Artificial Intelligence Laws, Privacy and the GDRP
The author is a UK qualified and fully licensed current practicing solicitor that has had spectacular success with technology businesses including cryptocurrency and blockchain ventures and other new technologies start-ups he represents. He is an expert in technology media telecommunications, as well as IP
What is AI?
According to sas.com the term ‘artificial intelligence’ (AI) was first coined in 1956, recently the pace of AI development has accelerated exponentially driven by big data, continual inventions of advanced algorithms, and ever advancing computing storage and processing power. AI essentially comprises of 1. Data 2. Information and 3. Knowledge. At its highest-level AI describes machines that are designed to mimic human behaviour. This includes how we reason, analyse, deduce and perceive. The popular depiction of AI are robots on the movie screen taking over the world, but AI is used every day in far simpler and less dramatic ways in our hospitals, schools, retail outlets, all around us.
What law applies to artificial intelligence and robotics?
Given that the UK autumn budget saw Philip Hammond announce that the UK will be at the leading edge of AI and data driven technology, the EU’s ambitions for AI to play a significant role in their wider digital strategy, and China’s pledge to be the world leader in AI tech with a commitment to spend billions of dollars – there has been greater urgency in addressing the legal risks of AI and robotics.
The House of Lords Select Committee on Artificial Intelligence was set up on 29 June 2017 with the following purpose: “to consider the economic, ethical and social implications of advances in artificial intelligence, and to make recommendations.”
Clearly ethical and social implications are quite different from legal standards and risks. Laws are linear, factual and objective. Whilst ethics and social morals are abstract, subjective and lateral. However, laws are in part based on ethics and morals, so we can expect any eventual laws passed to be informed by them.
Privacy and Data Protection
Since data, information and knowledge is fundamental to the make-up of AI the application of privacy and data protection law to AI are a key part of any legal discussion. The existing legal framework to deal with privacy and data protection in the UK is the Data Protection Act 1998 which is being replaced by the General Data Protection Regulations on the 25 May 2018. The GDRP is a major piece of legislation that is 88 pages long consisting of 99 articles in 7 parts and a full review of it is beyond the scope of this article but suffice it to say that it completely overhauls the current framework.
The key points are that the GDRP –
1. Continues beyond Brexit.
2. UK domestic legislation is required to deal with some of the details – Data Protection Act 2018
3. Processing of personal data is lawful solely if one of the conditions in Article 6(1) applies.
4. Data Controller must demonstrate consent. Even where consent is given controller is still required to comply with processing principles under Article 5.
5. Additional rights are afforded to the data subject – including right to erasure, right to obtain personal data in a portable form.
6. Opt-out consent is no longer valid. See draft guidance on the principle by the ICO and Article 29 Working Party
7. Opt-in consent is compulsory.
8. Implicit consent is dead and buried.
9. Consent means “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her“: Article 4(11).
10. Children – specific consent is required under GDPR to process a child’s personal data.
The challenge for AI is that there does not appear to be an AI specific set of regulations. A best practice standard is required specifically for AI developers.
Best Practice Framework For AI
The EU Parliament published a draft report with recommendations to the EU Commission on Civil Law rules on Robotics on the 31 May 2016.
It was the first time the European legislature had ever considered the issue of a best practice legal framework for AI. The report recommends that areas of the law around liability should be strengthened and a voluntary ethical code of conduct be established, along with establishment of an agency that seeks to set a standard of excellence for AI development.
Currently China, Japan, US and South Korea appear to be more advanced in terms of embracing AI and providing a best practice framework but as the above-mentioned report demonstrates the EU are starting to participate in the global legislative process. Hopefully the UK will not be far behind.
PAIL Solicitors expertise is solely on digital technology and intellectual property matters focusing on copyright and trademark litigation and registration as well as commercial contract drafting. We really enjoy what we do and love to see clients launching and building businesses that are important to them. PAIL is in the best position to assist clients because we know our niche marketplace very well. Consultations are at hourly rates. If you wish to contact us for specific advice email to [email protected]