In times like these, when we are overwhelmed by the speed of changes around us and we feel a certain loss of overview and control, one can literally watch “ethics in the making”. Many are the fora, from high-level conferences to civil society movements, where we ask ourselves: Which world are we creating, for ourselves and for those who come after us?

Much of this unease might be linked to the shift of so many aspects of our lives from the analogue to the digital and the many possibilities this opens, for good as much as for bad. The last landmark event discussing good and bad, right and wrong in the digital age was the annual meeting of the International Conference of Privacy and Data Protection Commissioners, anatomising the intimate link between data and the upholding of human dignity in the era of big data, artificial intelligence, the internet of things, social media and biometrics.

While most discussions revolved around the dangers adumbrated by the emergence of new technologies, some speakers looked at how this debate is taking place and shape. They recalled all those who do neither have a say in whether, nor in how information technologies find entrance into their lives. In often undignifying ways their vulnerabilities and needs have been exploited for the benefit of the power of governments and companies.

India’s government has over recent years been rolling out Aadhaar, a mechanism for administering services to population through an identification number based on the biometric and demographic data of over one billion individuals. The theoretically voluntary scheme was fast expanded to a multiplicity of other services such as pensions, school enrolments, the rural employment act, and even bank accounts and mobile phone numbers, attracting heavy criticism on many grounds, including privacy and making social inclusion dependent on submission to surveillance technology.

The creation of an extensive digital profile, as the basis of the state’s perception of and interaction with each of its citizens, raises a whole series of ethical questions. Digital technology holds out the promise of enabling people to verify their identity in order to obtain the benefits to which they are entitled. But will these people be in control of their new digital identities? Is it right for their ability to participate in a digitised society to depend on a series of body measurements? Should our digital selves be reduced to the profiles developed by third parties which in turn determine the ‘personalised’ information we see in our social media feeds and the products presented to us on eCommerce platforms? Can the datafiable aspects of our lives create a representative image of who we are?

The digital mapping of a person cannot be but narrow, fixed in time and inadequate. It is a conglomerate of single data points, misinterpreted into a digital portrait, a caricature on which decisions about and for us, sometimes live-changing ones, are taken.

A great deal about human life cannot be datafied and converted from the analogue to the digital. It is on this premise that the upholding of human dignity and autonomy depend. Big data technology should not be enabled to create assumptions about us and take decisions upon them. This is why data protection and privacy rights are essential to preserving human dignity in today’s world.

The Conference of Data Protection and Privacy Commissioners aimed at leading the way towards a new culture of ethics, able to protect our rights and values in the digital age. Ethics may need to be codified into enforceable laws in due time; but already now decisions are being taken which affect individuals and groups in profound ways which we have barely begun to consider.

Ethics are shared values that change over time and differ among societies and even individuals; but we continuously work to harmonise them through various mechanisms of socialisation, some conscious, some less. The cataclysms of the 20th century, made possible through technological advances in areas of communications and weaponry, spurred some convergence towards a global ethics alongside the emergence of international norms like the Geneva Conventions and the Universal Declaration of Human Rights. But that fragile consensus is now beginning to fracture.

Ethics and the law are both guides that indicate what is right and wrong, good and bad, fair and unfair, at a given moment in time. Yet, they differ. Ethics are a widely shared, informal agreement about how we ought to behave as social beings. Laws are necessary to officially define this agreement, make it visible and enforce it through systems of sanction where not sustained. Laws spring from a fount of ethics, one could say.

There are those who see ‘soft’ ethics undermining ‘hard’ law by offering rogue actors in the digital economy an easy to manipulate alternative to legal provisions. Such warnings may be based on a narrow understanding of ethics and tend to overlook the strength of ethics in the broader sense. Laws are often perceived as imposed instruments of control. Ethics, however, are an internalised sense of value orientation. In the world we want to live, ethics are intuitively embodied into the everyday behaviour of each of us, from the tech developer reflecting upon the consequences of their inventions for humanity, to the end-user who powerfully votes by choosing which services to employ.

Of course, both ethics and laws are constantly contested, and need to be as history has shown us again and again. Much of what once was legal – slavery, child labour, torture – should be unthinkable today. The making of ethics is our infinite search for what is right in a world of finite possibilities. Contrary to what we like to believe, ethics are human-made, they are artefacts. Yet, this does not devalue them. They may in fact be humanity’s greatest work of art.

Giovanni Buttarelli is the European Data Protection Supervisor.