Digital Privacy AI (trust + data protection) / GDPR Flashcards
What is AI ?
Machine based system that can do predictions, recommendations and decisions using machine and human inputs (performs tasks in similar ways to human)
=> AI is limited for certain tasks
AI risks
Misbehavior of AI
Bias
Abuse of AI systems by humans
Black box algorithms
EU artifice intelligence act (AI act)
1st law to regulate AI systems
Risk based approach
- Unacceptable risk (social scoring)
- High risk (specific requirements for risk management)
- Limited risk (transparency obligation)
- Low risk (exempt from regulation)
What makes AI more reliant?
Transparency and reliability
Problems of Black box algorithms ?
opaque AI systems, no information about how AI takes decisions and actions
Solution of Black box algorithms ?
Explainable AI (XAI):
=> makes AI more transparent by providing clear explanations of their decisions => transform into glass boxes
=> Transparency helps users to understand how AI models work (improving performance and building trust)
EU digital strategy
- Technology in the interest of humanity
- Democratic and sustainable society
- Fair and competitive economy
Trust is distinguished by
Control
Cooperation
Confidence
Predictability
Propensity
tendency to trust based on experience (gender, age, cultural background)
Key factors influencing trust
Performance
Process
Purpose
Trust definition
bridge in the relationship between a truster and a trustee, in a function to reduce complexity (heuristic) and include a willingness to take risks
Digital Trust radar tool (DTR)
filters and access specific guidelines on responsible and trustworthy AI
Data privacy
protects our personality and fundamental rights (foundation of our democracy)
Data protection
Data relating to an identified or identifiable natural person
Processing should be:
lawful
appropriate
proportional
transparent
accurate
Consent must be given…
voluntarily and explicitely
High risk in data processing
arises from the use of new technologies (in particular concerning sensitive personal data, health ethnicity)
Data Protection Impact assessment (DPIA)
=> tool for evaluation on data processing
=> analyzes documents and evaluates data processing and its risks to identify and reduce them
=> contains measures to protect privacy and fundamental rights
Data compliance
refers to law, regulations and industry standards related to data privacy
=> ensures that data is collected, stored, processed and transmitted in a secure and ethical manner (respecting rights to privacy)
Core GDPR principle
Data protection by design & by default
=> ORG should implement technical and organizational measures to makes sure that systems and processes are designed around data privacy
Condition of data processing
when there is lawful basis allowing the processing of the data OR data subject gives clear affirmation of consent (revocable at any time)
Why documentation requirements ?
data collection and processing must be documented
=> allow ORG to maintain overview of where personal data is used (which system and the reason)
companies processing personal data systematically should nominate a..
data protection officer (DPO)
Roles
Data subject (interest in the protection of data)
Data controller (set purpose and means of the processing)
Data processor (processes on behalf of the controller)
Processing
any operation performed on personal data
GDPR regulates ?
regulate the processing and using of personal data of European citizens
Personal data
Any information relating to an identifiable or identified natural personal