Secure the Privacy And Protection of Your Data

October 5, 2021

You may already be familiar with the concepts of data protection and data privacy. Data protection and privacy are widely regulated in the EU through the General Data Protection Regulation (GDPR) that has become the golden standard for data protection, influencing regulation outside the EU.

Similarly, as in the case of other requirements for trustworthy AI, also privacy and protection of data must be guaranteed throughout the whole lifecycle of the AI system.

Data protection and privacy are often mentioned in the same sentence, however, there is an important distinction between the two concepts: data protection refers to tools and policies restricting access to personal data – data protection protects against unauthorized access, whereas privacy defines who in the organizations or entities has authorized access to the personal data.

Data that must be safeguarded for data protection and privacy purposes includes information that is provided by the user of the system as well as information concerning the user of the system that is generated when the user interacts with the system.  

Data privacy and protection is an integral requirement of trustworthy AI is because it ensures that information collected from individuals by the system is not used unlawfully nor will it be used to discriminate against them. The latter is of particular importance as collecting information about individuals, either as provided by the users of the systems directly or that is collected as a consequence of individuals using the system, may allow the system to deduce not only the individuals’ preferences but also more sensitive information such as gender, age, religious or political views and even sexual orientation.[1]

The key to ensuring that your system is private and protects data is achieved by taking privacy and data protection in to account even before the system is developed. How exactly do you do this? By implementing data protection and privacy by design, meaning that the system is developed data protection and privacy in mind that together with other safeguards ensures holistic approach to privacy and data protection.

Additionally, organizations should ensure that dataprotocols that govern the access to personal data are put in place where the organization handles individual’s data. These data protocols should determine who has access to the data under which circumstances. The purpose of such protocols is to ensure that only qualified personnel that need the access to the data and have the required competencies to access it, are granted the access.

Therefore, to ensure privacy and protection of the data, entities should take the following actions:[2]

  • Consider the privacy and data protection implications of the AI system’s non-personal training data or other processed non-personal data;
  • Assess the impact of the AI systems on the right to privacy and to the right to data protection;
  • Assess the privacy and data protection implications to processed, generated or collected throughout the lifecycle of the AI system;
  • Establish mechanisms that allow reporting of issues related to protection of data and privacy concerning the AI systems;
  • Put in place mandatory measures found in the relevant legislative instruments concerning data protection and privacy, such as Data Protection Impact Assessment (DPIA), Designating Data Protection Officer (DPO), Including DPO in the early stages to the development, procurement or use phase of the AI system; Creating data processing oversight mechanisms, such as mechanisms for logging data access and making modifications as well as limiting access to data; Setting up measures enabling privacy and data protection by default and by design, such as aggregating, encrypting, pseudonymizing and anonymizing data; Ensuring data minimization when processing data;
  • Ensure the rights of the data subjects by implementing the right to withdraw consent, the right to object, and the right to be forgotten when developing the AI system.

To summarize, protection of data and privacy is an important concept to create a trustworthy AI. As data treated more and more as a currency, ensuring its protection is of growing importance to regulators around the world. Therefore, entities must have in place effective processes, measures and tools to ensure the rights and freedoms of individuals related to privacy and protection of personal data. Furthermore, for the purposes of good governance, the measures, processes and tools in place to protect the data and privacy of individuals should be documented. Documentation ensures holistic governance and promotes transparency, ensuring the trustworthiness of your AI.    

[1] High-Level Expert Group on AI by European Commission: Ethics Guidelines for Trustworthy AI. See also IEEE: Ethically Aligned Design, first edition.

[2] High-Level Expert Group on AI by European Commission: Assessment List for Trustworthy Artificial Intelligence (ALTAI).

Collaborate with us

We collaborate with partners who work in different ways to create a better future with AI. Connect with us to talk about how our platform can help your and your customers' businesses thrive.