The use of artificial intelligence (AI) nowadays is pervasive and many organizations are attempting to develop their version of AI. The EU AI Act was recently passed in August 2024 after years of discussion between the European Commission and Parliament, and now it regulates the use and development of AI systems in the EU. The Act deals with ensuring responsible and ethical AI usage and development. TechGDPR’s new service of Data Officer can help with compliance with all relevant regulations including the EU AI Act and assess whether the EU AI Act is applicable to your use case. Through the drafting of AI policies a Data Officer can help achieve fairness, accountability, and transparency for your AI usage or development.
The EU AI Act
The EU AI Act is one of the first laws in the world designed to regulate AI, setting rules to ensure AI systems are safe, ethical, and respect human rights. It classifies AI systems into four risk categories — from minimal risk to high risk. The stricter the category, the more oversight and compliance are required. The AI Act also outlines use of AI that is prohibited within the EU. Chapter 2, Act 5 of the EU AI Act prohibits the following uses of AI:
- Using manipulative techniques to distort behavior and impair informed decision-making, causing significant harm;
- Exploiting vulnerabilities related to age, disability, or socio-economic status to distort behavior, causing significant harm;
- Inferring sensitive attributes (e.g., race, political opinions, sexual orientation) through biometric categorization, except for lawful purposes;
- Social scoring that leads to detrimental treatment based on social behavior or personal traits;
- Assessing criminal risk solely based on profiling or personality traits, unless supporting human assessments based on objective facts;
- Compiling facial recognition databases by scraping images from the internet or CCTV footage;
- Inferring emotions in workplaces or educational institutions, except for medical or safety reasons; and
- ‘Real-time’ remote biometric identification in public spaces for law enforcement, with exceptions for serious cases like missing persons or imminent threats.
There are also special considerations and requirements for the development or use of high risk AI systems, which are classified as such in Chapter 3 of the EU AI Act which could result in the necessity of a risk management system. Risk management systems are frameworks for identifying, mitigating, and managing AI-related risks, especially regarding discrimination and data breaches.
Lastly, the providers of General Purpose AI systems (GPAI) are subject to special requirements under Chapter 5.
Important Principles for Ethical AI Policies to Address
When developing ethical AI, it is important to emphasize fairness, accountability and transparency. It is not just important in the development of AI systems but the use of AI systems. In essence, ethical AI is about ensuring that as AI technology advances, it does so in a way that respects human dignity, promotes fairness, and fosters trust, ultimately contributing to the well-being of individuals and society as a whole.
Fairness
The primary objective of a fairness policy is to eliminate algorithmic bias and ensure that AI decision-making processes treat all individuals equitably. An AI policy should include comprehensive protocols such as fairness assessments, regular bias audits, and data diversity requirements during the training phases of AI systems. By mandating AI fairness testing before deployment and continuously monitoring systems for potential biases, organizations can proactively address and mitigate any unfair treatment. For instance, consider the case of Amazon’s AI recruitment tool, which was found to exhibit bias in hiring practices against women; this highlighted the necessity of implementing bias mitigation policies in AI-driven recruitment processes to ensure equitable outcomes.
Accountability
Establishing clear lines of responsibility for AI decision-making is crucial to ensuring human oversight and accountability. An AI policy should address the issue of accountability by defining specific roles and responsibilities within the organization for the oversight of AI systems. This includes establishing audit trails to track decisions and requiring regular reviews of AI outputs to ensure accountability. As Data Officers, TechGDPR can help in the development of these policies. Since the role of Data Officer involves data governance, we can help ensure oversight for your organization to maintain control over AI systems and understand their impact on decision-making processes.
Transparency
Transparency in AI systems is essential for building trust among users and complying with regulatory demands. The principle of transparency is also mentioned in Art.12 GDPR. An AI policy should be transparent and include protocols that mandate the use of explainable AI models, thorough documentation of decision-making processes, and clear disclosures in privacy notices regarding AI-driven data usage. A good AI policy should require organizations to provide stakeholders with comprehensible explanations for AI-driven decisions, ensuring that the operations of AI systems are understandable to both users and regulators. Organizations that adopt explainable AI frameworks such as the OECD Transparency and Explainability Principle, for example, can better maintain transparency and meet regulatory requirements, fostering trust and accountability in their AI applications.
The Role of Data Officers in Ethical AI Policy Creation
Data Officer is a new service provided by TechGDPR in which we can help with AI compliance as well as serving as a Data Protection officer, a role which can be mandated by the GDPR. Instead of having multiple people filling these roles, a Data Officer can understand how to navigate everything for your peace of mind. It is not a traditional role for privacy or AI compliance but this innovative role can alleviate stress for how to navigate multiple regulations including the AI Act as it is so new.
Conclusion
In conclusion, as AI continues to permeate various industries, ensuring its ethical use is paramount. The EU AI Act lays out new legal requirements for AI systems and multiple frameworks including the OECD emphasizing the need for fairness, accountability, and transparency which can be done through the creation of AI policies. Organizations must not only comply with these regulations but also proactively adopt ethical AI practices to build trust and mitigate risks.
TechGDPR’s Data Officer service offers a comprehensive solution, integrating AI compliance with data protection and privacy governance. By crafting and implementing tailored AI policies, a Data Officer can ensure that your organization’s AI systems are not only legally compliant but also ethically sound, fostering a responsible approach to AI development and usage. As the landscape of AI regulation evolves, partnering with a Data Officer will be crucial in navigating these complexities and maintaining your organization’s commitment to ethical AI.