belyaaa - stock.adobe.com

Ethical challenges of LGBTQ+ data protection

America has rolled back data protection policies for the LGBTQ+ community, but what does that mean for the rest of the world?

Donald Trump’s second term in office as the president of the United States has witnessed fundamental changes to how the US government operates. From the outset, Trump enacted various exercises aimed at cost-cutting and simplifying governance, then formed the Department of Government Efficiency, which he claimed would reduce the budget deficit.

As part of these cost-cutting exercises, the White House announced on 20 January 2025 that it was rolling back diversity, equality and inclusion (DEI) initiatives. It was claimed that DEI roles were “forced illegal and immoral discrimination”, hence all federal DEI roles were terminated.

Approximately a month later, the Department of Homeland Security then revised its surveillance policies, advising that intelligence-gathering activities based on gender identity or sexual orientation were no longer prohibited.

The lifting of these prohibitions means the US government can now “legally” target people for surveillance based on their gender identity or sexuality. This decision sets a discriminatory precedent that could have global implications.

Data controllers, wherever they are based, not only need to comply with all relevant legislation, but also need to be aware of concerns that data subjects may have about current and future ethical use of their data. Data subjects may now be looking more closely at how their data will be used, and therefore, having appropriate safeguards in place will help to ensure accurate data collection.

Although the Department of Homeland Security’s surveillance polices only apply to the US, it brings to mind the famous unattributed quote following the stock market crash of 1929: “When America sneezes, the world catches a cold.” These changes could very well echo around the world.

It should be noted that data protection practices between the US, the UK and Europe are structurally very different. In the US, data protection is typically a state-level initiative (including, for example, the California Consumer Privacy Act), while in the UK, it is a national concern (for example, the Data Protection Act 2018).

What we are seeing in the US is incredibly concerning, with the LGBTQ+ community at heightened risk from Trump’s government and third-party ‘data brokers’
Duncan McCann, Good Law Project

However, DEI projects are already being rolled back in other countries to fall in line with US policies. In May, Rolls-Royce group announced that it had scrapped its DEI programme. That same month, Reform UK’s then chairman Zia Yusuf said his party would “cut waste” in the 10 councils it controls, specifically targeting DEI initiatives. In July, LinkedIn quietly removed hate speech protections against transgender individuals from its community guidelines.

“The political scene in the UK is by no means immune. We’ve seen Nigel Farage and the Reform Party saying similar things about DEI and a rollback of these initiatives if that party were to come into power – and it’s by no means a distant possibility,” says Kevin Guyan, a chancellor’s fellow at the University of Edinburgh. “What is important to think through is which aspects of these DEI initiatives have been successful in the past 20 years.”

Furthermore, recent years have seen global efforts towards standardisation relating to the collection, processing and storage of data. For example, the General Data Protection Regulation (GDPR) is widely seen as the de facto standard for data protection. Hence, a country with sufficient influence could bring global data protection practices in line with its cultural or political bias.

“What we are seeing in the US is incredibly concerning, with the LGBTQ+ community at heightened risk from Trump’s government and third-party ‘data brokers’ – particularly trans people seeking gender-affirming care,” says Duncan McCann, tech and data lead at the Good Law Project. “It feels like we’re at a bit of a crossroads in the UK. For now, trans people have vital protections under GDPR, such as the right to rectification.”

Regionalisation and data harmonisation

Data harmonisation is generally accepted as being useful for sharing data around the world. However, challenges can occur when global standards encounter regional issues.

Our understanding of sexuality and gender identity is ever evolving and often incorporates cultural experiences. For example, the term “two-spirit” is only used among indigenous North Americans to describe a traditional third gender. Some South Asian cultures also have their own version of a third gender. A blanket one-size-fits-all all approach to the collecting, storing and processing of LGBTQ+ data would result in people being excluded or potentially misrepresented.

