Artificial Intelligence

The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention 108') was originally opened for signature on 28 January 1981 and was the first legally binding instrument related to personal data protection. It requires participating jurisdictions to implement certain principles within domestic legislation. Convention 108+ is an updated, or 'modernised', version of the original Convention 108, and, among other things, seeks to ensure consistency and compatibility with other legislation in the EU.

The AI Executive Order, which was signed by President Trump on 11 February 2019, broadly concerns the research and development of AI in the US, and sets out various goals, responsibilities, and guidance to drive AI growth.

The 23 Asilomar AI Principles provide a general set of guiding values for the development of AI and related public policy in California. The Asilomar Principles were filed on 7 September 2018.

Bill 1894 would regulate the use of automated tools for making employment decisions, such as algorithms that filter candidates. The Bill would also establish related notification and audit requirements.

The Directive regulates the use of automated decision-making within the practices of the Government of Canada. Although a public sector directive, it has often been referred to by data protection authorities around the world in discussions of potential AI legislation.

Bill 51 (only available in Portuguese here) was introduced to the Federal Senate on 16 September 2019 and would provide fundamental principles to guide and regulate the use of AI. You can track the status of the Bill here.

The Organisation for Economic Co-operation and Development's ('OECD') Recommendation was the first intergovernmental standard on AI and provides a series of values-based principles for trustworthy AI. The principles are broad both in scope and potential application and aim to establish best practices for AI systems for a wide range of stakeholders.

The International Conference of Data Protection and Privacy Commissioners' ('ICDPPC') Declaration establishes a broad set of guiding principles to preserve human rights in the development of AI. The Declaration is intended to provide common governance principles and better protect core values.

The European Commission, High-Level Expert Group on AI ('AI HLEG') Ethics Guidelines have been one of the most influential releases on AI in recent years. The Guidelines identify foundational principles and practices for organisations to consider in their deployment of AI solutions. In particular, the Guidelines stress technical and non-technical methods to improve AI trustworthiness.

The European Parliamentary Research Service ('EPRS') report on the GDPR and AI provides an article by article, topic by topic breakdown of the impact and overlapping of the GDPR and AI. The report also includes policy recommendations, considerations of the state of AI use, and key privacy concerns related to AI.

The Office of the Victorian Information Commissioner ('OVIC') issues paper was one of the earliest considerations of AI and modern data protection legislation and practices. It has been cited by several other reports and guidelines, and primarily analyses the key privacy considerations of AI in relation to common data protection principles.

The Federal Ministry of Justice and Consumer Protection ('BMJV') released the Opinion of the Data Ethics Commission, which considers a wide range of data protection issues but particularly highlights algorithms and ethical practices. The Opinion tends to be technical in nature and details how AI processes interrelate with a wide range of other data protection concerns.

The Federal Trade Commission ('FTC') blog post provides direct best practice recommendations for organisations relating to their use of AI and algorithms. These include, for example, ensuring transparency, fairness, explainability, accountability, and ensuring that data models are robust.

The Ministry of Economy, Trade and Industry ('METI') contract guidelines are separated into an AI Section and a Data Section. The guidelines explain basic principles and highlight issues and solutions related to AI contracts. The guidelines also include and discuss model clauses.

The Centre for Data Ethics and Innovation ('CDEI') AI Barometer report analyses the risks and opportunities related to AI across five main sectors, namely: criminal and justice, financial services, health and pharma, digital and social media, and energy and utilities. The report seeks to identify the main challenges and potential solutions within these sectors in order to enable more effective practices going forwards.

The Norwegian data protection authority ('Datatilsynet') report provides a relatively high-level overview of the main privacy challenges posed by AI. The report also identifies key concerns such as 'black box' explainability before setting out several recommendations. In particular, the report highlights the importance of Data Protection Impact Assessments ('DPIA').

The Article 29 Working Party's ('WP29') guidelines addresses profling and automated decision-making under the GDPR.

The Council of Europe Commissioner for Human Rights' Unboxing Artificial Intelligence: 10 steps to protect Human Rights includes a 10-point Recommendation on AI and human rights.

The Government of Canada has produced several resources addressing the responsible use of artificial intelligence for the public sector.

