The advent of regulations such as the EU’s GDPR has put consumer data protection, including the right to privacy and unambiguous consent, in the spotlight. The tricky aspect with AI is that, in many cases, the proposed use may not be known at the time that information is collected, thereby making it difficult to ask for explicit consent for use. Enter the blanket consent statement. Although this may provide some legal cover, it does not engender trust. Rather, organizations must consider the question: Is this an application the consenting party would reasonably expect?
Establishing digital trust requires clarity regarding the nature of your relationship with your customers (be they your employees, partners, or customers). In practice, consumers are incredibly (often, shockingly) willing to share their data if they see clear benefit—individually or societally. Thus, the question of what is right and just becomes not simply one of identity protection but of shared values and benefit. In other words, what is the quid pro quo? And do both parties agree that it’s an equitable exchange?
Trust also requires your organization to clearly understand the implications and limitations of AI algorithms. AI solutions are not deterministic: Outputs can’t be precisely and perfectly prescribed, nor are they always repeatable. AI solutions will make mistakes.
Rationalizing risk in AI and understanding what is tolerable, fair, and equitable require cross-functional collaboration, including input and consent from the target customer.
- Privacy, Security, and Appropriate Use
Traditionally, security and privacy activities targeted discrete data sources and attributes containing personally identifiable or otherwise sensitive information. AI extends consideration to whether the combination of data used to generate insight creates additional exposure, as well as whether the proposed application is in line with the consumer’s reasonable intent when giving consent.
AI or no AI, information must be secured and managed in compliance with established privacy and usage policies. However, the volumes of data consumed and generated by AI can stress the ability for established processes and systems to scale, particularly given the need to maintain privacy and security without inhibiting accessibility and utility. An article by Gerry Rankin, global head of privacy risk management at Anonos (www.linkedin.com/pulse/why-gdpr-prefers-pseudonymisation-over-anonymisation-gerry-rankin), provides a nice recap of new and emerging privacy techniques, from homomorphic encryption to k-anonymity and differential privacy. Because AI is such a voracious data consumer, a large area of focus is preserving anonymity without undermining data utility (in other words, maintaining the ability to analyze and create value from the data).
For more articles like this one, go to the 2020 Data Sourcebook
Adding to the complexity, new regulations such as GDPR and California’s Consumer Privacy Act mandate proactive, consumer-led data protections, including the right to be forgotten. Undisclosed use and sharing of consumer data are also addressed and of special concern to AI. Lastly, these regulations include the right to object and to a human review of machine-driven decisions.
Of course, reviewing an algorithmic decision implies the underlying logic is known. Tools that provide transparency into algorithmic decision criteria and explain the results of otherwise obscure algorithms are evolving today. Such tools may identify potential bias or approximate the factors that most influence an output. They cannot, however, answer the question of whether a given outcome is, in fact, right or fair. Ensuring ethical and fair outcomes requires deliberate processes to keep humans in the loop while algorithms are being developed and after they are deployed.
What’s Ahead
These opportunities and challenges are not all-inclusive. Even so, the impact of AI as both an enabler and consumer of data governance and management is clear. Organizations with strong data governance and management foundations are better suited to make the changes required to both exploit and enable AI. For others, AI may prove to be the catalyst that finally gets a more holistic, sustained approach to push data governance over the starting line.