The AI and data protection conundrum (Part 2)
IN MY previous article (Part 1), I outlined how new technologies such as smartphones, smartwatches, and other smart devices capture data about us, and with or without our knowledge, share this personal data with myriad different entities.
Such personal data are oftentimes accumulated and compiled from various sources and analysed by very sophisticated artificial-intelligence (AI) and machine-learning (ML) systems in an effort to make specific decisions about us. I concluded that article with the question:
“How are personal data that are derived and created from the assimilation and analysis using methods like machine learning treated by proposed legislation, and what will the effects be for all of us and the associated technologies?”
I thought that this was an important scenario to interrogate because of the growing use of AI and ML technologies and what it means for our personal data and the privacy of our data.
For the first time, the Government of Jamaica is seeking to promulgate legislation in the form of the Data Protection Act that will give citizens full rights over their personal data. This is important in the highly technology-driven digital age and even more so when creating the foundations of a digital society.
I want to focus on four of the many rights ascribed to citizens in the proposed legislation. You will have the right to be:
Informed by the data controller whether your data are being processed by or on behalf of the data controller;
Informed as to what data are being processed provided the information being processed on request in an intelligible form;
Informed of the logic involved in a decision, where the processing is by automatic means for the purpose of evaluating matters relating to you.
IIICONUNDRUM TAKES SHAPE
While these provisions may seem obvious and rudimentary, if you were to apply these provisions to data being accumulated and analysed by AI systems, things start to become a little complicated. Why?
AI and ML systems are designed to function in such a way that as they process more and more information, they evolve and get smarter. In the process, the decisions they make at any given time are a far cry from what they were originally created to do. If you apply this reality to the provisions I highlighted above, a very interesting situation emerges, which leads to even more interesting questions.
Who really is processing your data? Is it a system with rules defined by humans or a system with rules that are constantly changing and defined by a machine?
How will the ‘logic’ involved in the decision arrived at using AI or ML systems be provided if the initial rules (created by human programmers) have now evolved beyond what humans may be able to decipher or comprehend?
Here lies the conundrum that exists in a world where AI and ML meets your right to have control over your personal data. It is commonly thought that if separate, unrelated data are stored on a multiplicity of different platforms that are not directly connected to each other, this information could be viewed as relatively innocuous.