Technology is changing our day-to-day lives and we should embrace this development. When it comes to AI, the issue is not innovation, or the pace of technological improvement. The real problem is its governance, the ethics underpinning it, the boundaries we give it and, within that, the roles for defining the solution to these problems.
Now, when it comes to privacy – can we really teach AI technology to embrace data protection principles? We have seen over the past few weeks, with Facebook being a prime example, how privacy (or the lack of it) is a major issue and we must address it. With the General Data Protection Regulation coming into force in May, data breaches will become more and more expensive for organisations and AI needs to be able to adhere to the GDPR. Is this possible?
Looking at some of the core principles that sit at the heart of the GDPR, there is clearly some scope for securing AI.
Let’s take the right to fairness as an example. This, as defined by the GDPR, requires all processing of personal information to be conducted with respect for the data subject’s interests, and that the data be used in accordance with what he or she might reasonably expect. This principle also requires the data controller to implement measures to prevent the arbitrary discriminatory treatment of individual persons, and not to emphasise information that would lead to arbitrary discriminatory treatment. Now, if enforced, the GDPR could potentially lead to a review of the documentation underpinning the methods AI employ in the selection of data, an examination of how the algorithm was developed, and whether it was properly tested before it came into use. This is particularly important as one of the issues around AI is that it is based on data input by humans and (to varying degrees) humans present a natural bias which AI amplifies, an issue that was recently explained in the Guardian.
Another key principle is data minimisation, which would force developers to consider how to enable AI to achieve a set objective in a way that is least invasive for the data subjects. This goes alongside the principle of purpose limitation which regulates that the data subject exercises control over his or her own personal information…