Artificial Intelligence: From Ethics to Regulation

Artificial Intelligence: From Ethics to Regulation

The study launched by the European Parliament last month builds on the AI-HLEG Ethics Guidelines for Trustworthy AI and seeks to find alternatives that might help to move from AI ethics to regulation. 

In our previous blogs and vlogs we have discussed the application of the Ethics Guidelines for Trustworthy AI in several contexts and industries, like retail and real estate. However, there is a need for precision in practical terms. For this purpose, the European Parliament has just published a document where different alternatives are explored in order to develop specific policy and legislation for governing AI.

Important considerations about ethics

The European Parliament considers that there are some preliminary points about ethics that should be understood before moving forward with the analysis of further implications of ethics on AI:

  1. Ethics is not about checking boxes. It should be addressed through questions based on deliberation, critique and inquiry.
  2. Ethics should be understood as a continuous process where regular checks and updates become essential.
  3. AI should be conceived of as a social experiment that makes possible to understand its ethical constraints and the kinds of things that need to be learnt. This approach may facilitate the monitoring of social effects thus they can be used to improve the technology and its introduction into society.
  4. Moral dilemmas do not make possible to satisfy all ethical principles and value commitments at the same time, which means that sometimes there will not be a specific response to a problem, but a set of various options and alternatives which an associated ‘moral residue’ each instead.
  5. The goal of ethics is to provide strong enough rationale that an individual is compelled to act in a way they believe is the right/good way.

Key AI ethics insights

According to the study, there are six main elements of AI that should be addressed when it comes to an ethical implementation of algorithms and systems:

  • Transparency. Policy makers need to deal with three aspects: the complexity of modern AI solutions, the intentional obfuscation by those who design them and the inexplicability regarding how a particular input results in a particular output.
  • Bias and fairness. Training data is deemed essential in this context and there is a need for definition of ‘fair’ and ‘accurate’ concepts.
  • Contextualization of the AI according to the society in which it has been created and clarification of the society’s role in its development.
  • Accountability and responsibility.
  • Re-design risk assessment to make them relevant.
  • Ethical technology assessments (eTA). The eTA is a written document intended to capture the dialogue between ethicist and technologist and it comprises the list of ethical issues related to the AI application for the purpose of identifying all the possible ethical risks and drawing out the possible negative consequences of implementing the AI system.

Why is regulation necessary?

The European Parliament points out the following reasons that motivate the need for legislation:

  • The criticality of ethical and human rights issues raised by AI development and deployment.
  • The need to protect people (i.e. the principle of proportionality).
  • The interest of the state (given that AI will be used in state-governed areas such as prisons, taxes, education, child welfare).
  • The need for creating a level playing field (e.g. self-regulation is not enough).
  • The need for the development of a common set of rules for all government and public administration stakeholders to uphold.

What are the policy options?

While ethics is about searching for broad answers to societal and environmental problems, regulation can codify and enforce ethically desirable behaviour.

The study proposes a number of policy options that may be adopted by European Parliamentary policy-makers:

  1. Mandatory Data Hygiene Certificate (DHB) for all AI system developers in order to be eligible to sell their solutions to government institutions and public administration bodies. This certificate would not require insight into the proprietary aspects of the AI system and it would not require organisations to share their data sets competing organisations.
  2. Mandatory ethical technology assessment (eTA) prior to deployment of the AI system to be conducted by all public and government organisations using AI systems. 
  3. Mandatory and clear definition of the goals of using AI when it comes to public administration institutions and government bodies. The aim is avoiding the deployment of AI in society in the hope of learning an unknown ‘something’. Instead, it is proposed that there must be a specific and explicit ‘something’ to be learned.
  4. Mandatory accountability report to be produced by all organisations deploying AI systems meant as a response to the ethical and human rights issues that were identified in the eTA.

Practical considerations about eTA reports


The seven key requirements of the Ethics Guidelines for Trustworthy AI  may be used by organisations to structure an eTA, namely:

  • Human agency and oversight.
  • Technical robustness and safety.
  • Privacy and data governance.
  • Transparency.
  • Diversity, non-discrimination and fairness.
  • Societal and environmental well-being.
  • Accountability.

Otherwise the European Parliament also suggests to use the following nine criteria: (1) Dissemination and use of information; (2) Control, influence and power; (3) Impact on social contact patterns; (4) Privacy; (5) Sustainability; (6) Human reproduction; (7) Gender, minorities and justice; (8) International relations and (9) Impact on human values. 

