Categories
Articles

Draft AI Regulation: thinking about risks

The European Commission has just published its draft Regulation on Artificial Intelligence (AI). While there’s no obligation for UK law to follow suit, the Regulation provides a helpful guide to risk from different applications of AI, and the sort of controls that might be required. What “AI” is covered? According to Article 3(1) [with sub-clauses […]

Categories
Articles

Information Sharing: Failing Smarter

Over the past twenty years, I’ve seen a lot of attempts to start information sharing schemes. And a lot of those have failed, some very slowly, despite huge amounts of effort. I wondered if there pointers that could be used, early on, to try to spot those. Story First, what is the story? If you […]

Categories
Articles

An (organisational) framework for ethical AI

One striking aspect of the new Ethical Framework for AI in Education is how little of it is actually about AI technology. The Framework has nine objectives and 33 criteria: 18 of these apply to the ‘pre-procurement’ stage, and another five to ‘monitoring and evaluation’. That’s a refreshing change from the usual technology-led discussions in […]

Categories
Articles

Audience Measurement

To improve websites and other online services, measuring how they are used is a key tool. However the law on measuring visitors to websites is a mess. Nine years ago, when reviewing the types of cookies that do not need consent, the Article 29 Working Party of data protection regulators concluded that requiring consent when […]

Categories
Presentations

Towards Ethical AI

My Digifest talk yesterday developed a couple of ideas on how we might move Towards Ethical AI, at least as that is defined by the EU High-Level Experts Group. First is that three of the HLEG’s four Principles, and at least five of their seven Requirements, look strikingly similar to the requirements when processing personal […]

Categories
Articles

Where is “AI ethics”?

One of the trickiest questions I’m being asked at the moment is about “the ethics of Artificial Intelligence”. Not, I think, because it is necessarily a hard question, but because it’s so ill-defined. Indeed a couple of discussions at Digifest yesterday made me wonder whether it’s the simply the wrong question to start with. First, […]

Categories
Articles

Learning in (and from) the pandemic

Priya Lakhani’s Digifest keynote was titled “How COVID-19 has catalysed edtech adoption” but actually ranged much more widely. What has the pandemic shown us about the role of technology in education and, indeed, how does that relate to education’s role in future society. One obvious result of the pandemic is that we have (nearly) all […]

Categories
Articles

Draft NIS2 Directive: security teams “should” be collaborating

Anyone who works with flows, logs and other sources of information to protect network and information security should already be familiar with Recital 49 of the GDPR, where European legislators explained why that was (subject to a risk-based design) a good thing. Now the European Commission has published its draft of the replacement Network and […]

Categories
Presentations

Data Protection and Incident Response

Recently I was invited to give a one-hour presentation on Data Protection and Incident Response, looking at how the demands of the two fields align and support each other, and how law and guidance have come to recognise that over the past decade or so. I finished with some thoughts on areas – data collection […]

Categories
Articles

Data Breach Shanty

To celebrate my 500th blog post, here’s another sea shanty: What shall we do with the stolen data? What shall we do with the stolen data? What shall we do with the stolen data? Early in the morning. Way-hey the fines are rising Way-hey the fines are rising Way-hey the fines are rising Early in […]