Category Archives: Abrams

Martin Abrams’ Remarks — 39th International Conference of Data Protection and Privacy Commissioners

My thanks to the International Conference of Data Protection and Privacy Commissioners and to our colleagues at the Hong Kong Commission for this opportunity to discuss data ethics.

I would also like to dedicate this session to Joe Alhadeff who recently passed after a long battle with cancer. Joe was a wise friend to us all. He is sadly missed, particularly this week as we debate today’s complex data protection issues.

Since the first conference 39 years ago, we have seen many disruptive technologies force us to think through how we apply the core values of data protection and yield a better world through data driven innovation. Those disruptive technologies have come faster and have us reaching well beyond simple compliance with legal check lists.

Companies that use data robustly have begun to understand that compliance alone is not enough. The Software and Information Industry Association recently issued ethical principles for big data and artificial intelligence. Numerous professional organizations are also offering guidance.

Regulators are also looking beyond the letter of the law to find ways to facilitate the full range of human interests. The European Data Protection Supervisor ethics initiative is just one example.

However, a question remains about how to bring the journey by ethical businesses and regulators together and how to join civil society.

New and future laws require us to bring values to play, and values mean ethics.

Next year’s conference will focus on ethics and dignity. With that in mind, this session is designed to trigger a yearlong conversation. It is entitled “Artificial Intelligence and Ethics by Design.”

What does this topic even mean? As a discussion starter, the Information Accountability Foundation published a paper and supporting documents last week.

So first, why ethics? I think the answer is that, with today’s and tomorrow’s increasingly complex ways that data will used, the law alone as a definer of fair processing is not sufficient. Next, what is the evidence supporting that answer? The evidence is the reliance of the new generation of data protection laws on risk, assessments and defendable fairness.

So, what do we mean by ethics? One definition is shared societal values that are often unspoken. As a company, how does one design in what is often unspoken? And as I think about societal, there are regulatory officials from every continent and sub region here. Which region’s values do we incorporate? Is it societal harmony from east Asia? Or consequentialism from Europe? Or a sense of duty no matter the consequences?

I lead The Information Accountability Foundation. Just as a carpenter first looks for a nail, as an accountability foundation, we start with accountability. When starting with accountability, we ask what is new about AI? Some have described AI as putting a computer to solve a problem that we do not yet understand how to solve. Computers will ping at a problem, trial and error, until relentlessly the problem is solved. Computers do not get bored. They do not get discouraged. They just try until they meet a stated objective.

Furthermore, AI when applied can makes decisions for people rather than suggesting the decisions that should be made. Collision avoidance braking was once an AI experiment. It is now the way new cars work. Increasingly we will want more technology to simply take care of things. Unlike previous disruptive technologies, with these technologies there is less opportunity for human intervention at the point of decision. This is a good thing; but how do we provide an assurance of fairness when how things work will be less obvious?

We begin with how do we build values into AI design objectives and which values might they be? Accountability requires data stewardship. To make accountability work, we believe stewardship needs an upgrade. It needs to be enhanced for this world where machines make decisions for people. We call the new level of stewardship stakeholder-focused stewardship. It requires organizations to be open about their values and how those values will be applied. It also requires companies to understand the stakeholders impacted by AI and how they will balance the interests of the various stakeholders (at least co-equal to its own interests).

But every new governance structure requires guidance. So, we have enhanced the essential elements of accountability. The 2009 essential elements of accountability informed efforts in Hong Kong, Colombia, Canada and Europe to define accountability expectations for processing that is impactful on people. These new essential elements recognize that the custodian nature of the 2009 document is not sufficient for a world where smart cars, smart health hubs, and other smart devices make decisions that must serve a broader group of stakeholders.
And the new essential elements recognize that this broader group of stakeholders are many and diverse. Stakeholder analysis must be thoughtful and agile. There are times when the interests of a single individual trumps all other stakeholders, and there are times when societal interests have greater dominance.

And lastly, organizations need to self-declare their values. If values are defined by law makers, they are laws. If they are defined by regulators, they are regulations. Organizations, by self-declaring their values, are making themselves accountable for their execution. And execution is actionable by people and regulators.

We have stewardship, values, and direction. How does a company get from high level guiding principles to objectives that can be part of a code? The package we released has a road map for cascading from values to ethics by design. The package we released includes a model worksheet. The entire package is intended to be a discussion starter.

Accountability Does Work

143,000,000 people were the victims of a recent data breach when their data was stolen from Equifax, a company that has an obligation to keep their data safe. Data security is tough. The bad guys only need to be successful once, while companies need to win every time. However, from the perspective of many consumers,… Continue Reading

IAF Releases Ethical Guidance for Artificial Intelligence at Commissioners’ Conference

The terms ethics and ethical data processing are in vogue. With the rapid growth of innovative data-driven technologies and the application of these innovations to areas that can have a material impact on people’s daily lives, enhanced corporate governance focused on ethical objectives is needed. Particularly where data enabled decisions are made without the intervention… Continue Reading

A Data Protection Risk Assessment Is About Ethics – Join IAF Webinar

A Data Protection Risk Assessment Is About Ethics —- Join IAF Webinar Webinar September 6, 2017 We have never read a privacy or data protection law that requires controllers be ethical. Yet implicitly new laws are driving expectations that organizations using data robustly do so in an ethical fashion. What does that mean? The European… Continue Reading

Latin American Data Export Governance

Data flows are global, but privacy laws are local. I first uttered that statement in the last century during initial discussions on whether the United States had adequate privacy protection as defined by the 1995 European Union Data Protection Directive. At the time, I argued that privacy protections in the United States were a mosaic… Continue Reading

Europe Sets the Standard – Other Regions Follow

Europe Sets the Standard – Other Regions Follow The Ibero-American Data Protection Network (“network”) adopted “Standards for Personal Data Protection for Ibero-American States“ (“SPDP”) on June 20, 2017 at its meeting in Santiago, Chile, with the official English translation now available. Most data protection experts have predicted that the adequacy provisions of the European General… Continue Reading

The Colombia Congress Matters

There seems to be a privacy conference every week in the United States or Europe. However, privacy training and policy development in Latin America is not nearly as well developed as that in the United States and Europe. Latin America has one annual conference that is clearly considered the conference of conferences. It is organized… Continue Reading

We lost A True Mensch – Joe May You Rest In Peace

This weekend Joe Alhadeff passed away after a long bout with cancer. Joe is a founder of the Information Accountability Foundation, just one of a number of organizations that he saw as providing solutions to an increasing complex set of eco-systems.  He has been a colleague of mine for well over a decade.  He was… Continue Reading

Assessments are the Hub of a Forward-Looking Data Protection Program

The term assessments appear a great deal in IAF work. We have written about comprehensive data impact assessments, ethical assessments, digital marketing assessments, Canadian assessments and legitimate interests assessments. All these references are part of the same theme; a family of comprehensive assessments of how data is used and how it impacts individuals is necessary… Continue Reading

AI Without Data is Artificial Ignorance

Many years ago, I attended a seminar in Prague on the state of credit scoring in numerous locations in what had been Soviet Europe.  I was taken aback by the stretch to find any data that would facilitate the growth of consumer markets through credit.  This followed a session on credit scoring at the International… Continue Reading