3. An A.I. system cannot retain or disclose confidential information without explicit approval from the source of that information.

Principle: Three Rules for Artificial Intelligence Systems, Sep 1, 2017

Published by Oren Etzioni, CEO of Allen Institute for Artificial Intelligence

Related Principles

· 7. Respect for Privacy

Privacy and data protection must be guaranteed at all stages of the life cycle of the AI system. This includes all data provided by the user, but also all information generated about the user over the course of his or her interactions with the AI system (e.g. outputs that the AI system generated for specific users, how users responded to particular recommendations, etc.). Digital records of human behaviour can reveal highly sensitive data, not only in terms of preferences, but also regarding sexual orientation, age, gender, religious and political views. The person in control of such information could use this to his her advantage. Organisations must be mindful of how data is used and might impact users, and ensure full compliance with the GDPR as well as other applicable regulation dealing with privacy and data protection.

Published by The European Commission’s High-Level Expert Group on Artificial Intelligence in Draft Ethics Guidelines for Trustworthy AI, Dec 18, 2018

3 PROTECTION OF PRIVACY AND INTIMACY PRINCIPLE
Privacy and intimacy must be protected from AIS intrusion and data acquisition and archiving systems (DAAS). 1) Personal spaces in which people are not subjected to surveillance or digital evaluation must be protected from the intrusion of AIS and data acquisition and archiving systems (DAAS). 2) The intimacy of thoughts and emotions must be strictly protected from AIS and DAAS uses capable of causing harm, especially uses that impose moral judgments on people or their lifestyle choices. 3) People must always have the right to digital disconnection in their private lives, and AIS should explicitly offer the option to disconnect at regular intervals, without encouraging people to stay connected. 4) People must have extensive control over information regarding their preferences. AIS must not create individual preference profiles to influence the behavior of the individuals without their free and informed consent. 5) DAAS must guarantee data confidentiality and personal profile anonymity. 6) Every person must be able to exercise extensive control over their personal data, especially when it comes to its collection, use, and dissemination. Access to AIS and digital services by individuals must not be made conditional on their abandoning control or ownership of their personal data. 7) Individuals should be free to donate their personal data to research organizations in order to contribute to the advancement of knowledge. 8) The integrity of one’s personal identity must be guaranteed. AIS must not be used to imitate or alter a person’s appearance, voice, or other individual characteristics in order to damage one’s reputation or manipulate other people.

Published by University of Montreal in The Montreal Declaration for a Responsible Development of Artificial Intelligence, Dec 4, 2018

Privacy and security
AI will include the highest levels of assurance NSW citizens must have confidence that data used for AI projects is used safely and securely, and in a way that is consistent with privacy, data sharing and information access requirements. Any project outcome will be undermined by lack of public trust if there is any risk of a data breach or that personal data could be compromised. Projects should clearly demonstrate: incorporation of privacy by design principles how information privacy, including potential for reidentification, and cyber security risks have been addressed agreement on the consent for data use, with sufficient information provided on how the data will be used to ensure informed consent that a rigorous assurance process against each of the five Ethical Policy Principles has been successfully completed.

Published by Government of New South Welsh, Australia in Mandatory Ethical Principles for the use of AI, 2024

Plan and Design:
1 The planning and design of the AI system and its associated algorithm must be configured and modelled in a manner such that there is respect for the protection of the privacy of individuals, personal data is not misused and exploited, and the decision criteria of the automated technology is not based on personally identifying characteristics or information. 2 The use of personal information should be limited only to that which is necessary for the proper functioning of the system. The design of AI systems resulting in the profiling of individuals or communities may only occur if approved by Chief Compliance and Ethics Officer, Compliance Officer or in compliance with a code of ethics and conduct developed by a national regulatory authority for the specific sector or industry. 3 The security and protection blueprint of the AI system, including the data to be processed and the algorithm to be used, should be aligned to best practices to be able to withstand cyberattacks and data breach attempts. 4 Privacy and security legal frameworks and standards should be followed and customized for the particular use case or organization. 5 An important aspect of privacy and security is data architecture; consequently, data classification and profiling should be planned to define the levels of protection and usage of personal data. 6 Security mechanisms for de identification should be planned for the sensitive or personal data in the system. Furthermore, read write update actions should be authorized for the relevant groups.

Published by SDAIA in AI Ethics Principles, Sept 14, 2022

· Prepare Input Data:
1 The exercise of data procurement, management, and organization should uphold the legal frameworks and standards of data privacy. Data privacy and security protect information from a wide range of threats. 2 The confidentiality of data ensures that information is accessible only to those who are authorized to access the information and that there are specific controls that manage the delegation of authority. 3 Designers and engineers of the AI system must exhibit the appropriate levels of integrity to safeguard the accuracy and completeness of information and processing methods to ensure that the privacy and security legal framework and standards are followed. They should also ensure that the availability and storage of data are protected through suitable security database systems. 4 All processed data should be classified to ensure that it receives the appropriate level of protection in accordance with its sensitivity or security classification and that AI system developers and owners are aware of the classification or sensitivity of the information they are handling and the associated requirements to keep it secure. All data shall be classified in terms of business requirements, criticality, and sensitivity in order to prevent unauthorized disclosure or modification. Data classification should be conducted in a contextual manner that does not result in the inference of personal information. Furthermore, de identification mechanisms should be employed based on data classification as well as requirements relating to data protection laws. 5 Data backups and archiving actions should be taken in this stage to align with business continuity, disaster recovery and risk mitigation policies.

Published by SDAIA in AI Ethics Principles, Sept 14, 2022

Contact

Institute of Automation, Chinese Academy of Sciences
95 Zhongguancun East Road,
Haidian District, Beijing,
China 100190
Principal Investigator - Yi Zeng
contact@long-term-ai.cn

Contributors: Cunqing Huangfu, Enmeng Lu, Zizhe Ruan et al.

Copyright © 2018-
Brain-inspired Cognitive Intelligence Lab, Institute of Automation, Chinese Academy of Sciences
International Research Center for AI Ethics and Governance, Institute of Automation, Chinese Academy of Sciences
All Rights Reserved