CIPL Project on Artificial Intelligence and Data Protection:
​Delivering Sustainable AI Accountability in Practice

Project Background

Significant advances in the analytical capacity of modern computers are increasingly challenging data protection laws and norms. Those advances are often described by the term “artificial intelligence” (or “AI”) a term that describes the broad goal of empowering “computer systems to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”  This one term encompasses a variety of technical innovations, each of which may present distinct challenges to data protection tools. 

With this broad understanding of AI—encompassing, but not necessarily requiring big data, and extending from today’s smart machines to increasingly autonomous and nimble computers of the future—it is easy to see how data protection laws and norms might be challenged. The challenge, of course, is how to comply with these requirements when data are being used for unforeseen, unpredictable purposes, by advanced computational machines that are not always understood by their own programmers and will be increasingly programmed only by other computers. The challenges to data protection presented by AI are frequently remarked on, but usually addressed in policy settings only at a surface level. The result has been a fair amount of hand-wringing and assertions about the need to achieve the extraordinary advances AI makes possible while still complying with all applicable data protection laws. Often, this sounds like a call to do the impossible or face the threat of regulatory consequences. There is an urgent need for a more nuanced, detailed understanding, especially by regulators, of the opportunities presented by AI, and of potential challenges and practical ways of addressing them, in terms of both legal compliance and the ethical issues that AI may raise.  

• Download the AI Project Description and Work Plan

---

Project Objectives

CIPL proposes a new project focusing on AI, its reliance on big data, and the evolution towards autonomous AI. The project will: 

1. Describe clearly the wide range of technological innovations encompassed by “AI,” both today and in the foreseeable future, including examples of the ways in which they are being deployed in specific sectors and the benefits that result. This would include the continuing and intensive processing of innovation, the need for training data, and the ways in which AI is being used to facilitate privacy.
2. Address in precise, specific terms the opportunities and challenges presented by these innovations to data protection laws and norms.
3. Address in precise, specific terms the opportunities and challenges presented by these innovations to norms about the ethical use of personal data and other societal issues.
4. Describe practical steps for addressing today’s challenges and those on the horizon, including best practices already in use by leading companies; efforts to create user-centric designs that facilitate trust, transparency, and control while also delivering a friction-less, enjoyable experience; innovative applications of existing legal concepts; the role of accountability; and proposals for new approaches.
5. Provide a frank acknowledgment of issues that cannot be resolved within existing laws and regulations and of the limits of what we know about AI and its future.

---

Project Timeline

Phase 1: Develop white paper with CIPL members focusing on scope of AI Project.

• March 28, 2018: AI Project Committee to review draft and provide further input (Washington, DC)
• ​April 2018: First Discussion Draft of AI White Paper
• June 27, 2018: Meeting of all interested members at CIPL Special Retreat with APPA Regulators (San Francisco)
• October 23, 2018: Industry-only AI Roundtable on AI and Data Protection (Brussels)
• October 23, 2018: Side Event to International Conference of Data Protection and Privacy Commissioners on the Concept of "Fairness" in Data Protection (Brussels)
• October 29, 2018: CIPL White Paper (Part I) Completed

Phase 2: Discuss with regulators/policymakers; complete white paper (Part II). 

• November 13, 2018: Discussion of AI white paper (Part I) at FTC Hearings on AI (Washington, DC)
• November 16, 2018: CIPL/Singapore Personal Data Protection Commission (PDPC) Joint Interactive Working Session on Accountable and Responsible AI (Singapore)
• February 28, 2019: Draft of detailed outline of issues and questions
• March 12, 2019: Roundtable of European Regulators and Industry Participants (London)
• June 27, 2019: Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI (Brussels)
• July 18, 2019: Roundtable of Asian Regulators and Industry Participants on "Personal Data Protection Challenges and Solutions in AI" (Singapore)
• September 18, 2019: Roundtable with UK Information Commissioner's Office (ICO) on AI Auditing Guidelines (London)
• October 11, 2019: Discussion Draft of Second Report (Part II)
• Mid-November 2019: Final Second Report (Part II)

Phase 3: Socializing the white paper with regulators/policymakers; identify topics for further development

CIPL Accountable AI Mapping Project

Building upon the success of CIPL’s 2020 Organizational Accountability Mapping project, we are excited to announce we are now launching a new Accountable AI Mapping project to identify best practices that illustrate privacy accountability of CIPL member companies in the context of implementing and adopting AI within the organization and developing AI for use by external stakeholders.

