A couple of new documents provide ideas on how to think about ethics when we deploy Artificial Intelligence. First is an article by Linda Thornton for EDUCAUSE, on Artificial Intelligence and Ethical Accountability. This looks at who should be thinking ethically, finding responsibilities for programmers, managers, marketers, salespeople and organisations that implement AI. Since this […]
Tag: Data Protection Regulation
Posts related to the General Data Protection Regulation. There are a lot of these, so if you want to find out how GDPR affects a particular topic, it’s better to use the topic tag; if you want to know about implementing GDPR, then try “GDPR Howto”
Incident Detection and GDPR
Great to have my paper – “Processing Data to Protect Data: Resolving the Breach Detection Paradox” – published by ScriptEd. Everything you always wanted to know about logfiles and the GDPR: Why Data Protection requires breach detection; What’s the GDPR “Purpose” of breach detection; What’s “Necessary”, when it comes to breach detection; What Safeguards are […]
Schrems II: SCCs plus… what?
The recent Schrems II decision on Standard Contractual Clauses found that, in some situations, data exporters and importers might need to agree additional measures beyond just relying on SCCs. While we’re waiting for the Information Commissioner and EDPB to give more detailed advice on which situations and which measures, here are some themes I’ve spotted […]
[UPDATE 27/7/20: the ICO has now published a statement on the decision] On July 16th 2020, the European Court of Justice made its long-awaited decision in the case of Data Protection Commissioner [Ireland] v Facebook Ireland Ltd and Maximillian Schrems, generally known as “Schrems II”. This concerned two of the GDPR’s mechanisms for transferring personal […]
AI: Don’t Stare
An interesting virtual water-cooler discussion with colleagues who are exploring the potential of AI as a Service. They tested a selection of easily available cloud face-processing systems on a recording of one of our internal Zoom meetings, and were startled by the results. Face identification wasn’t a surprise: everyone who has changed the background on […]
IDPro Body of Knowledge
I was delighted to be invited to contribute an article to IDPro’s Body of Knowledge for professionals working in the field of digital identity. Mine is (of course) on how the GDPR applies to identity management. But as well as standards and regulation the collection is steadily expanding to cover things like privacy for consumers, […]
WONKHE has published my article on the need to be careful in introducing, and withdrawing, with any post-virus data processing (the absolute sub-head isn’t mine!) Maintaining trust in university data handling
Consent/Ethics? There’s more…
As data protection regulators keep reminding us, the research and data protection communities mean different things when they talk about “consent”. A couple of recent conversations have made me wonder whether that terminology clash may have another effect: are those putting research into practice missing out on existing guidance that could help with that transition? […]
COVID-19 Cyber Threat Coalition and GDPR
[Notes: This isn’t legal advice, but I hope it will reassure anyone considering supporting the COVID-19 Cyber Threat Coalition that the data protection risks should be very low; This only covers the use of data for defending systems, networks, data and users; use for offense, including attribution and evidence, is covered by separate legislation, which […]
AI and Ethics: GDPR and beyond
The EU High-Level Expert Group’s (HLEG) Ethics Guidelines for Trustworthy AI contain four principles and, derived from them, seven requirements for AI systems. The Guidelines do not discuss the need for AI to be lawful, but the expansion of Data Protection law beyond just privacy into areas formerly considered part of Ethics means that much […]