Publications

News

Jorge Tisné Niemann (1)

Associate of Jara Del Favero Abogados
Information Technology, Telecommunications and Data Protection Area

Artificial intelligence and data protection: a look from the UK

31 Ago 2020

The pandemic has highlighted the importance of protecting personal data, especially sensitive data related to the health of individuals. This will surely contribute to the advancement of the project that seeks to reform Law No. 19.628 of 1999, on the protection of private life (bulletin 11144-07), improving and adapting national regulations to the international standard, particularly in consideration of the European General Data Protection Regulation (GDPR). This alone will be a necessary and positive step to safeguard the privacy and control of individuals over their personal data.

Along with the above, it is interesting to highlight the Government’s announcement at the end of 2019, about the elaboration of a national policy on artificial intelligence. This policy is on the right track, as artificial intelligence (AI) has had a significant impact in recent years, being used in areas such as commerce, health, transportation, security, financial services, education and marketing. In fact, it is expected that in the coming years its application will increase and expand to new areas, given the greater access to large volumes of information and the development of new technologies capable of processing larger amounts of data.

During a first stage, the Government, through the Ministry of Science, Technology, Knowledge and Innovation, will seek to generate a document based on meetings and participatory dialogues regarding the legal, ethical, social and economic consequences of AI.

Although the two initiatives described may seem different, the truth is that they have a close and intrinsic relationship. In general terms, AI is a concept that involves a wide range of technologies that tend to imitate human thinking to solve complex tasks. For it to work, it usually requires significant volumes of data. That is why an adequate treatment of information is an unavoidable element for the development of an AI policy consistent with fundamental rights, especially if we consider that the protection of personal data is a right established in Article 19 No. 4 of the Political Constitution of Chile.

Although the AI initiative is incipient in our country, the comparative experience shows the importance of the relationship in question. In the case of the United Kingdom, the Information Commissioner’s Office (ICO) is the agency in charge of safeguarding and protecting personal data. In its first technology strategy for the years 2018-2021 , ICO stressed that a fundamental pillar of its management was to conceive of innovation and privacy not as antagonistic concepts, but on the contrary, as complementary, because when both manage to work together, it is possible to create an ideal scenario to promote trust and security in the use of data. Within the goals associated to technologies, ICO committed itself to deliver guidelines that orient the relationship between IA and personal data protection.

Recently, on July 30, 2020, the agency published an interesting guide in this line, which contains recommendations on good practices and appropriate technological measures to mitigate risks created or increased by the use of AI. While AI has its own characteristics, any related project must answer the same questions as any other, namely, whether the information is being used in a lawful, fair and transparent manner, and whether people understand how their information will be used and where it will be stored.

Among the particular recommendations are the importance of data protection from the design, implementation of impact assessments, ensuring transparent processing, mitigating arbitrariness, and ensuring that people can exercise their rights with respect to potential automated individual decisions. The guide also addresses the application of the principle of data minimization, which could be problematic considering the large amount of information required by AI to, for example, through complex algorithms and machine learning, build models based on known facts, identify patterns, and deliver accurate predictions, ratings, or recommendations.

In summary, these lines have served to reflect on the close link between national AI policy and the draft law on the protection of personal data. Addressing this relationship poses different challenges given the rapid advance of technology and its market penetration. Although both initiatives are at an early stage, the same could be said regarding the level of implementation of AI. That is why the recommendations that the sector authority delivers on this matter will be fundamental for the due safeguard of people’s information. The above is important, since independently of the regulatory approach to the issue, in the next few years, AI will inevitably permeate the various spheres of life of Chileans with increasing force.

(1) PhD in Law and Master in Legal Research, Universidad de los Andes, Chile. Candidate LLM Technology, Innovation and Law at the University of Edinburgh, Scotland.

ICO, “Technology Strategy 2018-2021”, available in <https://ico.org.uk/media/about-the-ico/documents/2258299/ico-technology-strategy-2018-2021.pdf>.

ICO, “Guidance on artificial intelligence”, available in < https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/07/ico-launches-guidance-on-ai-and-data-protection/>.