Privacy, Ethics & AI

Key Insights from our recent Roundtable Discussion with members of the QueryLayer Privacy Community

Due to the ever-expanding AI trend, concerns have been raised in relation to data privacy. These are proving to be challenging waters for privacy professionals to navigate.

In a recent roundtable discussion, we delved into the heart of this matter, shedding light on the need for a comprehensive AI policy.

As Eoin Fleming pointed out, this isn't an IT problem or a privacy problem, but rather is a business problem.

What is an AI Policy?

An AI policy is a set of guidelines, regulations, principles, and strategies that governments, organisations, and institutions develop to address the ethical, legal, social, economic, and technical challenges posed by artificial intelligence (AI) technologies. AI policies are designed to guide the development, deployment, and use of AI systems in a responsible and beneficial manner.

Eoin Fleming recommends that the AI policy be concise, no more than two pages, and written in a language that is understood by all.

Steps to take when creating your AI policy:

1. Identify Current and Potential AI Usage:

The first step in creating an AI policy should be to understand the current AI usage within the company. Eoin Fleming explained that, while there may not be a company wide initiative to use AI, it is likely that it is being used by some employees for content creation, analytics, etc., and this must be considered.

Once you have identified what it is currently being used for it is important to consider potential use cases for AI. This requires understanding the data being used, who is using it, for what purpose, and its potential impact.

2. Define Business Reasons for AI Usage

It is important to have a clear business reason for using AI, explained Eoin Fleming. It should not be adopted for its own sake, but with the intention of achieving specific business goals. Without a clear and valid reason for using AI it is probably best to refrain from using it.

3. Establish Rules and Guidelines

The policy should establish clear guidelines to prevent unethical AI usage. These rules will be specific to each company, depending on what they do with the data.

These guidelines should also ensure understanding of the evolving global regulatory rules and how to avoid pitfalls. Given the need to adhere to different regulatory policies worldwide, it is advisable to create an overarching policy as well as regional policies.

Tony Hibbert recommended carrying out a DPIA before embarking on the use of AI. He also explained how AI tools learn by reinforcement, which exaggerates bias, and therefore there is a need for anti-bias strategies to be in place.

4. Education, Training and Enforcement

Educating and informing employees about AI policies and responsible data usage is paramount. Clear instructions on data usage, control, and the boundaries should be communicated.

Eoin Fleming added that while having a policy is a good first step, tracking who reads and understands it is just as important, in order to ensure that it is put into practice.

Conclusion

Responsible AI usage is crucial for business success and maintaining ethical data practices. The increased popularity of AI underscores the necessity for such policies. Establishing a clear, concise AI policy that focuses on educating and training employees is considered to be the first step towards achieving this goal.