The project will build upon CIPL’s flagship reports on AI and its engagement on various legislative and regulatory AI initiatives to date, including the EU Commission’s Draft AI Act, the UK ICO’s AI Toolkit, Brazil’s proposals to regulate AI and Canada’s proposed AI and Data Act to build global consensus on the meaning of AI accountability and to showcase the measures organizations have taken to translate this into reality.

Click here to download the Accountable AI Project Work Plan. 

---

AI White Papers and Consultation Responses

CIPL AI Third Report - Building Accountable AI Programs: Mapping Emerging Best Practices to the CIPL Accountability Framework
February 21, 2024

• ​Korean Translation

​CIPL White Paper - 10 Recommendations for Global AI Regulation
October 4, 2023

• ​Infographic

CIPL Response to UK DCMS Proposed Approach to Regulating AI
September 23, 2022
​
CIPL Response to the EU Commission's Consultation on the Draft AI Act
July 29, 2021

CIPL Recommendations on Adopting a Risk-Based Approach to Regulating AI in the EU
March 22, 2021

CIPL Response to the EU Commission's AI White Paper
June 11, 2020

• Infographic for CIPL Response to the EU Commission's AI White Paper
• Summary of CIPL's Recommendations (November 3, 2020)

CIPL/Hunton Andrews Kurth White Paper - How the GDPR Regulates AI
March 12, 2020

CIPL AI Second Report - Hard Issues and Practical Solutions
February 27, 2020

• Portuguese version

CIPL AI First Report - Artificial Intelligence and Data Protection in Tension
October 29, 2018

CIPL Response to ICDPPC Declaration on Ethics and Data Protection in Tension
​January 25, 2019

---

CIPL AI Events

CIPL Working Group Meeting on "Artificial Intelligence and Data Protection: Delivering Sustainable AI Accountability in Practice"
March 28, 2018
Washington, DC

• Working Session Agenda

CIPL Accountable AI Roundtable at Brussels Tech Summit
June 7, 2018
​Brussels

• Roundtable Agenda
• Roundtable Slide Deck

CIPL Accountable AI Workshop in the margins of 49th APPA Forum
June 27, 2018
San Francisco

• Workshop Agenda
• Workshop Slide Deck

CIPL Industry-only Working Session on AI and Data Protection
October 23, 2018
Brussels

• Working Session Agenda

CIPL ICDPPC Side Event on the Concept of "Fairness" in Data Protection
October 23, 2018
Brussels

• Side Event Agenda

​​CIPL/Singapore Personal Data Protection Commission (PDPC) Working Session on Accountable and Responsible AI
November 16, 2018
Singapore

• Working Session Agenda
• Working Session Slide Deck

CIPL Roundtable on Hard Data Protection Issues in AI
March 12, 2019
London

• Outline of Issues

CIPL/New York Privacy Officers Forum (NYPOF) Meeting on “The Future of AI: How Artificial Intelligence is Upending the World of Data Protection”
June 13, 2019
New York City

CIPL Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI
June 27, 2019
Brussels

• ​Roundtable Agenda
• Roundtable Slide Deck

CIPL/PDPC Joint Roundtable on "Personal Data Protection Challenges and Solutions in AI"
July 18, 2019
Singapore

• Roundtable Agenda

CIPL/ UK Information Commissioner's Office (ICO) Roundtable on the ICO's AI Auditing Framework
September 18, 2019
London

• Roundtable Agenda
• Roundtable Slide Deck

CIPL /TTC Labs Joint Design Jam
December 3, 2019
Cebu

• Design Jam Agenda

AI-Related Speaking Engagements

CIPL Senior Policy Advisor and Indiana University Professor Fred Cate spoke on behalf of CIPL on “Consumer Protection Implications of Algorithms, AI and Predictive Analytics” at the US Federal Trade Commission’s hearings
November 13, 2018
Washington, DC
 
CIPL Vice President & Senior Policy Counselor Markus Heyder led a discussion on "Regulatory Approaches to the Challenges of AI" at the 50th Asia-Pacific Privacy Authorities (APPA) Forum
December 4, 2018
Wellington

CIPL’s Director of Privacy Policy Nathalie Laneret spoke at Impact AI’s Roundtable
January 25, 2019
Paris

CIPL’s Director of Privacy Policy Nathalie Laneret spoke on "Privacy in the Era of Intelligent Machines - Designing AI Solutions that Protect People's Privacy and Data" at the 2019 GSMA Mobile World Congress
February 27, 2019
Barcelona
 
CIPL’s Director of Privacy Policy Nathalie Laneret spoke at POLITICO's 2019 AI Summit
March 19, 2019
Brussels
 
CIPL President Bojana Bellamy spoke at a panel on “When Digital Becomes Human” at the 2019 Teleperformance Leadership Insights Forum
March 29, 2019
Barcelona