Consider what governance your organization needs to move past regulatory-driven privacy protection into data and data-use ethics. Data, data use, and AI ethics involve more than privacy. Some organizations are adopting principles around explainability, societal benefit, and fairness, among other principles. Identify which principles are relevant, and more importantly, what these principles mean to your organization. Get wide executive agreement on these principles, and translate them into concrete standards and procedures for each practice within your organization to enact trust-driven approaches.
Appreciate the differences between AI and software. Find the best connection points with AI development teams, given their experimentation-driven approach. There should be oversight as to where and when in the development process data is accessed, cleaned, manipulated, augmented, protected. Doing so can enable more thorough analysis of broader ethical considerations—privacy and beyond.
Build off what you have. No one wants burdensome governance and compliance. But expanding governance practices unnecessarily can lead to poor compliance down the line. Building off the processes that already exist can help reduce any friction and change management required to gain effective oversight. Most use of personal data already requires a Privacy Impact Assessment or a GDPR-required Data Protection Impact Assessment in higher risk data scenarios. Augment these requirements with additional questions relating to AI, and mandate their use across all AI development. Place particular focus on questions to identify and assess the likelihood and significance of benefits, risks, and mitigation controls. Recognize this action to be a benefit-risk decision-making tool, and bring a broad cross-section of internal stakeholders to the decision input.
Align on language. And don’t go it alone: anticipate any differences in how terminology is used between privacy and AI teams. Educate and collaborate to develop a shared understanding of these terms. Collaborative governance with a multilayer approach can help reduce friction and provide the broad range of perspectives necessary for your organization to develop robust and lasting mechanisms for ethical AI.
Use AI techniques to address privacy issues. While AI introduces a number of complications in dealing with privacy, it also provides a few innovative ways of solving privacy issues. New techniques like homomorphic encryption and differential privacy enable data sharing through encryption or noise-induction. Federated learning allows insights to be generated locally and aggregated without revealing private data. As an active space for research, AI will undoubtedly yield new applications that may enable privacy protection.
