Combining AI, IoT and Big Data: Can Regulation Cope?

AI, IoT, Big Data

In last week’s vlog we delved into the regulation of AI, IoT and Big Data when used together.

AI, IoT and Big Data—these technologies and digital concepts undoubtedly play a major role in today’s highly connected era. As they are now; and continue to become more and more; integral in our day to day lives, several regulatory measures—including the GDPR and DPA 2018—have been implemented in order to protect individuals’ personal data, privacy and associated rights. But how should they be regulated when they all work together?

First of all we need to understand what each of these concepts means:

Artificial Intelligence (AI): John McCarthy, who coined the term in 1956, defined it as “the science and engineering of making intelligent machines.” A more modern definition explains AI as “the simulation of human intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using the information), reasoning (using rules to reach approximate or definite conclusions) and self-correction”.

Internet of Things (IoT): IoT is understood as “a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction”.

Big Data: a popular definition of Dig Data, provided by the Gartner IT glossary, is “…high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”

As you can see, all of them involve data processing, so it is clear that all of them should comply with the GDPR when the information affected is personal data or with the Free Flow of non-Personal Data Regulation when it doesn’t. But are there any other mandatory requirements laid by Law apart from the data protection and privacy ones that they should meet? Actually there are, but the challenge is that each of them has different features and needs.

For example, AI raises many ethics concerns, as discussed in some of our previous videos and IoT is dependent on 5G and Telecoms Regulation, while Big Data may tackle challenges from both AI and IoT.

That said, how can regulation cope all these technologies when they apply together, e.g. in a project?

We suggest different scenarios about how this could be addressed:

o Impose an obligation to businesses, universities, public bodies, etc. to count with a legal ITC professional in the team before carrying out any project that involve the use of AI, IoT, Big Data or similar technologies. A specific certificate for these professionals might be issued by accreditation bodies.
o Tech-specific Regulation and Legislation that put together most of the ITC risks and challenges with mandatory minimum requirements on how they should be applied.
o Independent Legal Tech EU Body which launches guidance and code of conducts about the main ITC issues and challenges.

Even though regulation and codes of conduct may help to unify standards, due diligence and commitment from the managers and the team involved in a project are still essential and key to ensure appropriate safeguards regardless of the specific externally-imposed requirements.

 

If you need advice on your AI product, Aphaia offers both AI ethicsand Data Protection Impact Assessments.

 

 

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *