AI and Privacy: How to Safeguard Privacy in a Data-Driven World

Introduction

Artificial intelligence has been able to impose itself on the agenda of decision-makers in many fields around the world, after it became clear that the new generation of this digital technology entails great benefits, challenges and risks at the same time. Due to the seriousness and importance of what the developments in artificial intelligence technology represent, such as its effects on privacy protection laws.

Artificial intelligence promises to launch an era of rapid technological development that could impact almost every aspect of our life, in both ways positive and negative. Taking the best of AI requires collecting, processing and interpreting large amounts of data, including personal and sensitive data. Questions about how to protect data and the right to privacy are emerging in public debate.

Privacy plays a pivotal role in individuals’ protection of their personal information, and in organizations’ protection of individuals’ sensitive information, preventing its use in fraudulent activities or unauthorized access to individuals’ data.

Governments are constantly seeking to formulate and/or develop a comprehensive privacy law that aims to regulate the collection, transfer and use of data. Although some data privacy issues can be addressed through legislation, yet there are gaps in data protection due to the unique characteristics of AI.

One of the most concerning aspects of data protection in AI is the potential lack of understanding of how algorithms use, collect and modify data, or make decisions based on data. This potential lack of understanding is known as “algorithmic obfuscation,” and can result from the complex nature of algorithms or deliberate concealment by a company using trade secret protection laws to protect its algorithms, or using machine learning to create an algorithm, in which case the algorithm developers may not be able to predict how it will perform. Algorithmic obfuscation can make it difficult or impossible to see how data is being used to access new data or the decisions that result from using that data, raising questions about the limits of the ability to scrutinize or regulate AI technologies.

But of course, there is another set of privacy concerns that take on or amplify the unique features of AI:
Data reuse, which refers to data that is used for a purpose other than its intended or stated purpose, and without the knowledge or consent of its owner. In the context of AI, data reuse can occur when a person’s biographical data is collected to feed an algorithm that can learn from that data patterns associated with the person’s data.
Another concern is data proliferation, which occurs when data is collected on individuals who were not intended to be collected. For example, AI could be used to analyze a photo taken of a person but includes other people who were not intended to be collected.

Even more concerns are like the data persistence, which refers to the fact that data persists for longer than anticipated at the time of collection, perhaps beyond the lifetime of the people who collected the data or who consented to its use, especially if the data is integrated into an AI algorithm or is reassembled or reused.
Potential options for addressing AI’s unique privacy risks include data collection minimization, which refers to the need to limit personal data collection to that which is directly required or necessary to achieve narrowly defined goals. This principle runs counter to the approach used by many companies today, which collect as much information as possible. Under the umbrella of minimizing data collection, legal restrictions should be imposed on the use of data relative to the specific purpose at the time of collection.

A second option is algorithmic impact assessments of public use. Algorithmic impact assessments aim to hold organizations that use automated decision-making systems accountable. Algorithmic impact assessments address the problem of algorithmic opacity by disclosing the potential harms of AI decision-making and calling on organizations to take practical steps to mitigate the identified harms. Any algorithmic impact assessment would require disclosure of existing or proposed AI-based decision-making systems, including their purposes, scope, and potential impacts on societies, before such algorithms are deployed.

Moreover, there is the option to address AI privacy risks in performing algorithmic auditing, which is
a systematic assessment of an AI system to ensure it complies with pre-defined goals, standards, and legal requirements. In such an audit, the design, inputs, outputs, use cases, and overall performance of a system are continuously examined to identify any gaps, loopholes, or risks. A proper algorithmic audit
involves setting clear, specific audit objectives, such as performance and accuracy, as well as establishing standardized criteria for evaluating the system’s performance. In the context of privacy, an audit can confirm that data is being used in the manner that people have consented to, and within the framework of applicable regulations.

Conclusion

Finally, policymakers’ considerations are the last option to address AI privacy risks, as they must strike the right balance between regulation and innovation. Expanding the circle of participants in formulating AI policies and rules can help alleviate concerns that rules and regulations stifle innovation, development, and the benefits of AI technologies. In this context, all parties in the industry, especially AI model developers, should participate in developing a code of conduct for general AI models, which is currently being worked on.

*Image designed using Canva

Posted Using InLeo Alpha