Digital best practice
Documenting our experiences and learning to evolve an established best practice about using online tools and data.
The Ada Lovelace Institute exists to ensure technologies are used ethically, in ways that benefit people and society, and to limit potential harms.
We built this website with these principles in mind, and have written this statement, focusing on sustainability, openness, accessibility and privacy, to tell our website visitors the decisions we’ve made, and to share what we believe is good practice.
It is important to us to be open to scrutiny, to establish evidence-based, rights-preserving conversations with our audiences, and to develop trust, through trustworthy practices. We express this as a commitment: ‘We will be open about our practices, and will not use technologies or use your data in ways you are not expecting.’
This statement explains how we use technologies and data to communicate with our audiences, and the decisions we make about the effects those technologies have on society. The project has resulted in changes to the products and platforms we use, the ways we market ourselves, and how we talk about the decisions we make – which we explain in detail below.
As well as doing the right thing, we hope documenting our experiences and learning will evolve into established best practice about using online tools and data to amplify impact, while making sure data and AI work for people and society.
This statement was produced on 30 November 2020, and we will continue to monitor and improve the site and update this information.
Sustainability
We have made a commitment to sustainable development – using tools that meet the needs of the present without compromising the ability of future generations to meet their own needs.
We want to understand the environmental impacts from the use of technology we are responsible for, both directly and indirectly, through induced activity by our users and audiences.
Having understood our responsibility, we want to take steps to mitigate this impact, through educating our audiences and making deliberate decisions when designing systems, choosing suppliers or commissioning work.
Sustainability in the context of technology can mean many things, ranging from managing biodiversity, to water usage, responsible disposal of waste or carbon emissions. Some elements are within our direct control, and we can mitigate or reduce, and others we can’t immediately change, but can raise awareness about.
It is important for users of technologies to know that there is a substantial carbon footprint from generating energy, and that information and communication technologies (ICT) are now recognised as a significant waste stream in terms of global toxic waste. Also that there is a substantial water use footprint involved in the creation and operation of the electronics we use, and the geopolitics of sourcing raw materials needed for their construction opens urgent questions of environmental justice.
After surveying the landscape to see what factors we have control over, we focused our efforts primarily on carbon emissions because:
- As a relatively small organisation, producing mainly information services, most of our impact comes from our supply chain, or the use of information products we create.
- There are clear guidelines for measuring and reporting carbon emissions, and an overwhelming body of evidence that we are in a climate crisis and need to act. It’s also something we can measure, monitor and actively manage in a fairly tight feedback loop.
- We wanted to work with organisations that are quantifying their own carbon emissions.
- Carbon emission information is often accompanied by meaningful information about other impacts, in a form that we can base our decisions on. Even without this information, the carbon embodied in physical products can act as a useful proxy for sustainability in the wider sense, as items with a significant resource footprint also tend to require large energy inputs in their supply chain.
Our supply chain
To understand who was in our supply chain, and how to minimise our environmental impact by choosing suppliers, we worked with the Green Web Foundation to understand our stack, and asked ourselves the following questions,
- Do they have a public page outlining their own understanding of their environmental impact, and the steps they take to mitigate this?
- Do they publish reporting on an annual or more frequent basis about their environmental impact?
- Do they publish their organisational carbon emissions in a structured format like the GHG Corporate Standard’s Scoped Emissions?
- Do they expose information allowing users to meaningfully influence the environmental impact from the use of their product services?
- Do they have a published statement of intent to reach a net-zero emissions target by a certain date?
- Do they have a public plan or statement describing their approach to get to zero emissions? And is there independent review or audit of this progress?
Where information wasn’t available publicly, we asked directly if the supplier was dedicating resources to providing information in the future and commit to review information on a quarterly basis.
Our suppliers
As a result of these enquiries, we made the following decisions:
Hosting: The Ada Lovelace Institute is hosted by Krystal, which has been powered 100% by renewable energy since 2017 with a transparent relationship between their data centre and energy provider.
Openness
We want our research, reports, public engagement findings and events to be shared as widely as possible, and used by others to build knowledge so that data and AI are used for public good.
Content published by the Ada Lovelace Institute is shared under a CC-BY 4.0 license, unless otherwise stated. This means anyone can share and adapt our content freely, as long as credit is given to the Ada Lovelace Institute and named authors using the format below.
How to credit the Ada Lovelace Institute
Where using content produced by the Ada Lovelace Institute, our preferred way to reference us is by including our name, any mentioned authors’ names, the date, and a hyperlink to the original source. Where appropriate, such as when adapting material for other uses, please reference the CC-BY 4.0 license.
Accessibility
The Ada Lovelace Institute is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying the relevant accessibility standards.
- Technical specifications: The website is built in WordPress. The HTML and CSS code used for this website has been written to conform with accessibility standards. This means they are more likely to work with as many combinations of web browser and assistive technologies or plugins as possible.
