout the entire project life cycle (i.e., from requirements gathering and design to integration, demonstration, and testing). We believe that such an approach contributes towards the successful uptake of the COPKIT tools by LEAs and ensures increased stakeholder and public trust in the technologies and practices produced by projects like COPKIT.

To learn more about our ethical approach to the development of the COPKIT tools watch the recording of our latest webinar.


For more information and updates, follow us on TwitterLinkedIn and Facebook and feel free to contact our team at copkit@copkit.eu.