The Principles to Promote Fairness, Ethics, Accountability and Transparency (FEAT) in the Use of Artificial Intelligence and Data Analytics in Singapore's Financial Sector issued by the Monetary Authority of Singapore ('MAS') set out principles for AI, of fairness, ethics, accountability, and transparency, as well as suggested best practices for implementing these principles within financial services. MAS describes the principles as a foundational framework for ongoing discussions.

The Global Privacy Assembly ('GPA') published, on 16 October 2020, its adopted resolutions following its annual GPA meeting, including its AI Resolution. The GPA urged organisations that develop or use AI systems to consider implementing accountability measures including assessing the potential impact to human rights (including data protection and privacy rights) before the development and/or use of AI, testing the robustness, reliability, accuracy, and data security of AI before putting it into use by, among others, identifying and addressing bias in the systems and the data they use that may lead to unfair outcomes, and keeping records of impact assessment, design, development, testing, and use of AI. In addition, the GPA urged organisations that develop or use AI systems to implement accountability measures which are appropriate regarding the risks of interference with human rights. T

Read here.

The Information Commissioner's Office ('ICO') has published several resources on its AI Auditing Framework, as well guidance produced in collaboration with the Alan Turing Institute for organisations on the processes, services, and decisions delivered or assisted by artificial intelligence to affected individuals.

Additional resources include:

• Guidance on the AI Auditing Framework
• Explaining decisions made with AI

The Personal Data Protection Commission ('PDPC') released the second edition of the Model Artificial Intelligence Governance Framework in January 2020. The Second Edition includes additional considerations, such as robustness and reproducibility, and refines the original model framework to become more relevant and usable. In addition, the Second Edition continues to take a sector and technology neutral approach, and expands the section on customer relationship management to include considerations on interactions and communications with a broader network of stakeholders.

The PDPC published, on 16 October 2020, a second compendium volume of uses cases of the Model AI Governance Framework.

The European Commission High-Level Expert Group on Artificial Intelligence ('AI HLEG') presented, on 17 July 2020, its final Assessment List for Trustworthy AI ('ALTAI'). ALTAI is a self-assessment checklist that is designed to help analyse whether the deployment, development, procurement, or use of AI adheres to the seven requirements for trustworthy AI previously established by AI HLEG. ALTAI proposes an example of the type of multidisciplinary team that is expected to complete the self-assessment, before detailing each requirement and posing a set of related questions. ALTAI also suggests initital questions to consider relating to fundamental rights and GDPR applicability, and provides a general glossary of terms. ALTAI works alongside AI HLEG's Ethics Guidelines for Trustworthy AI

The UK Government's Data Ethics Framework sets out principles for how data should be used in the public sector.

BSA is calling on governments to pass legislation to require private sector companies to perform impact assessments on high-risk uses of AI technologies. To aid governments in this effort, BSA released the framework Confronting Bias: BSA’s Framework to Build Trust in AI. The framework details how organisations can perform impact assessments to identify and then mitigate risks of bias that may emerge throughout an AI system's lifecycle.

Read here.

The Council of Europe ('CoE') announced, on 12 August 2020, that it had released a database and graphical visualisation on the distribution of strategic and ethical frameworks relating to artificial intelligence ('AI'), big data, data science, and robotics. In particular, the CoE outlined that more than 300 sources are contained in the database.

The Organisation for Economic Co-operation and Development's ('OECD') released, on 23 July 2020, Examples of Artificial Intelligence ('AI') National Policies for the G20 Digital Economy Task Force. The report includes an illustrative breakdown of AI policies and strategies from G20 nations, as well as in depth analysis for how these jurisdictions are addressing key concerns such as transparency and explainability.

The European Data Protection Board's ('EDPB') letter came in response to queries from Sophie in 't Veld and details the EDPB's views on the regulation of algorithms.

Standards Australia released a discussion paper on the development of AI related standards. The paper provides a broad overview of Australia's participation in the development of AI standards as well as considering various use cases for AI standards. The Office of the Australian Information Commissioner ('OAIC') released a response to the discussion paper, Developing Standards for Artificial Intelligence: Hearing Australia's Voice – submission to Standards Australia.

The Korea Communications Commission ('KCC') Principles (only available in Korean here) establish a baseline set of considerations for the development of user-centric AI at a national level. Among other things, the principles emphasise non-discrimination, participation, and accountability.