The eTA should be concrete though, thus it may be extended in order to cover: (a) the specific context in which the AI will be used; (b) the AI methodology used; (c) the stakeholders involved and (d) an account of ethical values and human rights in need of attention.

Who is going to make eTA reports?

The tasks in the eTA log require experience in identifying ethical issues and placing them within a conceptual framework for analysis. For this reason, the European Parliament highlights the likelihood of a future role for ethics and for ethicists in the regulation process engaged in organisations around AI.

Will SMEs be able to afford this?

In order to create a level playing field across SMEs, the European Parliament plans to provide an adequate margin of three years and offer small and medium companies EU funding to assist them with report completion as well as with the necessary capacity-building measures. This model parallels the incremental process for companies to comply with the GDPR.

Does your company use AI? You may be affected by EU future regulatory framework. We can help you. Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessmentsEU AI Ethics assessments and Data Protection Officer outsourcingContact us today.

EU Digital Sovereignty

EU Digital Sovereignty: Ideas for a more resilient EU.

EU digital sovereignty is of paramount importance in the face of the rapid technological evolution currently taking place globally.


A call for EU digital sovereignty had been brought to the forefront of many conversations among policy makers, in light of growing concerns over EU citizens losing their control of their data, capacity for innovation and ability to enforce legislation in the digital world. The concept of “digital sovereignty” had recently sprung forth as a means of promoting the idea of leadership and strategic autonomy in the digital world for Europe. There has been major concern over the threat placed on EU citizens by the economic and social influence of non-EU technology companies. This has made very clear the need for Europe to be able to act independently in the digital world. 


President of the European Commission, Ursula von der Leyen has named digital policy as one of her key political priorities during her term. The increase in Chinese technological presence in the EU has become a source of concern for the EU Parliament. A need and opportunity to reduce such dependence has presented itself, especially in light of the coronavirus pandemic and its revelations on the essential role of the tech sector on the continuity of social life, businesses and administrations. A recent Commission report highlighted the fact that at times, competition from global tech-driven players disregarded European rules and values, and deeply involved data appropriation and valuation. This has compelled the need for technological sovereignty, and for advancements in developing a secure, competitive and inclusive digital economy built on ethics and with world class connectivity. There has been a call for special emphasis on issues of data security and artificial intelligence.


The present situation highlights the need for EU digital sovereignty, while presenting some concerns and opportunities for improvements in the areas of EU Data economy and innovation, privacy and data protection, cyber security, data control and online platforms’ behavior. 

EU data economy and innovation


While the EU has strong acids including a world leading AI research community and a range of innovations such as 5G, artificial intelligence,  cloud computing, and the internet of things, the region is behind the United States and China in private investment, and the rate at which AI has incorporated into the society. The two countries also surpass the EU on things like data collection, data access, patent applications and development of essential hardware like supercomputers. The potential dependence on foreign technology presents a risk to Europe’s influence in the digital field.


In response to this the EU has implemented several initiatives to narrow the investment gap. EU policy makers have also been designing tools to adapt EU industrial and technological capacity to the global competitive environment. For example, the European data strategy adopted in February of this year forges the path for the creation of European data spaces to ensure that more data becomes available for use within the European economy and society.


Privacy and data protection.


The Cambridge Analytica scandal showed how online platforms can extract personal data for Political profiling purposes. In addition, the economic model of large tech companies like Google, Apple, Facebook, Amazon and Microsoft  are largely based on the collection and exploitation of online users’ data for advertising purposes. Trends like these, are often referred to as surveillance capitalism, and are a source of concern in the EU. There is a need for EU citizens to be able to control the digital data in an online environment that is largely dominated by non EU tech companies.


To combat this, the EU has taken on a very stringent approach to privacy and data protection with the GDPR at it’s centre. The European Union is seen as a standard setter in the world of privacy and data protection. As a matter of fact, several other countries outside the EU have incorporated aspects of the GDPR into their own national legislation. While the coronavirus pandemic has added a layer of difficulty to implementing this framework, the member states are looking at adopting location tracking measures to contain the spread of the virus in conjunction with implementing technical solutions to deal with the issues presented by this crisis.


Cybersecurity, data control and online platforms’ behavior


The EU’s reliance on Chinese 5G infrastructure has proved to be a critical weakness for the region. There is also growing concern over the EU Member States’ lack of control over data produced on their territory, with the global public cloud market being largely dominated by us and Asian companies. In addition to this, issues of competition have been raised by the control that large tech companies have, making it hard for others to compete in new and innovative markets. 


