Artificial Intelligence is a tool used today, using the data provided thanks to the implementation of other technological techniques such as Big Data, IoT …
This data collection must be carried out in accordance with good practice, being transparent and respecting people's rights, being rigorous and minimising the negative impact.
The Spanish Data Protection Agency developed a document called “ GDPR Compliance with Processing Incorporating Artificial Intelligence. An Introduction ”, which establishes how data should be processed in the event that Artificial Intelligence is incorporated.
How many types of data are processed by Artificial Intelligence?
We must bear in mind that the data that interests us now are those of a personal nature, that is, those belonging to people, whether physical or legal. It is for this reason that there are various categories of data that must be processed by Artificial Intelligence.
In the event that it is intended to use data from persons belonging to special categories , it is necessary that there be express consent from the interested parties, as established in article 9 of the GDPR .
The use of data by Artificial Intelligence is carried out in two phases: the first is algorithmic training (the algorithm is trained using certain data, creating a pattern) and the second is the use phase (using Artificial Intelligence in a particular case, creating a prediction, helping or making decisions).
Given the above, depending on the life stage of the Artificial Intelligence system, personal data may be used in:
- Training, in which case it can refer to different stages such as auditing, information processing, obtaining data of interest, etc.
- Validation in which case data will be used to experimentally validate the model.
- Deployment, that is, when a communication of personal data occurs.
- Exploitation, where data can be used to make decisions and even to evolve, among others.
- And, the withdrawal, where a verification of the risk of the data that has already been used must be carried out.
How should data be treated by Artificial Intelligence?
They must be treated in accordance with current regulations established by the Spanish Data Protection Agency , and all actions carried out by Artificial Intelligence must be transparent.
The guiding principles of the above are legality, loyalty and transparency , as well as data minimization and accuracy, integrity and confidentiality or proactive responsibility.
For its part, the Regulation itself provides in its article 5 the principle of proactive responsibility , that is, whoever holds the legitimacy of being responsible for the treatment must apply the appropriate measures to guarantee that the treatment is adequate and in accordance with current regulations.
What risks can arise when processing data using Artificial Intelligence?
Some of the most relevant risks that may occur are:
- Errors in data accuracy that can lead to bias and discrimination.
- Unauthorized access by third parties.
- Fraudulent manipulation of the Artificial Intelligence system used to obtain favorable data.
- Data leak or lack of transparency.
Conclusion:
As will be seen in later articles, the relationship between Artificial Intelligence and Data Protection is relevant , so it is recommended to be properly advised in this area by analyzing point by point.