The International Organisation for Standardisation ('ISO') announced, on 5 November 2020, that it had released a comprehensive range of standards and technical reports providing a Big Data reference architecture and framework which organisations can use to effectively and consistently describe their architecture and its implementations. In particular, the ISO outlined that the five-part ISO/IEC 20547 series on Big Data reference architecture address framework and application process, use cases and derived requirements, reference architecture, security and privacy, and the standards roadmap. In addition, the ISO highlighted that, when used correctly, Big Data can help organisations make important strategic decisions, save time and resources, and better understand market trends and client needs.

The European Parliamentary Research Service ('EPRS') has produced various reports including Artificial intelligence: How does it work, why does it matter, and what can we do about it? and Artificial intelligence: From ethics to policy. Both of these report take an overarching view and consider general topics relating to AI and AI ethics.

The Commission de Surveillance du Secteur Financier ('CSSF') white paper on AI in the financial sector provides a detailed introduction to AI and machine learning implementation and potential applications in the financial sector, before exploring central AI concerns such as explanability and data security. The white paper also identifies key risks and recommendations.

The Office of Management and Budget ('OMB') Draft Memorandum sets out general policy considerations for the regulation of AI outside of federal agencies. The Draft Memorandum emphasises matters such as public trust and risk assessments, while exploring regulatory and non-regulatory approaches to guide AI development.

The European Parliament announced, on 14 July 2020, that the Policy Department for Citizens' Rights and Constitutional Affairs of the Directorate General for Internal Policies published a study on Artificial Intelligence and Civil Liability. The study analyses key concepts related to AI technologies and the applicable legal framework for civil liability. In addition, the study suggests the adoption of the principle of technology neutrality for AI technologies.

Google has developed principles for its AI applications.

The European Parliament released EU Guidelines on Ethics in Artificial Intelligence: Context and Implementation to address the ethical rules that are now recommended when designing, developing, deploying, implementing or using AI products and services in the EU.

The European Union Agency for Fundamental Rights ('FRA') issued a paper which deals with discrimination, a fundamental rights area particularly affected by technological developments.

The Surveillance Commission of the Financial Sector ('CSSF') issued a white paper which aims to provide the foundations for a constructive dialogue with all the stakeholders of the financial sector for a deeper understanding of the practical implementations of AI technology and its implications.

The House of Commons Science and Technology Committee published, on 23 May 2018, a report on Algorithms in decisionmaking. The report focuses on biases, accountability, and transparency, as well as the roles of supervisory authorities in the UK. The report predates the full impact of the GDPR and full establishment of the Centre for Data Ethics & Innovation in the UK.

The European Parliament announced, on 25 September 2020, that the European Parliamentary Research Service ('EPRS') had issued a study on the civil liability regime for artificial intelligence ('AI'). The study addresses, among other things, the socio-economic functions of civil liability rules in the AI context, the current EU and national legal liability frameworks and their application to AI, and future policy options and approaches.

The Australian Human Rights Commission released, on 24 November 2020, a technical paper addressing the issue of algorithmic bias when using artificial intelligence ('AI') to make decisions. In particular, the paper outlines five scenarios demonstrating how algorithmic bias may pose a risk of unlawful discrimination under federal, state, and territory anti-discrimination and equal opportunity laws. Furthermore, the paper notes that businesses with strong ethical principles and a concern for their reputation should avoid algorithmic bias regardless of whether this amounts to unlawful behaviour. In addition, the paper provides that the risk of harm must be considered in the context in which it arises and that AI systems should be rigorously designed, tested, and monitored.

The Council of Europe announced, on 30 March 2021, that the Ad hoc Committee on Artificial Intelligence ('CAHAI') is now preparing the elements of a legal framework on the design, development and application of artificial intelligence ('AI') based on Council of Europe's standards on human rights, democracy and the rule of law.

You can read the press release here and access the consultations dedicated page here.

The Organisation for Economic Co-operation and Development ('OECD') published, on 18 June 2021, its first report on the state of implementation of the policy recommendations to governments contained in the OECD Principles on Artificial Intelligence ('AI') adopted in May 2019.

You can read the report here.

The Data Security Council of India ('DCSI') announced, on 15 July 2021, that it had developed a handbook on data protection and privacy for developers of artificial intelligence ('AI') in India, establishing practical guidelines for responsible AI development and promotes ethical and privacy considerations from the design stage.

You can read the handbook here.