The EU has taken a multifaceted approach to combating this issue. In addition to several tools adopted within recent years, for example the Network and Information Security Directive (NIS), the European cybersecurity act, and EU-wide cybersecurity certification scheme for ICT products, there have been further advancements in legislation. Following the Huawei debate, the Commission adopted recommendations for a common approach to the security of 5G networks in March of 2019 and this year published an EU tooltbox on 5G cybersecurity.


Further EU Initiatives towards EU Digital Sovereignty

Data Framework.


There are several initiatives being brought forward by the EU in order to secure digital sovereignty. For starters, the data framework could be revised to make provisions for EU based cloud storage. With non-personal data regarded as the critical, raw material of the digital economy, and cloud storage expected to overtake local device storage this year, this is seen as an important move. It is expected to not only strengthen Europe’s data sovereignty, but also address the fact that cloud storage is an industry almost dominated by non EU companies. The implications of this could potentially be to the detriment of EU citizens’ security and rights. 


In recent times, France and Germany have announced a joint, European cloud initiative; Gaia-X project. While more action could be decided upon at an EU level in order to help implement an EU-wide cloud infrastructure, this latest development is regarded as an important tool to ensure the safety of data for these European citizens, businesses and governments. The proposed EU data framework to facilitate data collection, processing and sharing has the potential to put Europe in the lead in collecting and processing data, and to secure access for innovators to data, particularly in the spheres of B2B (business-to-business) and G2C (government-to-citizens). 


There is much more that could be done with regard to investment in frontier technologies, including AI, IoT, blockchain, high performance computing and quantum technologies, which should be encouraged in order to implement the productivity breakthrough that Europe needs. The execution of the 2021-2027 multiannual financial framework currently under consideration is critical to that cause. Likewise, the Digital Europe programme, the first ever EU programme primarily dedicated to digital transformation, among others.


Trustworthy Environment.


The EU approach to digital matters has become centered around ensuring transparency and trust. There presents a challenge for the EU to introduce new standards and practices ensuring trustworthy and controllable products, whether they are of EU or foreign origin. This will require new tools in the fields of cyber security, AI and data protection. 


With regard to cybersecurity, there is a need to influence three main aspects. Changing the EU-wide certification scheme from voluntary to compulsory, especially as the framework for this programme is up for review in 2023. This would be a definite step forward in securing a safe environment, particularly for 5G networks. It could also potentially set the EU apart as a standard setter in the field of cybersecurity. In addition to this, inadequate coordination of cybersecurity is one of the main issues faced by EU policy makers. An important action to combat this would be to finalize the adoption of the Commission proposal to establish European Cybersecurity Competence Centers. 


Furthermore, there is a call for security to become an obligatory aspect in every public procurement procedure for relevant infrastructure nationally and throughout the EU. Each EU member state should create specific security requirements for application in the context of public procurement related to 5G networks. This should include mandatory cybersecurity certification requirements. 


Competition and Regulation.


In light of recent events, there has been a greater apparent need for update and adaptation regarding the EU’s competition policy and the digital regulatory framework. Recently, we reported on German competition law and Facebook’s breach of it. There are calls for a shift towards more defensive and prudential mechanisms for the entire EU, including regulation to address foreign state ownership and distortive practices by large tech companies. It is important to protect the potential of European tech start-ups and small and medium-sized enterprises. This may involve new tools for more synchronous investment screening mechanisms and for assessing takeovers in high tech EU companies. This, along with the implementation of strategic limits on foreign investment, exceptions to state aid and competition policy, could ensure coordination between EU member states on this matter. This is extremely necessary, especially when considering the swift technological evolution currently taking place. In the end, building a genuinely sovereign EU digital environment will also require addressing the insufficient coordination between regulators in this field. It will take a revamp to the current governance mechanisms both between sector specific regulators and beyond. This is critical to ensuring a coherent approach to EU digital sovereignty. 


Aphaia provides a number of services in relation to EU ICT regulatory framework compliance, including GDPR data protection impact assessments, Data Protection Officer outsourcing, telecoms regulatory consultancy, and EU AI ethics assessments. Get in touch today to find out more.

AI Ethics in Real Estate

AI Ethics in Real Estate is imperative to the industry and its ability to function within regulation, as the use of AI gradually expands in this sector.


