· 13) Liberty and Privacy

The application of AI to personal data must not unreasonably curtail people’s real or perceived liberty.
Principle: Asilomar AI Principles, Jan 3-8, 2017

Published by Future of Life Institute (FLI), Beneficial AI 2017

Related Principles

5. Privacy and Data Governance
AI systems should have proper mechanisms in place to ensure data privacy and protection and maintain and protect the quality and integrity of data throughout their entire lifecycle. Data protocols need to be set up to govern who can access data and when data can be accessed. Data privacy and protection should be respected and upheld during the design, development, and deployment of AI systems. The way data is collected, stored, generated, and deleted throughout the AI system lifecycle must comply with applicable data protection laws, data governance legislation, and ethical principles. Some data protection and privacy laws in ASEAN include Malaysia’s Personal Data Protection Act 2010, the Philippines’ Data Privacy Act of 2012, Singapore’s Personal Data Protection Act 2012, Thailand’s Personal Data Protection Act 2019, Indonesia’s Personal Data Protection Law 2022, and Vietnam’s Personal Data Protection Decree 2023. Organisations should be transparent about their data collection practices, including the types of data collected, how it is used, and who has access to it. Organisations should ensure that necessary consent is obtained from individuals before collecting, using, or disclosing personal data for AI development and deployment, or otherwise have appropriate legal basis to collect, use or disclose personal data without consent. Unnecessary or irrelevant data should not be gathered to prevent potential misuse. Data protection and governance frameworks should be set up and adhered to by developers and deployers of AI systems. These frameworks should also be periodically reviewed and updated in accordance with applicable privacy and data protection laws. For example, data protection impact assessments (DPIA) help organisations determine how data processing systems, procedures, or technologies affect individuals’ privacy and eliminate risks that might violate compliance7. However, it is important to note that DPIAs are much narrower in scope than an overall impact assessment for use of AI systems and are not sufficient as an AI risk assessment. Other components will need to be considered for a full assessment of risks associated with AI systems. Developers and deployers of AI systems should also incorporate a privacy by design principle when developing and deploying AI systems. Privacy by design is an approach that embeds privacy in every stage of the system development lifecycle. Data privacy is essential in gaining the public’s trust in technological advances. Another consideration is investing in privacy enhancing technologies to preserve privacy while allowing personal data to be used for innovation. Privacy enhancing technologies include, but are not limited to, differential privacy, where small changes are made to raw data to securely de identify inputs without having a significant impact on the results of the AI system, and zero knowledge proofs (ZKP), where ZKP hide the underlying data and answer simple questions about whether something is true or false without revealing additional information

Published by ASEAN in ASEAN Guide on AI Governance and Ethics, 2024

· (3) Privacy
In society premised on AI, it is possible to estimate each person’s political position, economic situation, hobbies preferences, etc. with high accuracy from data on the data subject’s personal behavior. This means, when utilizing AI, that more careful treatment of personal data is necessary than simply utilizing personal information. To ensure that people are not suffered disadvantages from unexpected sharing or utilization of personal data through the internet for instance, each stakeholder must handle personal data based on the following principles. Companies or government should not infringe individual person’s freedom, dignity and equality in utilization of personal data with AI technologies. AI that uses personal data should have a mechanism that ensures accuracy and legitimacy and enable the person herself himself to be substantially involved in the management of her his privacy data. As a result, when using the AI, people can provide personal data without concerns and effectively benefit from the data they provide. Personal data must be properly protected according to its importance and sensitivity. Personal data varies from those unjust use of which would be likely to greatly affect rights and benefits of individuals (Typically thought and creed, medical history, criminal record, etc.) to those that are semi public in social life. Taking this into consideration, we have to pay enough attention to the balance between the use and protection of personal data based on the common understanding of society and the cultural background.

