By Denis Sadovnikov, AI & Privacy Lawyer, DPO, CIPP/E, CIPM, FIP
How privacy strikes a balance between technology and human rights in the upcoming AI-driven civilisation and what is the role of privacy professionals?
AI is often called “the main technology of XXI century” as well as “the central element of a new AI-driven economy”. But on the other hand, the concern about the potential social influence of AI is rising. Particular apprehensions are connected to:
– first, the autonomy of AI (the scare that AI may escape human control is the old humanity’s nightmare), and,
– second, rule of law, human rights, dignity and democracy issues (the main fears here are connected to biases, increasing imbalance of power in favour of actors who control AI systems, dehumanisation of decision-making, decreasing human autonomy and new types of surveillance).
Definition of AI for privacy prospects
European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski in his speech at the First Eurasian Data Protection Congress emphasised that the term “AI” is currently used rather as a marketing term, than a strict legal concept.
Council of Europe Ad Hoc Committee on Artificial Intelligence (CAHAI, currently replaced by the Committee on Artificial Intelligence, CAI) in its Feasibility Study pointed out, that there is no single definition of AI accepted by the scientific community. The problem of defining AI for regulation purposes is recognised by European Commission’s High-Level Expert Group on AI (AI HLEG), AI Watch, OECD, UNESCO and countless other organisations and publishers.
The main difficulty seems to be that AI is an “umbrella term”, embracing a wide range of different technologies, and, particularly, not existing, but future technologies.
Some of the proposed definitions of AI describe it through certain technologies. But technology-dependent definitions are prone to become outdated in the nearest future.
The second approach is to define AI through its ability to “display intelligent behaviour by analysing … environment and taking actions – with some degree of autonomy – to achieve specific goals” (for instance, the European Commission defines AI in such a way). A similar definition is provided by the ICRC: “computer programs that carry out tasks – often associated with human intelligence – that require cognition, planning, reasoning or learning”.
Canadian Artificial Intelligence and Data Act (AIDA) defines artificial intelligence system (système d’intelligence artificielle) as “a technological system that, autonomously or partly autonomously, processes data related to human activities through the use of a genetic algorithm, a neural network, machine learning or another technique in order to generate content or make decisions, recommendations or predictions” (s. 2).
In the present paper the term “AI” is used in the same meaning as it is defined by the European Commission.
What should privacy professionals bear in mind when dealing with AI?
First of all, does data protection legislation apply to AI?
As Norwegian Data Protection Authority emphasised in its report “Artificial intelligence and privacy”, there are two situations where data protection law is applicable in the context of AI:…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