The Role of AI in Real Estate and Construction


Artificial Intelligence definitely has been very difficult to implement in very aesthetic based markets such as the real estate market when it came to traditional sales or other tasks,  as it is the second least digitized industry in the world. However many companies have now adapted to using AI in the real estate and construction industries for increasingly important and more detailed tasks.

Using certain technologies that use the physical features, location and other related variables to link the best combination of features for either persons looking for a home or those trying to build one. AI has the capability to see unlikely linkages among properties which may lead to them showing it to the perfect match at the perfect price range. If accurate, it meets all of their needs and the needs of similar buyers.


The number one issue with the real estate industry and AI is the different categorizations of data on property, many aspects of a property that may add or diminish its value are very subtle and nuanced, however the increased datapool over the past few years has greatly increased the level of analysis possible by an Artificial Intelligence system. Also, over time the more persons who use the system the more sophisticated it gets, and the more the same person uses it, it filters out their dislikes and records that data to give even more accurate results.

Interactive AI would also use customer data including photos of their own home, or homes with features they appreciate, this will allow them to combine enough of their favourite features into a property which has calculated all of their preferences , down to build material. Within the construction of homes, AI can definitely increase the efficiency of space use, as many legacy home designs have very artistic considerations. If a company or client is trying to maximise the full plot of land they have available, AI can devise a very concise floor plan, and dimensions to exemplify the preferences of the builder.


Considering cost and efficiency as well, sourcing the applicable materials, its availability and price along with other considerations including health and environmental concerns, AI could streamline this process where a final Human approval from an expert of the schematics and building plan would have to be okayed. A key point to acknowledge is, the property itself is one concern but neighbourhoods play huge roles in deciding where someone may raise their family. Proximity to schools, fields, gyms, clubs, groceries and other key considerations in their immediate vicinity. What makes a 2 bedroom Flat in one city cost more than the other?

AI systems can find these correlations a lot easier and through many more facets, as long as they are trained to know what to look for. Again the key consideration of AI is it is always heavily dependent on the quality of research and data it uses as its source material.


The Need for AI Ethics in Real Estate


With all of the wonderful considerations that AI can now make, it is now up to the human element to implement the correct ethical programming or AI use to make sure certain rights of citizens are upheld. The current state-of-the-art makes It impossible for a program or piece of technology to have a conscience (that we know of) that is to say, that if not properly regulated and monitored the AI can definitely take advantage of societal detriments.

The first, and most obvious elephant in the room is AI that distinguishes persons by race and uses that as some sort of relevant criteria to match them with a proper home or neighbourhood to purchase a home/land. A machine however wouldn’t know that pairing a person of a minority ethnicity with other majority ethnic neighbourhoods, despite their price range due to “social preference” parameters is inherently prejudiced and something that cannot be allowed to happen. Also the jump in AI in the real estate market is due to more personal information being siphoned from homeowners, from real estate websites and search engines, forums, social media  and other sources.


Is enough being done to protect homeowner information or buyers’ information?


Several questions and considerations come into play regarding the ethical use of AI systems in the real estate and building markets. Is enough being done to protect homeowner information or buyers’ information? Are these data collection agencies processingthis data with all the necessary GDPR guidelines in mind? Is there total transparency on these collection or utilization processes that make every party fully aware of how the information is to be used? Any time personal information is on the table as a key consideration it is always a dicey topic and AI manufacturers and developers have to be wary not to risk ethical programming for quantitative accuracy as the long term impact could be detrimental to the guaranteed rights of civil society.


Whether the AI actively seeks out information on its own is also a consideration as it could gain access to information that could change the quality of its searches drastically and affect the objectivity of the search. Also with the ability to maximise and fully make efficient use of space materials, square footage and all other factors, AI can make it easy to cut corners in the industry as well. It could turn a two million euro project down to something a lot less dear with the sourcing of alternate materials for building material or nails and screws.

Also comfort may not  be a consideration accurately depicted by an AI system in every situation. The purpose of the project and its scale is something very important to consider as well. Architects and Contractors have to make sure that each building is sufficiently comfortable for persons to function and doesn’t skimp on any of the necessary features of a modern day building.


In addition to that, long term cost reduction and consideration for the environment when choosing energy sources for homes is something that is a personal choice for each building owner and should not be left to the agency of the machine or software, even if there is a best, or most applicable type of energy source that may be recommended by the software. There are many considerations that machines simply cannot make unless we teach them how to, and there are important questions developers must ask themselves about their code, but the two most important are : Does it work? And if Yes,is  it Ethical?


