Privacy and Artificial Intelligence: concerns and opportunities
Artificial Intelligence (“AI”) regulation is now a common topic of global interest. The European Commission released its Ethical Guidelines for so-called Trustworthy AI after several months of deliberations provided by experts from industry, academia, and research. The European approach to AI regulation is focused on trustworthy AI that shall be lawful, ethical and robust.
AI ethical imperatives shall aim to respect human autonomy, prevent harm while incorporating substantial fairness. Moreover, AI shall respect human dignity, democracy, individual freedom, the rule of law, citizen’s rights et cetera.
The General Data Protection Regulation was the first large-scale normative effort that provided users with more legal protection involving the use of their data. However, such protection has to deal with new challenges posed by AI. It is assumable that the need for data is becoming stronger and stronger. In such a context, how society, industry, and government will balance the increasing need for data while protecting consumers’ rights, freedom, and interest?
Considering that privacy notions have evolved massively in the last period, privacy issues look technological. However, from a legislative standpoint, there are basic principles that can be helpful in protecting users’ privacy. In such a context, GDPR has included principles for good privacy legislation in the AI era:
- AI systems and procedures must be transparent;
- AI systems shall have some right in relation to the information it is collecting;
- Users must be able to opt out of the AI system;
- Personal Data must be deleted upon consumer request;
- Privacy by design principle shall limit the data collected and the purpose of such collection.
Technologically speaking, new emerging technologic concepts will have a dominant role within AI context. For instance, differential privacy mechanism introduces unpredictability element within the processing of user data with the purpose of preventing de-anonymisation tactics. Moreover, homomorphic encryption includes a machine-learning algorithm to operate on data without decrypting it.
In conclusion, the aforementioned guidelines constitute the first step. In fact, drafting of European AI Policy and Investment Recommendations is ongoing. Then, European Commission may use the upcoming policy to influence a future legislative debate around a possible directive or regulation. However, we might be at the start of a very long process.