CIPL Project on Artificial Intelligence and Data Protection:
​Delivering Sustainable AI Accountability in Practice

Project Background
Significant advances in the analytical capacity of modern computers are increasingly challenging data protection laws and norms. Those advances are often described by the term “artificial intelligence” (or “AI”) a term that describes the broad goal of empowering “computer systems to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”  This one term encompasses a variety of technical innovations, each of which may present distinct challenges to data protection tools. 

With this broad understanding of AI—encompassing, but not necessarily requiring big data, and extending from today’s smart machines to increasingly autonomous and nimble computers of the future—it is easy to see how data protection laws and norms might be challenged. The challenge, of course, is how to comply with these requirements when data are being used for unforeseen, unpredictable purposes, by advanced computational machines that are not always understood by their own programmers and will be increasingly programmed only by other computers. The challenges to data protection presented by AI are frequently remarked on, but usually addressed in policy settings only at a surface level. The result has been a fair amount of hand-wringing and assertions about the need to achieve the extraordinary advances AI makes possible while still complying with all applicable data protection laws. Often, this sounds like a call to do the impossible or face the threat of regulatory consequences. There is an urgent need for a more nuanced, detailed understanding, especially by regulators, of the opportunities presented by AI, and of potential challenges and practical ways of addressing them, in terms of both legal compliance and the ethical issues that AI may raise.  

Project Objectives
CIPL proposes a new project focusing on AI, its reliance on big data, and the evolution towards autonomous AI. The project will: 
  1. Describe clearly the wide range of technological innovations encompassed by “AI,” both today and in the foreseeable future, including examples of the ways in which they are being deployed in specific sectors and the benefits that result. This would include the continuing and intensive processing of innovation, the need for training data, and the ways in which AI is being used to facilitate privacy.
  2. Address in precise, specific terms the opportunities and challenges presented by these innovations to data protection laws and norms.
  3. Address in precise, specific terms the opportunities and challenges presented by these innovations to norms about the ethical use of personal data and other societal issues.
  4. Describe practical steps for addressing today’s challenges and those on the horizon, including best practices already in use by leading companies; efforts to create user-centric designs that facilitate trust, transparency, and control while also delivering a friction-less, enjoyable experience; innovative applications of existing legal concepts; the role of accountability; and proposals for new approaches.
  5. Provide a frank acknowledgment of issues that cannot be resolved within existing laws and regulations and of the limits of what we know about AI and its future.

Project Timeline
Phase 1: Develop white paper with CIPL members focusing on scope of AI Project.
  • March 28, 2018: AI Project Committee to review draft and provide further input (Washington, DC)
  • ​April 2018: First Discussion Draft of AI White Paper
  • June 2018: White Paper (Part I) Completed
  • June 27, 2018: Meeting of all interested members at CIPL Special Retreat with APPA Regulators (San Francisco)
Phase 2: Discuss with regulators/policymakers; complete white paper (Part II). 
  • September - October 2018: Small group meetings with key regulators (e.g. DC, London, Europe)
  • October 2018: Side Event to International Conference of Data Protection and Privacy Commissioners (Brussels)
  • November 16, 2018: CIPL AI workshop (Singapore)
  • December/January: White Paper (Part II) completed
Phase 3: Socializing the white paper with regulators/policymakers; identify topics for further development

Project White Papers and Consultation Responses

Project Workshops
​CIPL/Singapore Personal Data Protection Commission (PDPC) Working Session on Accountable and Responsible AI
16 November 2018
Singapore
CIPL/Singapore Personal Data Protection Commission (PDPC) Workshop on "Roles of Certifications in Personal Data Protection"
15 November 2018
Singapore
CIPL Accountable AI Workshop in the margins of 49th APPA Forum
27 June 2018
San Francisco
CIPL Accountable AI Roundtable at Brussels Tech Summit
7 June 2018
​Brussels
CIPL Working Group Meeting on "Artificial Intelligence and Data Protection: Delivering Sustainable AI Accountability in Practice"
March 28, 2018
Washington, DC