“We have these data systems that have binary options, where we take society and force them into these boxes. And for me, that’s doing things the wrong way around,” says Guyan. “What we’re seeing, particularly regarding trans equalities in the UK, is the sense of trying to force communities into categories that are either a bad fit, or reflect experiences of some trans people, but not everyone.”

One of the key challenges with data is appropriate collection and management. Most of the platform developers are based in the US’s Silicon Valley, which typically comprises white, middle-class and heterosexual people. Although they may have an understanding of others, they may not have the lived experience to understand how to ensure members of the LGBTQ+ community are appropriately represented.

People naturally make assumptions based on their culture and lifestyle, which will influence their approach to collecting, managing and sharing data. This will, in turn, influence how the data is processed and understood.

There is also the issue of historical bias in data, where previously recorded past prejudices are inadvertently used. At best, this can lead to inaccurate results. At worst, it can perpetuate historical prejudices.

Where do we go from here?

Given the cultural backlash against the LGBTQ+ community, and in particular trans people, data regarding gender identity and sexuality risks becoming a vector for discrimination. Sharing personal data about gender and sexuality has therefore become problematic for some people within the LGBTQ+ community.

In recent years, people have been encouraged to share information regarding sexual orientation and gender identity, to demonstrate cultural diversity and to ensure that services meet everyone’s needs. However, there is a risk that previously collected LGBTQ+ data, which was gathered for ethical reasons, could become a tool for harassment if legislation allowing discrimination against LGBTQ+ identities were to be enacted.

There needs to be clear visibility of who is asking the questions, what the data will be used for and where it will be shared. Consideration should also be given to preventing the misuse of this data in the future.

“There are many benefits to being made visible within data systems, but in terms of where the future might go, as we’ve seen with the developments around DEI in the past couple of years, we have no idea what’s going to happen anytime soon,” says Guyan. 

Any changes in government policy regarding diversity and the handling of LGBTQ+ data have the potential to put people at risk, unless steps are taken to ensure there are adequate protections in place

“The only thing we can predict is it’s not going to look anything like this current moment, particularly if we look at data around how younger generations, and younger people, conceptualise and understand their sense of identity. [We must] be mindful of what we’re sharing, and ask who is this benefiting – is it benefiting the community, who I want to help, or is it just creating nice infographics for a company that I work for?”

Any changes in government policy regarding diversity and the handling of LGBTQ+ data have the potential to put people at risk, unless steps are taken to ensure there are adequate protections in place.

The sharing of personal data regarding gender identity and sexuality is critical to demonstrating the diversity within our culture, and for forecasting future services, such as the Our Future Health initiative for the NHS, for example. 

However, the collection of data needs a constructive and careful process to ensure no one is inadvertently exposed and targeted for harassment, and that the data itself will be protected.

The anonymisation of personal data, where the identity of the person is separated from their personal information, would be a strong step in the right direction. But simply removing direct identifiers from a dataset is insufficient, especially if there is a risk of anonymous information being combined with other datasets that allow the identity of a previously anonymised person to be confirmed.

By rolling back DEI practices and enabling people to be targeted for surveillance based on their gender or sexuality, the US has set a worrying precedent that could be adopted by other countries around the world. Individuals and organisations will need to consider the implications of collecting and sharing LGBTQ+ data, and the potential for misuse in the future.

It is therefore incumbent on organisations that they engage with their staff and data subjects to provide assurances that data regarding their gender and sexuality will not be exploited in any way. This could be through a transparent method of data collection and storage, alongside a demonstrably proven anonymisation process to ensure that sensitive data is protected and secure.

“It’s a reminder that here in the UK we must work harder towards strengthening data protections for everyone, and one of the primary focuses should be on safeguarding LGBTQ+ people and ensuring they are fully aware of their rights,” concludes McCann. “This is something that Good Law Project is actively collaborating on with other organisations.”

Read more about data protection and ethics

Read more on Business applications