Gustavo's Work Phase 2

Ethics Analysis

This page analyses the ethical implications of the client’s newsletter subscription feature—especially the proposed collection of sensitive personal data—and proposes solutions aligned with professional values and user protection.

1) Potential Harms

Considering the newsletter plug-in, what could happen to people if collected data is misused, breached, or repurposed?

  • Targeted discrimination: Sensitive attributes (e.g., sexuality, income) could enable exclusion, profiling, or predatory offers.
  • Financial harm: Credit-card collection increases fraud/identity-theft risk if storage or transmission is insecure.
  • Chilling effects: People may avoid signing up or self-censor if the form feels invasive.
  • Loss of autonomy/informed consent: Users may not understand why data is collected, who sees it, or how long it’s retained.
  • Trust erosion: Perceived over-collection reduces confidence in the site and organisation.

2) ACS Values & Principles → Solutions

Harm
Relevant Values/Principles
Risk
Proposed Solution
Discrimination from sensitive profiling
Primacy of public interest; Respect; Honesty
High
Collect only email + name by default. Make any sensitive fields strictly optional with plain-language purpose, clear benefits, and no penalties for skipping. Store separately with access controls.
Financial harm / identity theft
Trustworthiness; Quality of life
High
Remove credit-card collection from newsletter entirely. If unavoidable for donations, use a vetted PCI-DSS compliant third-party checkout off-site; do not store cards on the site.
Loss of autonomy / opaque consent
Honesty; Respect
Medium
Use layered consent (short summary + details), granular toggles, easy withdrawal, defined retention limits, and a visible “delete my data” path.
Trust erosion
Honesty; Trustworthiness
Medium
Publish a concise, readable privacy page; show data minimisation, security practices, and contacts for questions or complaints.

3) Navigating Tensions with the Client

Client goal: “Collect rich personal data for funder metrics.”
Ethical constraints: Minimise harm, protect autonomy, be transparent and privacy-preserving.

  • Option A (Preferred): Email-only newsletter; invite users post-sign-up to share optional, non-sensitive profile info (with clear purpose and benefits).
  • Option B: If the funder insists on sensitive attributes, make them strictly optional, explain purpose in plain language, store separately with encryption & least-privilege access, and publish a simple data dictionary.
  • Option C: Gather funder metrics via anonymous/aggregated surveys (no persistent personal attributes) at intervals rather than at sign-up.

Rationale: These options balance funder reporting with user protection, reduce risk exposure, and support public interest while maintaining trust.

4) Decision & Rationale

I recommend Option A—a minimal email sign-up—followed by an opt-in, lightweight profile step (non-sensitive by default), layered consent, short retention, and an accessible privacy page. This approach aligns with professional values, minimises harm, and still provides ethically collected insights for the client.