2.4 Cybersecurity and Privacy
Published by: Information Technology Industry Council (ITI) in AI Policy Principles
Just like technologies that have come before it, AI depends on strong cybersecurity and privacy provisions. We encourage governments to use strong, globally accepted and deployed cryptography and other security standards that enable trust and interoperability. We also promote voluntary information sharing on cyberattacks or hacks to better enable consumer protection. The tech sector incorporates strong security features into our products and services to advance trust, including using published algorithms as our default cryptography approach as they have the greatest trust among global stakeholders, and limiting access to encryption keys. Data and cybersecurity are integral to the success of AI. We believe for AI to flourish, users must trust that their personal and sensitive data is protected and handled appropriately. AI systems should use tools, including anonymized data, de identification, or aggregation to protect personally identifiable information whenever possible.
6. Principle of privacy
Published by: Ministry of Internal Affairs and Communications (MIC), the Government of Japan in AI R&D Principles
Developers should take it into consideration that AI systems will not infringe the privacy of users or third parties.
The privacy referred to in this principle includes spatial privacy (peace of personal life), information privacy (personal data), and secrecy of communications. Developers should consider international guidelines on privacy, such as “OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data,” as well as the followings, with consideration of the possibility that AI systems might change their outputs or programs as a result of learning and other methods:
● To make efforts to evaluate the risks of privacy infringement and conduct privacy impact assessment in advance.
● To make efforts to take necessary measures, to the extent possible in light of the characteristics of the technologies to be adopted throughout the process of development of the AI systems (“privacy by design”), to avoid infringement of privacy at the time of the utilization.
6. Principle of privacy
Published by: Ministry of Internal Affairs and Communications (MIC), the Government of Japan in Draft AI Utilization Principles
Users and data providers should take into consideration that the utilization of AI systems or AI services will not infringe on the privacy of users’ or others.
[Main points to discuss]
A) Respect for the privacy of others
With consideration of social contexts and reasonable expectations of people in the utilization of AI, users may be expected to respect the privacy of others in the utilization of AI.
In addition, users may be expected to consider measures to be taken against privacy infringement caused by AI in advance.
B) Respect for the privacy of others in the collection, analysis, provision, etc. of personal data
Users and data providers may be expected to respect the privacy of others in the collection, analysis, provision, etc. of personal data used for learning or other methods of AI.
C) Consideration for the privacy, etc. of the subject of profiling which uses AI
In the case of profiling by using AI in fields where the judgments of AI might have significant influences on individual rights and interests, such as the fields of personnel evaluation, recruitment, and financing, AI service providers and business users may be expected to pay due consideration to the privacy, etc. of the subject of profiling.
D) Attention to the infringement of the privacy of users’ or others
Consumer users may be expected to pay attention not to give information that is highly confidential (including information on others as well as information on users’ themselves) to AI carelessly, by excessively empathizing with AI such as pet robots, or by other causes.
E) Prevention of personal data leakage
AI service providers, business users, and data providers may be expected to take appropriate measures so that personal data should not be provided by the judgments of AI to third parties without consent of the person.
3 PROTECTION OF PRIVACY AND INTIMACY PRINCIPLE
Privacy and intimacy must be protected from AIS intrusion and data acquisition and archiving systems (DAAS).
1) Personal spaces in which people are not subjected to surveillance or digital evaluation must be protected from the intrusion of AIS and data acquisition and archiving systems (DAAS).
2) The intimacy of thoughts and emotions must be strictly protected from AIS and DAAS uses capable of causing harm, especially uses that impose moral judgments on people or their lifestyle choices.
3) People must always have the right to digital disconnection in their private lives, and AIS should explicitly offer the option to disconnect at regular intervals, without encouraging people to stay connected.
4) People must have extensive control over information regarding their preferences. AIS must not create individual preference proﬁles to inﬂuence the behavior of the individuals without their free and informed consent.
5) DAAS must guarantee data conﬁdentiality and personal proﬁle anonymity.
6) Every person must be able to exercise extensive control over their personal data, especially when it comes to its collection, use, and dissemination. Access to AIS and digital services by individuals must not be made conditional on their abandoning control or ownership of their personal data.
7) Individuals should be free to donate their personal data to research organizations in order to contribute to the advancement of knowledge.
8) The integrity of one’s personal identity must be guaranteed. AIS must not be used to imitate or alter a person’s appearance, voice, or other individual characteristics in order to damage one’s reputation or manipulate other people.
4. Respect for Privacy
AI development should respect and protect the privacy of individuals and fully protect an individual’s rights to know and to choose. Boundaries and rules should be established for the collection, storage, processing and use of personal information. Personal privacy authorization and revocation mechanisms should be established and updated. Stealing, juggling, leaking and other forms of illegal collection and use of personal information should be strictly prohibited.