We recently released a new vlog exploring the use of AI in the real estate sector, as part of a series on AI ethics within various industries.


Are you worried about COVID-19, regardless of the industry? We have prepared a blog with some relevant tips to help you out, covering COVID-19 business adaptation basics .


Subscribe to our YouTube channel to be updated on further content.

Do you have questions about how AI is transforming the real estate sector and the associated risks? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including Data Protection Impact Assessments, AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

CNIL Smart and Thermal Cameras Caution

CNIL Smart and Thermal Cameras Caution

French data protection authority CNIL calls for caution in the use of smart and thermal cameras, due to the fact that certain proposed systems do not comply with the legal framework for the protection of personal data. 


The preservation of anonymity in public spaces is an essential part of exercising personal freedoms like the right to privacy and the protection of personal data, freedom to come and go, freedom of expression and the right to demonstrate, etc. Capturing images of people in these public spaces undoubtedly carries the risk of hindering their fundamental rights and freedoms. The rampant deployment of surveillance devices would involve the systematic collection and analysis of data from individuals circulating in public spaces. There is the view that the massive deployment of these devices, systematically monitoring people, presents the risk of normalizing a feeling of surveillance among citizens, resulting in a modification – intended or suffered – of their behaviors. It can also lead to a phenomenon of addiction and trivialization of intrusive technologies, constant surveillance.


More generally, the specific use of smart cameras in the context of the current state of health crisis raises important issues. CNIL had previously called for democratic debates on new video uses in September 2018 and more specifically on facial recognition in November 2019. Regarding thermal imaging cameras, however, it should be noted that the health authorities questioned by CNIL expressed reservations about these devices. They pose the risk of not identifying infected people since some are asymptomatic and it can also be bypassed by taking antipyretic drugs (which reduce body temperature without treating the causes of fever).


The rights of individuals must be respected, including in the context of a health emergency.


The possible implementation of such surveillance systems must comply with the applicable legal framework (GDPR, French Data Protection Act,Data Protection Directive (EU) 2016/680 for Police and Criminal Justice Authorities ) and must also be accompanied by a commitment to preserve individual freedoms and particularly the right to privacy. It is for these reasons in particular that surveillance devices are subject to specific legislative framework in the Internal Security Code. CNIL recalls that the use of “smart” cameras, however, is not currently and specifically provided for in any text. Their usefulness, based on specific circumstances, could not be assessed or debated at a more than general level, by the organizations deciding to set them up.


The CNIL insists on the need to provide an adequate textual framework.


The CNIL insists on the need to provide an adequate textual framework, which is required when sensitive data is processed; or the right of objection cannot be applied in practice in public spaces. They also call for this framework to be applied to all the assurances that these smart camera devices must provide in terms of the GDPR – demonstration of their necessity and proportionality, limited retention period, pseudonymization or anonymization measures, lack of individual monitoring, etc.). In addition, the deployment of thermal cameras, which process health data (body temperature), should be given special attention.


The EDPB states; “For video surveillance based on legitimate interest (Article 6 (1) (f) GDPR) or for the necessity when carrying out a task in the public interest (Article 6 (1) (e) GDPR) the data subject has the right – at any time –to object, on grounds relating to his or her particular situation, to the processing in accordance.“ It also goes on to mention that unless the controller demonstrates compelling legitimate grounds that overrides the rights and interests of the data subject, the processing of data of the individual who objected must stop and requests from data subjects must be answered without undue delay or at the latest within one month. 

A call for caution in the deployment of irregular devices.


The fight against the COVID-19 pandemic has led some parties to consider deploying smart cameras intended in particular to measure temperature, detect fevers or even ensure compliance with social distancing or wearing a mask. While CNIL recognises the legitimacy of the objective of flattening the curve of this global pandemic, they consider it necessary to warn that, based on a case-by-case analysis, it appears that most of these devices do not comply with the legal framework applicable to the protection of personal data.


When it comes to automated processing of personal data which falls under the GDPR, such devices most often result either in the processing of sensitive data without the consent of the parties concerned (in particular the temperature), or in the waiving of the data subject’s right to opposition. In both cases, these devices must then be subject to a specific regulatory framework, which will require officials to question the proportionality of the use of such devices and the necessary assurances.


Does your company utilize smart cameras, thermal cameras or facial recognition? If yes, failure to adhere fully to the guidelines and rules of the GDPR and Data Protection Act 2018 could result in a hefty financial penalty. Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, EU AI Ethics assessments and Data Protection Officer outsourcing. Contact us today.