Artificial Intelligence and the problem with privacy

Technology is changing our day-to-day lives and we should embrace this development. When it comes to AI, the issue is not innovation, or the pace of technological improvement. The real problem is its governance, the ethics underpinning it, the boundaries we give it and, within that, the roles for defining the solution to these problems.

Now, when it comes to privacy – can we really teach AI technology to embrace data protection principles? We have seen over the past few weeks, with Facebook being a prime example, how privacy (or the lack of it) is a major issue and we must address it. With the General Data Protection Regulation coming into force in May, data breaches will become more and more expensive for organisations and AI needs to be able to adhere to the GDPR. Is this possible?

Looking at some of the core principles that sit at the heart of the GDPR, there is clearly some scope for securing AI.

Let’s take the right to fairness as an example. This, as defined by the GDPR, requires all processing of personal information to be conducted with respect for the data subject’s interests, and that the data be used in accordance with what he or she might reasonably expect. This principle also requires the data controller to implement measures to prevent the arbitrary discriminatory treatment of individual persons, and not to emphasise information that would lead to arbitrary discriminatory treatment. Now, if enforced, the GDPR could potentially lead to a review of the documentation underpinning the methods AI employ in the selection of data, an examination of how the algorithm was developed, and whether it was properly tested before it came into use. This is particularly important as one of the issues around AI is that it is based on data input by humans and (to varying degrees) humans present a natural bias which AI amplifies, an issue that was recently explained in the Guardian.

Another key principle is data minimisation, which would force developers to consider how to enable AI to achieve a set objective in a way that is least invasive for the data subjects. This goes alongside the principle of purpose limitation which regulates that the data subject exercises control over his or her own personal information.

The transparency in processing requirement as stipulated in the GDPR may prove more tricky to adhere to, as the advanced technology is often too complex to understand and explain. Similarly, black box learning* makes it practically impossible to explain how information is correlated and weighted in a specific process. Furthermore, commercial information may also be used, and this makes it harder to inform the data subject. However, enforcing the GDPR means organisations must adopt a pragmatic approach so that machines can meet this transparency principle. To that end, the legislation is very clear and potentially very effective, especially in relation to automated decision making.

It was disappointing to see that the right to an explanation** did not make it into the GDPR itself. It is mentioned in the preface which is not binding and cannot of itself grant the right to an explanation. However, irrespective of that, the legislation does seem to suggest that the data controller must provide as much information as possible. The debate is open, and court cases will determine the extent of this. Pressure coming from the public will be crucial in shaping some of these decisions.

What is good to see is that practical steps, focused on a privacy by design approach, can be implemented to ensure that AI meets the GDPR and ensures the right to privacy. Although the legislation does not go as far as it could, it is the first step we need on the road of defining the principles governing the machines that, some say, are governing us.

 

*When rules are applied, AI does a lot of complex math. This math often can’t be understood by humans, yet the system outputs useful information. When this happens, it’s called black box learning. We don’t really care how the computer arrived at the decision it’s made, because we know what rules it used to get there.

**The right of explanation refers to the right to know the algorithm underpinning a decision. It didn’t make it into the GDPR in its original form.

 

To read more from techUK AI Week, visit our landing page.

FROM SOCIAL MEDIA

Last 6 days to go until the chance to pitch your mobility solutions to 5 of the world’s biggest automotive brands c… https://t.co/Cj4CByAIkF
We support @thewisecampaign and their People Like Me programme which has launched its online platform today! A grea… https://t.co/W86VkBrmKT
This week we will be celebrating our work as a @LivingWageUK accredited employer and a member of their #Tech Leader… https://t.co/0whUXxjG5Z
Two weeks left to apply for the Mayor’s first ever #LDNcivicchallenge! Get involved to share your innovative ideas… https://t.co/AbNSPPW6kg
We held a great workshop this week w/ @foreignoffice looking at how tech & digital can combat illegal wildlife traf… https://t.co/qXDqWkngtC
We are looking forward to hearinh from @nicolag71, President of @SOCITM at our #techUKSmarterState conference. Last… https://t.co/Y7MVlGpzRY
Seen the Future of Mobility Challenge at the @SMMT yet? If you’ve got solutions to key mobility challenges, then do… https://t.co/aJ3W5ttky4
The @IoCoding will enable companies to build workforces fit for the future, by offering high quality learning, buil… https://t.co/hsXZUD0eS5
Catch up on this week's digital and tech policy news with a new Policy Pulse, hot off the presses! https://t.co/Y37B0i9hel