During this past week we celebrated Data Privacy Day. As we usually do, Privacy Ref offered a free two hour presentation to introduce privacy to anyone interested. With over a hundred attendees, there were some great questions. One that was of particular interest was surrounding emerging topics for privacy. I answered that right now, it seems that everything in tech is moving toward AI, or artificial intelligence.
At a very high level, AI is a system whereby a computer or program can adapt over time by adjusting behaviors to provide the desired outcome. In some cases this is delivering a better product or more accurate search results. For privacy professionals, the big question is how does the AI make decisions. It is important to remember that when we discuss “processing” of information, we mean anything that is done with personal information, an AI making a decision included.
We want, as the privacy team, to understand what information is used by the AI to accomplish the stated goal. Let’s use an example of an AI trying to provide the best possible search results. Obviously, the AI is getting search queries and returning results. It may also receive manual feedback akin to a survey asking “is this what you were looking for?” The important thing here, is that we could, in theory, do all of this with zero personal information. I only need searches and results and surveys that are anonymous. As there is no personal info, we are all set to move forward, but what happens when personal information gets involved?
Looking at a different use of personal information involving AI could be serving ads to a particular person. Even if we assign a unique, pseudonymized ID to this person, it is still personal information because it can be related back to that specific individual. Again, as a privacy office, we are worried about what information is used. Some data, such as general location such as a state or region of a country may not be particularly sensitive. However, product preferences may reveal additional information about a person. Think about the example of a teenager shopping for specific products at Target led to them receiving ads after their purchases revealed that they may be pregnant. They were, and Target knew before the girl’s parents. Another example is that information might reveal a religious affiliation or gender identity. Whatever information is processed should be considered to determine what outcomes or inferences may be made based on collected data.
Whatever information is collected, it must be processed in a fair and legal way, but transparency is important as well. Your privacy notice will need to be updated to reflect this type of processing. You may also have to adjust internal policies to limit who can use AI and when it may be used. Finally, take time to consider how you would feel if your information was processed that way. If it feels creepy or invasive to you, then do not do that to someone else.
Artificial Intelligence seems to have a lot of downsides and that a great burden is placed on an organization to even begin using AI. This can be true, but the benefits are readily apparent. So why use A.I.? First, A.I. can process thousands, if not millions, of pieces of data in the time a human could. This rapid analysis is going to allow for some activities to work appropriately. You can also scale in order to handle larger data sets or customer bases. A.I. is also going to enable adaptive processing. As trends change for some processes, such as an algorithm for a search engine, to more readily provide newer, up-to-date information for users.
In all, the use of artificial intelligence is going to result in new requirements for your business, but will enable more efficient or effective use of personal information. Be transparent about the processing you use A.I. in and be sure to protect the information and you can take advantage of this emerging technology.