CIPL Project on Artificial Intelligence and Data Protection:
​Delivering Sustainable AI Accountability in Practice

Project Background
Significant advances in the analytical capacity of modern computers are increasingly challenging data protection laws and norms. Those advances are often described by the term “artificial intelligence” (or “AI”) a term that describes the broad goal of empowering “computer systems to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.”  This one term encompasses a variety of technical innovations, each of which may present distinct challenges to data protection tools. 

With this broad understanding of AI—encompassing, but not necessarily requiring big data, and extending from today’s smart machines to increasingly autonomous and nimble computers of the future—it is easy to see how data protection laws and norms might be challenged. The challenge, of course, is how to comply with these requirements when data are being used for unforeseen, unpredictable purposes, by advanced computational machines that are not always understood by their own programmers and will be increasingly programmed only by other computers. The challenges to data protection presented by AI are frequently remarked on, but usually addressed in policy settings only at a surface level. The result has been a fair amount of hand-wringing and assertions about the need to achieve the extraordinary advances AI makes possible while still complying with all applicable data protection laws. Often, this sounds like a call to do the impossible or face the threat of regulatory consequences. There is an urgent need for a more nuanced, detailed understanding, especially by regulators, of the opportunities presented by AI, and of potential challenges and practical ways of addressing them, in terms of both legal compliance and the ethical issues that AI may raise.  

Project Objectives
CIPL proposes a new project focusing on AI, its reliance on big data, and the evolution towards autonomous AI. The project will: 
  1. Describe clearly the wide range of technological innovations encompassed by “AI,” both today and in the foreseeable future, including examples of the ways in which they are being deployed in specific sectors and the benefits that result. This would include the continuing and intensive processing of innovation, the need for training data, and the ways in which AI is being used to facilitate privacy.
  2. Address in precise, specific terms the opportunities and challenges presented by these innovations to data protection laws and norms.
  3. Address in precise, specific terms the opportunities and challenges presented by these innovations to norms about the ethical use of personal data and other societal issues.
  4. Describe practical steps for addressing today’s challenges and those on the horizon, including best practices already in use by leading companies; efforts to create user-centric designs that facilitate trust, transparency, and control while also delivering a friction-less, enjoyable experience; innovative applications of existing legal concepts; the role of accountability; and proposals for new approaches.
  5. Provide a frank acknowledgment of issues that cannot be resolved within existing laws and regulations and of the limits of what we know about AI and its future.

Project Timeline
Phase 1: Develop white paper with CIPL members focusing on scope of AI Project.
  • March 28, 2018: AI Project Committee to review draft and provide further input (Washington, DC)
  • ​April 2018: First Discussion Draft of AI White Paper
  • June 27, 2018: Meeting of all interested members at CIPL Special Retreat with APPA Regulators (San Francisco)
  • October 23, 2018: Industry-only AI Roundtable on AI and Data Protection (Brussels)
  • October 23, 2018: Side Event to International Conference of Data Protection and Privacy Commissioners on the Concept of "Fairness" in Data Protection (Brussels)
  • October 29, 2018: CIPL White Paper (Part I) Completed
Phase 2: Discuss with regulators/policymakers; complete white paper (Part II). 
  • November 13, 2018: Discussion of AI white paper (Part I) at FTC Hearings on AI (Washington, DC)
  • November 16, 2018: CIPL/Singapore Personal Data Protection Commission (PDPC) Joint Interactive Working Session on Accountable and Responsible AI (Singapore)
  • February 28, 2019: Draft of detailed outline of issues and questions
  • March 12, 2019: Roundtable of European Regulators and Industry Participants (London)
  • June 27, 2019: Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI (Brussels)
  • July 18, 2019: Roundtable of Asian Regulators and Industry Participants on "Personal Data Protection Challenges and Solutions in AI" (Singapore)
  • September 18, 2019: Roundtable with UK Information Commissioner's Office (ICO) on AI Auditing Guidelines
  • End of Summer 2019: Discussion Draft of Second Report (Part II)
  • October 2019: Final Second Report (Part II)
Phase 3: Socializing the white paper with regulators/policymakers; identify topics for further development

Project White Papers and Consultation Responses

Project Workshops
CIPL/PDPC Joint Roundtable on "Personal Data Protection Challenges and Solutions in AI"
July 18, 2019
Singapore
CIPL Roundtable with EU Commission on High Level Expert Group Ethics Guidelines for Trustworthy AI
June 27, 2019
Brussels
CIPL Roundtable on Hard Data Protection Issue in AI
March 12, 2019
London ​​CIPL/Singapore Personal Data Protection Commission (PDPC) Working Session on Accountable and Responsible AI
November 16, 2018
Singapore
CIPL ICDPPC Side Event on the Concept of "Fairness" in Data Protection
October 23, 2018
Brussels
CIPL Industry-only Working Session on AI and Data Protection
October 23, 2018
Brussels
CIPL Accountable AI Workshop in the margins of 49th APPA Forum
June 27, 2018
San Francisco
CIPL Accountable AI Roundtable at Brussels Tech Summit
June 7, 2018
​Brussels
CIPL Working Group Meeting on "Artificial Intelligence and Data Protection: Delivering Sustainable AI Accountability in Practice"
March 28, 2018
Washington, DC