In my previous article (Part 1) I outlined how new technologies such as smartphones, smartwatches, and other smart devices capture data about us and, with or without or knowledge, share this personal data with a myriad of different entities. This personal data is often times accumulated and compiled from various sources and analysed by very sophisticated Artificial Intelligence and machine learning systems in an effort to make specific decisions about us. I concluded that article with the question:
“How is personal data that is derived and created from the assimilation and analysis using methods like machine learning treated by proposed legislation and what will the effects be for all of us and the associated technologies?”.
I thought this was an important scenario to interrogate because of the growing use of Artificial Intelligence (AI) and Machine Learning (ML) technologies, and what it means for our personal data and the privacy of our data.
For the first time the Government of Jamaica is seeking to promulgate legislation in the form of the Data Protection Act that will give the citizen full rights over their personal data. This is important in the highly technology driven digital age, and even more so when creating the foundations of a digital society.
I want to focus on four (4) of the many rights ascribed to citizen in the proposed legislation. You will have the right to be:
- informed by the data controller whether your data is being processed by or on behalf of the data controller
- informed as to what data is being processed
- provided the information being process on request in an intelligible form
- informed of the logic involved in a decision, where the processing is by automatic means for the purpose of evaluating matters relating to you
The Conundrum takes shape
While these provisions may seem obvious and rudimentary if you were to apply these provisions to data being accumulated and analysed by AI systems, things start to become a little complicated, Why? AI and ML systems are designed to function in such a way that as they process more and more information they evolve and get smarter. In the process the decisions they make at any given time are a far cry from what they were originally created to do. If you apply this reality to the provisions I highlighted above a very interesting situation emerges which leads to even more interesting questions.
- Who really is processing your data, is it a system with rules defined by humans or a system with rules that are constantly changing and defined by a machine?
- Will we be able to ever know which data is actually being processed?
- How will the “logic” involved in the decision arrived at using AI or ML systems be provided if the initial rules (created by human programmers) have now evolved beyond what humans may be able to decipher or comprehend?
Here lies the conundrum that exists in a world where AI and ML meets your right to have control over your personal data. It is commonly thought that if separate unrelated data is stored on a multiplicity of different platforms that are not directly connected to each other then this information could be viewed as relatively innocuous. This could not be further from the truth. The fact is that most of the internet-based systems, services and platforms that we willingly provide “harmless” information to are connected in one or another. And in many instances, we agree to allow for the sharing of our information between these systems. In other situations, we provide the data without our knowledge because we don’t even know that the information is being collected. There are AI systems nowadays that can determine whether a war is imminent in a particular part of the world based on an assessment of internet searches and text messages originating from that geographic location. I was recently informed about a technology called “interface-less data collection” where your data is captured by sensors which many times you never see…think about it, do you know all the data your fitbit or automobile onboard computer actually collects about you?.
As technology becomes more and more pervasive, as the processing power and intelligence of systems continue to increase exponentially, it becomes extremely important, once we find out how our personal data is being collected and processed, that we are given the power to determine how we want that data to be treated and used.
So, when fascinating and overly convenient technologies like Alexa, Google Voice, Siri, Google Search, IBM Watson or Deepmind use AI technology to determine:
- which ads to show you when searching the web;
- which specials on clothing are best suited for your demographic and online spending habits;
- which answer to provide you when you ask (Alexa) a question about which medication is the best to take given your current health condition which was calculated from your last 10 searches on the internet;
we must question the means by which this information was derived. We must also question how helpful, harmful or invasive this information can be when compiled and analysed by artificial intelligence and machine learning systems. We must always bear in mind that while convenient and cool the effects of some of these technologies can be devastating, and in some cases life threatening if left unchecked.
These technological realities serve to underscore the importance of Data Protection Legislation and why as citizens we must support what it is meant to do.
This contribution is by Andrew Wheatley, M.P.