Strasbourg, 28 January 2019
On the occasion of Data Protection Day on 28 January, the Committee of the Council of Europe’s data protection treaty “Convention 108” has published Guidelines on Artificial Intelligence and Data Protection.
The guidelines aim to assist policy makers, artificial intelligence (AI) developers, manufacturers and service providers in ensuring that AI applications do not undermine the right to data protection.
The Convention’s Committee underlines that the protection of human rights, including the right to protection of personal data is essential when developing or adopting AI applications, in particular when they are used in decision-making processes, and that they should be based on the principles of the updated data protection convention, “Convention 108+”, opened for signature on 10 October 2018.
In addition, any AI application should pay close attention to avoiding and mitigating the potential risks of processing of personal data, and allow meaningful control by data subjects over the data processing and its effects.
Artificial intelligence developers, manufacturers and service providers should take a number of measures including:
· Assessing the possible adverse consequences of AI applications on human rights and taking risk prevention and mitigation measures
· Adopting a human rights by-design approach avoiding potential biases and the risk of discrimination
· Critically assessing the quality, nature, origin and amount of personal data used and reducing unnecessary, redundant or marginal data
· When developing AI applications, adequately considering the risk of adverse impacts on individuals and society due to de-contextualised data and algorithmic models
· Setting up and consulting independent committees of experts to contribute to detect potential bias, and holding consultations with groups of individuals potentially affected by AI applications
· Ensuring that all products and services be designed in a manner that ensures the right of individuals not to be subject to a decision significantly affecting them based only on automated processing, without being consulted first.
· Data subjects should be informed if they interact with an AI application
· The right to object should be ensured with regard to technologies that influence the opinion and personal development of individuals.
The guidelines also contain specific recommendations to policy makers and legislators including:
· Respect for the principle of accountability, the adoption of risk assessment procedures and other measures such as codes of conduct and certification mechanisms
· Public procurement procedures should impose on AI suppliers specific duties of transparency, prior assessment of impacts on human rights, and vigilance of possible adverse effects of AI applications
· The role of human intervention in decision-making processes and the freedom of human decision makers not to rely on recommendations provided by AI should be preserved
· Supervisory authorities should be consulted by AI developers, manufacturers and service providers when AI applications have the potential to significantly impact human rights of data subjects.
· Policy makers should invest resources in digital literacy and education to increase data subject’s awareness and understanding of AI applications and their effects.
