In addition, the potential risks, overall benefits, and purpose of utilizing sensitive personal data should be well motivated and defined or articulated by the AI System Owner.

In addition, the potential risks, overall benefits, and purpose of utilizing sensitivepersonal data should be well motivated and defined or articulated by the AI System Owner.

4 Sensitive personal data attributes relating to persons or groups which are systematically or historically disadvantaged should be identified and defined at this stage.

2 Sensitive personal data attributes which are defined in the plan and design phase should not be included in the model data not to feed the existing bias on them.

In this case, the justification of the usage of the sensitive personal data attributes or their proxies should be provided.

Principle 2 – privacy & Security

The privacy and security principle represents overarching values that require AI systems;

throughout the AI System Lifecycle; to be built in a safe way that respects the privacy of the data collected as well as upholds the highest levels of data security processes and procedures to keep the data confidential preventing data and system breaches which could lead to reputational, psychological, financial, professional, or other types of harm.

AI systems should be designed with mechanisms and controls that provide the possibility to govern and monitor their outcomes and progress throughout their lifecycle to ensure continuous monitoring within the privacy and security principles and protocols set in place.

1 The planning and design of the AI system and its associated algorithm must be configured and modelled in a manner such that there is respect for the protection of the privacy of individuals, personal data is not misused and exploited, and the decision criteria of the automated technology is not based on personally identifying characteristics or information.

1 The planning and design of the AI system and its associated algorithm must be configured and modelled in a manner such that there is respect for the protection of the privacy of individuals, personal data is not misused and exploited, and the decision criteria of the automated technology is not based on personally identifying characteristics or information.

2 The use of personal information should be limited only to that which is necessary for the proper functioning of the system.

4 privacy and security legal frameworks and standards should be followed and customized for the particular use case or organization.

5 An important aspect of privacy and security is data architecture; consequently, data

classification and profiling should be planned to define the levels of protection and usage of personal data.

6 Security mechanisms for de identification should be planned for the sensitive or personal data in the system.

1 The exercise of data procurement, management, and organization should uphold the legal frameworks and standards of data privacy.

Data privacy and security protect information from a wide range of threats.

3 Designers and engineers of the AI system must exhibit the appropriate levels of integrity to safeguard the accuracy and completeness of information and processing methods to ensure that the privacy and security legal framework and standards are followed.

Data classification should be conducted in a contextual manner that does not result in the inference of personal information.

Furthermore, de identification mechanisms should be employed based on data classification as well as requirements relating to data protection laws.

1 privacy and security by design should be implemented while building the AI system.

Furthermore, appropriate measures should be in place to ensure that AI systems with automated decision making capabilities uphold the necessary data privacy and security standards.

1 After the deployment of the AI system, when its outcomes are realized, there must be continuous monitoring to ensure that the AI system is privacy preserving, safe and secure.

The privacy impact assessment and risk management assessment should be continuously revisited to ensure that societal and ethical considerations are regularly evaluated.

2 AI System Owners should be accountable for the design and implementation of AI systems in such a way as to ensure that personal information is protected throughout the life cycle of the AI system.

The components of the AI system should be updated based on continuous monitoring and privacy impact assessment.

1 When designing a transparent and trusted AI system, it is vital to ensure that stakeholders affected by AI systems are fully aware and informed of how outcomes are processed.

AI system owners must define the level of transparency for different stakeholders on the technology based on data privacy, sensitivity, and authorization of the stakeholders.

This has a direct effect on the training and implementation of these systems since the criteria for the data’s organization, and structuring must be transparent and explainable in their acquisition and collection adhering to data privacy regulations and intellectual property standards and controls.

2 Transparent and explainable algorithms ensure that stakeholders affected by AI systems, both individuals and communities, are fully informed when an outcome is processed by the AI system by providing the opportunity to request explanatory information from the AI system owner.

logged and stakeholders should be informed about these instances keeping the performance