Skip to main content


Business services Enfo

Ethical IT architecture - what ethical responsibility do you have for the solutions you provide?

Content sections

Andreas Gripfors, Enfo


A year-and-a-half ago at a conference called ITARC, Paul Preiss, the CEO and founder of Iasa (an association for all IT architects) released his ideas on how to govern the ethical aspects of IT architecture. Since I had the good fortune of having Mr. Preiss as a teacher of a course I took almost three years ago, this thinking was not new to me. This was an area that we touched upon back then, and it has come across my mind several times in the last three years.

Today, technology has a direct impact on people’s lives and there is a thin line between making people’s lives easier and creating severe damage. One aspect of this is personally identifiable information (PII), where you always have to make architectural decisions on how this kind of data can be used, shared, exchanged and stored to prevent any kind of data loss, by force or by accident.

When the purpose of the change gets lost in translation

Many companies and consumers, in Europe at least, have been a bit tired of the subject of personal data since the implementation of GDPR, which has become the perfect scapegoat for companies as well as authorities to implement complicated routines with far-fetched references to GDPR. From my side, the last experience I had of this was on an e-commerce site where my old mobile number was still registered to the delivery address of my account. When I contacted the support team to ask them to update my phone number, I was stunned to hear that it was not possible because of GDPR.

Protecting people’s personal data is important, but there are so many other things that need the same attention, for example:

  • What sort of decisions is it ethical to let AI bots make?
  • How do you ensure that all copies of a video call between a patient and a doctor are permanently deleted if you once saved them to a file, even for a very short time?
  • Should firmware updates be applied over-the-air (OTA) to the brakes of an autonomous car while it’s moving?
  • Is it ok to allow an e-commerce site to have full elasticity in a public cloud, with no limits or alerts? What if someone launches a denial attack, making the infrastructure grow to a size where the hosting costs exceed the merchant company’s cashflow, and the company goes bankrupt?

How much correlation of data like shopping patterns, credit card transactions and geo-data is it ok to produce? At some point, the conclusions will become creepy and too predictive to feel right. Think about the American science fiction film Minority Report, where lethal crimes are foreseen and stopped before they happen and the consequences this technology can have when it is misused, manipulated or simply not right. A fun side note is that the film is based on the Minority Report novel written back in 1956.

These are only a couple of examples, but hopefully they will make you start thinking in the right direction.

Ethical matters are the responsibility of the architect

Revisiting where I started and Mr. Preiss again, his view on ethical responsibility is that an IT solution is the responsibility of the IT architect - in the same way that doctors are responsible for making the right diagnoses and construction engineers are responsible for making sure their buildings and bridges don’t collapse.

I can only agree; I think this is the right way forward for the architectural profession as well as for the IT business as such. We need to improve our practices and, in many aspects, be more professional. There are often too many decisions that are overseen or taken too lightly and price is often more important than experience and professionalism. This speaks to the saying that you get what you pay for, meaning that critical decisions are made by less experienced people not always seeing or understanding the bigger picture.

IT architects have the needed experience and holistic view to take the ethical responsibility as we are already acting as the link between business and technology or demand and production. But it requires changes. IT architects need to start thinking in this direction and challenge the requirements and solutions in new ways. And consequently, the IT industry will have to provide guidelines, training, and increased quality assurance of the people within the industry to build trust and avoid being regulated.


Andreas Gripfors is an enterprise architect at Enfo
Andreas is a certified IT architect with 20+ years of experience in the IT industry, specialized in IT architecture and infrastructure with broad experience at multiple Fortune 500 companies in different industrial verticals.