How Can AI/ML be Used Responsibly to Maintain User Privacy?
With Artificial Intelligence sneaking into just about everything in our professional and personal lives, an incline of privacy professionals towards AI governance has also been observed recently. The main concern that arises is how to use AI in a responsible manner so that no compromise on the privacy of the user is made.
AI Governance Developments
Developments have been made on both governmental and organizational level to ensure privacy and security while using Artificial Intelligence.
AI Governance Guidelines Made by Government Bodies
As the need for good AI governance was realized, a good number of guidelines on trustworthy AI were published over the years. The framework includes accountability, privacy, data governance, security, transparency, fairness, and promotion of human values.
Talking about the trustworthy and responsible AI frameworks put forward by public organizations, the UNESCO’s Recommendation on the Ethics of AI, the Council of Europe’s Report “Towards Regulation of AI Systems”, and ethical guidelines for the use of AI by china are some great examples.
AI Governance Self-Regulatory Guidelines by Companies
In addition to the efforts made by the government bodies, several self-regulatory initiatives have been taken by the companies at organizational level. Collaboration of industry with academia and nonprofit organizations has resulted in steps taken for the fair and responsible use of AI. Examples of such collabs are ‘Partnership on AI’ or ‘the Global Partnership for AI’. Guidance on good AI governance is now also provided by standardization bodies such as ISO/IEC, NIST, and IEEE.
General Privacy Regulations Applied on AI Systems
General Privacy Regulations are globally exercised to ensure privacy and data protection in all fields. Since the fundamentals of responsible AI are based on privacy, the application of General Privacy Regulations also becomes obligatory in the use of AI. These regulations enact ensuring collection limitation, data quality, purpose specification, use limitation, accountability and individual participation.
If the companies are unaware of compliance requirements of privacy regulations for AI systems and consequently fail to protect the privacy of the individuals, they might have to pay huge fines, and in extreme cases, may be required to delete the data.
Challenges in Definition and Practice of Responsible AI
Despite the presence of a legal framework and guidance on the importance of consent and keeping the users informed, the practical implementation of requirements such as AI fairness and explainability is still in its initial stages. The main reason to this being that assessment on trustworthy AI principle in different cases can not be made on a single standard.
AI explainability and fairness are the two many rapidly evolving principles for responsible AI. EU’s Agency for ENISA has pointed out in a recent publication that other areas that aim at responsible AI system also need considerable attention. One of the most attention demanding areas is security of AI algorithms.
Another big challenge in the way is the clash between the properties of different principles for responsible AI. To quote a few examples, a tension between transparency and privacy of the data may occur. In some cases, fairness may come in way of maintaining privacy.
Practical Assessment and Documentation
The term “Responsible AI Gap” refers to the challenges faced by the companies when trying to convert trustworthy AI principles into tangible actions. Privacy professionals can take several steps to minimize this gap.
They may start to approach the task keeping in view data governance and risk management so that accountability is ensured.
Assessments on impacts of data protection or assessments on privacy impact could be augmented with additional questions relating to responsible AI. This can help in the identification and control of risks to rights and independence posed to individuals by use of AI systems.
Moreover, use of privacy-preserving machine learning solutions or synthetic data can also be taken into consideration. Although these procedures can not serve as a replacement for policies for responsible AI and privacy guidelines, a detailed model risk management, and tools and techniques for model interpretability or bias detection, they still prove useful as they ensure privacy provision in designing AI architectures.
In a report about the personal data usage in ML algorithms, the Norwegian DPA stated: “Two new requirements that are especially relevant for organizations using AI, are the requirements privacy by design and DPIA.”
Key questions for responsible AI principles can also considered. One can start off with the list put forward by the EU’s AI-HLEG or those presented by Partnership on AI. Mutual understanding and transparency can be achieved through Interdisciplinary discussions and the use of toolkits for responsible AI, AI fairness, and AI explainability.
The use of non-technical procedures like decising an ethical AI committee, composition of a diverse team, analysis of the data collection, and internal training, or suitable mechanism to maintain fairness can also prove useful.
Currently, the public sector is the driving force behind the efforts to inventory all algorithms in use to maintain transparency. Individual organizations, on the other hand, have started releasing AI Explainability Statements.
No matter what the approach is, it is a duty of organizations to provide the consumers necessary information in case of adverse actions caused by AI systems and the use and aftermath of scoring.
More Developments in Prospect
A large number of laws and regulations are on the horizon to ensure trustworthy and responsible AI usage. Figures provided by the OECD state that 700 AI policy initiatives on this matter are being taken in 60 countries across the globe.
With increasing dependence on the AI systems, ensuring privacy compliance of AI systems has become the bare minimum for them to be used in a responsible way. Users of AI need to develop a good understanding of the AI system and align efforts to prepare for the new developments regarding the privacy regulations.