Published by Cabinet Office, Government of Japan in Social Principles of Human-centric AI, Dec 27, 2018

6. Principle of privacy
Users and data providers should take into consideration that the utilization of AI systems or AI services will not infringe on the privacy of users’ or others. [Main points to discuss] A) Respect for the privacy of others With consideration of social contexts and reasonable expectations of people in the utilization of AI, users may be expected to respect the privacy of others in the utilization of AI. In addition, users may be expected to consider measures to be taken against privacy infringement caused by AI in advance. B) Respect for the privacy of others in the collection, analysis, provision, etc. of personal data Users and data providers may be expected to respect the privacy of others in the collection, analysis, provision, etc. of personal data used for learning or other methods of AI. C) Consideration for the privacy, etc. of the subject of profiling which uses AI In the case of profiling by using AI in fields where the judgments of AI might have significant influences on individual rights and interests, such as the fields of personnel evaluation, recruitment, and financing, AI service providers and business users may be expected to pay due consideration to the privacy, etc. of the subject of profiling. D) Attention to the infringement of the privacy of users’ or others Consumer users may be expected to pay attention not to give information that is highly confidential (including information on others as well as information on users’ themselves) to AI carelessly, by excessively empathizing with AI such as pet robots, or by other causes. E) Prevention of personal data leakage AI service providers, business users, and data providers may be expected to take appropriate measures so that personal data should not be provided by the judgments of AI to third parties without consent of the person.

Published by Ministry of Internal Affairs and Communications (MIC), the Government of Japan in Draft AI Utilization Principles, Jul 17, 2018

3 PROTECTION OF PRIVACY AND INTIMACY PRINCIPLE
Privacy and intimacy must be protected from AIS intrusion and data acquisition and archiving systems (DAAS). 1) Personal spaces in which people are not subjected to surveillance or digital evaluation must be protected from the intrusion of AIS and data acquisition and archiving systems (DAAS). 2) The intimacy of thoughts and emotions must be strictly protected from AIS and DAAS uses capable of causing harm, especially uses that impose moral judgments on people or their lifestyle choices. 3) People must always have the right to digital disconnection in their private lives, and AIS should explicitly offer the option to disconnect at regular intervals, without encouraging people to stay connected. 4) People must have extensive control over information regarding their preferences. AIS must not create individual preference profiles to influence the behavior of the individuals without their free and informed consent. 5) DAAS must guarantee data confidentiality and personal profile anonymity. 6) Every person must be able to exercise extensive control over their personal data, especially when it comes to its collection, use, and dissemination. Access to AIS and digital services by individuals must not be made conditional on their abandoning control or ownership of their personal data. 7) Individuals should be free to donate their personal data to research organizations in order to contribute to the advancement of knowledge. 8) The integrity of one’s personal identity must be guaranteed. AIS must not be used to imitate or alter a person’s appearance, voice, or other individual characteristics in order to damage one’s reputation or manipulate other people.

Published by University of Montreal in The Montreal Declaration for a Responsible Development of Artificial Intelligence, Dec 4, 2018

· We will respect people’s privacy
1. AI systems should respect privacy and use the minimum intrusion necessary 2. AI systems should uphold high standards of data governance and security, protecting personal information 3. Surveillance or other AI driven technologies should not be deployed to the extent of violating internationally and or UAE’s accepted standards of privacy and human dignity and people rights

Published by Smart Dubai in Dubai's AI Principles, Jan 08, 2019

Contact

Institute of Automation, Chinese Academy of Sciences
95 Zhongguancun East Road,
Haidian District, Beijing,
China 100190
Principal Investigator - Yi Zeng
contact@long-term-ai.cn

Contributors: Cunqing Huangfu, Enmeng Lu, Zizhe Ruan et al.

Copyright © 2018-
Brain-inspired Cognitive Intelligence Lab, Institute of Automation, Chinese Academy of Sciences
International Research Center for AI Ethics and Governance, Institute of Automation, Chinese Academy of Sciences
All Rights Reserved