CIPL Project on Artificial Intelligence and Data Protection:
​Delivering Sustainable AI Accountability in Practice

Project Background
Significant advances in the analytical capacity of modern computers are increasingly challenging data protection laws and norms. Those advances are often described by the term “artificial intelligence” (or “AI”) a term that describes the broad goal of empowering “computer systems to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”  This one term encompasses a variety of technical innovations, each of which may present distinct challenges to data protection tools. 

With this broad understanding of AI—encompassing, but not necessarily requiring big data, and extending from today’s smart machines to increasingly autonomous and nimble computers of the future—it is easy to see how data protection laws and norms might be challenged. The challenge, of course, is how to comply with these requirements when data are being used for unforeseen, unpredictable purposes, by advanced computational machines that are not always understood by their own programmers and will be increasingly programmed only by other computers. The challenges to data protection presented by AI are frequently remarked on, but usually addressed in policy settings only at a surface level. The result has been a fair amount of hand-wringing and assertions about the need to achieve the extraordinary advances AI makes possible while still complying with all applicable data protection laws. Often, this sounds like a call to do the impossible or face the threat of regulatory consequences. There is an urgent need for a more nuanced, detailed understanding, especially by regulators, of the opportunities presented by AI, and of potential challenges and practical ways of addressing them, in terms of both legal compliance and the ethical issues that AI may raise.  

Project Objectives
CIPL proposes a new project focusing on AI, its reliance on big data, and the evolution towards autonomous AI. The project will: 
  1. Describe clearly the wide range of technological innovations encompassed by “AI,” both today and in the foreseeable future, including examples of the ways in which they are being deployed in specific sectors and the benefits that result. This would include the continuing and intensive processing of innovation, the need for training data, and the ways in which AI is being used to facilitate privacy.
  2. Address in precise, specific terms the opportunities and challenges presented by these innovations to data protection laws and norms.
  3. Address in precise, specific terms the opportunities and challenges presented by these innovations to norms about the ethical use of personal data and other societal issues.
  4. Describe practical steps for addressing today’s challenges and those on the horizon, including best practices already in use by leading companies; efforts to create user-centric designs that facilitate trust, transparency, and control while also delivering a friction-less, enjoyable experience; innovative applications of existing legal concepts; the role of accountability; and proposals for new approaches.
  5. Provide a frank acknowledgment of issues that cannot be resolved within existing laws and regulations and of the limits of what we know about AI and its future.

Project Timeline
Phase 1: Develop white paper with CIPL members focusing on scope of AI Project.
  • March 28, 2018: AI Project Committee to review draft and provide further input (Washington, DC)
  • ​April 2018: First Discussion Draft of AI White Paper
  • June 27, 2018: Meeting of all interested members at CIPL Special Retreat with APPA Regulators (San Francisco)
  • October 23, 2018: Industry-only AI Roundtable on AI and Data Protection (Brussels)
  • October 23, 2018: Side Event to International Conference of Data Protection and Privacy Commissioners on the Concept of "Fairness" in Data Protection (Brussels)
  • October 29, 2018: CIPL White Paper (Part I) Completed
Phase 2: Discuss with regulators/policymakers; complete white paper (Part II). 
  • November 13, 2018: Discussion of AI white paper (Part I) at FTC Hearings on AI (Washington, DC)
  • November 16, 2018: CIPL/Singapore Personal Data Protection Commission (PDPC) Joint Interactive Working Session on Accountable and Responsible AI (Singapore)
  • February 28, 2019: Draft of detailed outline of issues and questions
  • March 12, 2019: Roundtable of European Regulators and Industry Participants (London)
  • June 27, 2019: Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI (Brussels)
  • July 18, 2019: Roundtable of Asian Regulators and Industry Participants on "Personal Data Protection Challenges and Solutions in AI" (Singapore)
  • September 18, 2019: Roundtable with UK Information Commissioner's Office (ICO) on AI Auditing Guidelines (London)
  • October 11, 2019: Discussion Draft of Second Report (Part II)
  • Mid-November 2019: Final Second Report (Part II)
Phase 3: Socializing the white paper with regulators/policymakers; identify topics for further development

Project White Papers and Consultation Responses
CIPL/Hunton Andrews Kurth Legal Note - How the GDPR Regulates AI
March 12, 2020

CIPL AI Second Report - Hard Issues and Practical Solutions
February 27, 2020

CIPL AI First Report - Artificial Intelligence and Data Protection in Tension
October 29, 2018

CIPL Response to ICDPPC Declaration on Ethics and Data Protection in Tension
January 25, 2019

Project Events
CIPL Working Group Meeting on "Artificial Intelligence and Data Protection: Delivering Sustainable AI Accountability in Practice"
March 28, 2018
Washington, DC
CIPL Accountable AI Roundtable at Brussels Tech Summit
June 7, 2018
​Brussels
CIPL Accountable AI Workshop in the margins of 49th APPA Forum
June 27, 2018
San Francisco
CIPL Industry-only Working Session on AI and Data Protection
October 23, 2018
Brussels
CIPL ICDPPC Side Event on the Concept of "Fairness" in Data Protection
October 23, 2018
Brussels
​​CIPL/Singapore Personal Data Protection Commission (PDPC) Working Session on Accountable and Responsible AI
November 16, 2018
Singapore
CIPL Roundtable on Hard Data Protection Issues in AI
March 12, 2019
London
CIPL/New York Privacy Officers Forum (NYPOF) Meeting on “The Future of AI: How Artificial Intelligence is Upending the World of Data Protection”
June 13, 2019
New York City

CIPL Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI
June 27, 2019
Brussels
CIPL/PDPC Joint Roundtable on "Personal Data Protection Challenges and Solutions in AI"
July 18, 2019
Singapore
CIPL/ UK Information Commissioner's Office (ICO) Roundtable on the ICO's AI Auditing Framework
September 18, 2019
London

AI-Related Speaking Engagements
CIPL Senior Policy Advisor and Indiana University Professor Fred Cate spoke on behalf of CIPL on “Consumer Protection Implications of Algorithms, AI and Predictive Analytics” at the US Federal Trade Commission’s hearings
November 13, 2018
Washington, DC
 
CIPL Vice President & Senior Policy Counselor Markus Heyder led a discussion on "Regulatory Approaches to the Challenges of AI" at the 50th Asia-Pacific Privacy Authorities (APPA) Forum
December 4, 2018
Wellington

CIPL’s Director of Privacy Policy Nathalie Laneret spoke at Impact AI’s Roundtable
January 25, 2019
Paris

CIPL’s Director of Privacy Policy Nathalie Laneret spoke on "Privacy in the Era of Intelligent Machines - Designing AI Solutions that Protect People's Privacy and Data" at the 2019 GSMA Mobile World Congress
February 27, 2019
Barcelona
 
CIPL’s Director of Privacy Policy Nathalie Laneret spoke at POLITICO's 2019 AI Summit
March 19, 2019
Brussels
 
CIPL President Bojana Bellamy spoke at a panel on “When Digital Becomes Human” at the 2019 Teleperformance Leadership Insights Forum
March 29, 2019
Barcelona