- Conformance status: The Web Content Accessibility Guidelines (WCAG) defines requirements for designers and developers to improve accessibility for people with disabilities. It defines three levels of conformance: Level A, Level AA, and Level AAA. Ada Lovelace Institute website is fully conformant with WCAG 2.0 level AA. Fully conformant means that the content fully conforms to the accessibility standard without any exceptions. Pages score 94/100 or above on Google Chrome accessibility checks.
- Limitations and alternatives: Despite our best efforts to ensure the accessibility of the Ada Lovelace Institute website, there may be some limitations. Please contact us if you observe any other issues.
- Events: We use Zoom for public events, because it enables keyboard navigation, screen reader support, and closed captioning. We provide closed captioning with human captioners at all public Ada events. If you are interested in attending an Ada Lovelace Institute event and using Zoom makes it hard for you to join, or if there are further ways we can support your attendance, please contact hello@adalovelaceinstitute.org
- Assessment approach: We assessed the accessibility of the website using self-evaluation, and created this statement on 30 November 2020 using the W3C Accessibility Statement Generator Tool.
Privacy
We have made a commitment to privacy and data protection, and have acted on this by changing the technologies we use for our website, newsletter and other communications.
Best practice is not straightforward: there’s rarely a single ‘right’ answer. More often, there are difficult choices and trade-offs attached to each use case. It’s important to tackle this head on and acknowledge the tensions between ‘spreadability’ – wanting our outcomes and messaging to reach our audiences – and setting a high bar on privacy preservation, data minimisation, easy opt-out (or indeed, opt-in) – taking the conversation beyond compliance (with GDPR, for example).
- Analytics: We use Plausible, which is a non-invasive, GDPR-compliant analytics provider that tracks users through anonymised IP addresses. We can see how many users visit our pages and download our reports, and we can use this information to guide and improve our communications, but we don’t collect or share personal information about our website visitors. And we don’t need a cookie notice.
- Cookies: We use only the minimum necessary cookies to make our site work, and to enable sharing on platforms like Twitter and Google. We have no control over the tracking technologies used by these sites and services. You can disable all cookies by changing your own browser settings, though this may change how the website works.
- Newsletter: If you choose to sign up to our newsletter, your data will be collected and used in conformance with GDPR guidelines. We will only use your personal information to send you information about the Ada Lovelace Institute, and we won’t share it with third parties without your permission. You can opt out at any time through a link on the bottom of the newsletter.
- Social media: Many of the people we want to reach use social media to access information. We use Twitter, YouTube and LinkedIn to share information about the Ada Lovelace Institute and our work. We have no control over the tracking technologies used by these sites and services. For example, our website contains links to Twitter and YouTube. Twitter widgets add third-party persistent cookies to help analyse usage and to remember your session if you are logged into Twitter. These involve storing log data about you in accordance with Twitter’s privacy policy, which Twitter will then use to show relevant content to you on their platform, including ads. This web browsing history is not associated by Twitter with other personal data they hold on you and will be anonymised by them after 30 days. YouTube adds advertisement and analytics cookies, to track information on the embedded videos in our website and to identify users based on their geographical location,
- Video conferencing: We use Zoom for virtual events that are open to more than 40 attendees. Although there are issues with Zoom’s privacy controls, when reviewing available solutions we found that there isn’t a perfect product and chose Zoom for its usability and accessibility. For each event we will explain how you can participate (video, audio and/or written chat), though all will be optional. You can use the settings on the Zoom toolbar to choose whether you want to join using video or audio.
How we made our decisions: using Zoom as an example
Before deciding on Zoom, we looked into the privacy policies and practices of a range of video conferencing platforms that provide an acceptable user experience, and that we could roll out in the timescale required. The results are disappointing: tools with good user experience generally fail to meet GDPR obligations (see analysis).
What privacy concerns should I be aware of?
Zoom, similar to most mass-participation video conferencing applications, does not use end to end encryption. It uses transport layer encryption, which means the content of the communication can be visible to Zoom. It has also been reported that Zoom is leaking email addresses and photos. It is also unclear if, or how, Zoom combines data from third parties and available sources and how that data is used.
Why aren’t these issues explained in their privacy policy?
We don’t know. Their privacy policy doesn’t follow best practice and risks misguiding users. Questions and comments on their privacy measures can be sent to their privacy team at privacy@zoom.us or the support team at https://support.zoom.us.
Advice for minimising exposure while using Zoom
- Use Zoom in your web browser instead of downloading the desktop or mobile app (although please be aware that some features are not be available in the web browser).
- Open the browser version on a separate incognito/private browser window.
- Be aware written chat logs are stored on Zoom’s servers, so you may wish to avoid sharing private information in written chat
- Advanced users may wish to run Zoom on a virtual machine or an operating system on a USB 🙂
Feedback
We welcome your feedback on the all aspects of the Ada Lovelace Institute website, and particularly if you encounter accessibility barriers: hello@adalovelaceinstitute.org
We try to respond to feedback within 1 business day.