Protecting Privacy in the Era of Artificial Intelligence

Keyur Tripathi & Usama Mubarak 1

Abstract

Artificial Intelligence has emerged with real time challenges as it has brought along with it
both pros-cons, and the cons are needed to be fixed from the outset. As AI has a direct cohesion
with data protection issues. If we are to cite an example that can be of an individual’s personal
information which is hugely scrapped from almost all the platforms which has a colossal
database. Now having cited this example invokes security issues in regard to personal data of
individuals. Whenever in recent scenarios of technological advancement any major challenges
occur then we tend to be concerned for remedial measures which ultimately is the privacy of
data principals. .

However, these same technological innovations raise important issues, including a dilemma
regarding the relation between AI and data protection laws that how can they supplement each
other in sorting data related deformities. Now this is the high time where we have both an
opportunity and the obligation to examine the effectiveness of current data protection laws in
light of 21st century technological realities like challenges of AI.

While compliance with existing data protection laws is crucial, a long lasting approach is to
examine the challenges presented by AI as another wake-up call that our current approach to
data protection is increasingly obsolete. Viewed in this light, it is a data protection law that
must be improved if it is to protect privacy, effectively address the challenges presented by AI,
and avoid creating unnecessary, bureaucratic barriers to AI’s benefits. The Five reforms appear
necessary like, Shifting from Individual Consent to Data Stewardship, A More Systemic and
Well-Developed utility of Risk Management, A Greater Focus on Data Uses and implications,
A Framework of Harms and Transparency and Redress.

Keywords: Data protection, Artificial Intelligence, Privacy, Machine Learning, Automated

facial recognition and legal ethics-AI

1
LLM, Students, Galgotias University

Electronic copy available at: https://ssrn.com/abstract=3560047

Introduction

Artificial intelligence (AI) has developed rapidly in the recent past. Today, AI utility devices
are used increasingly by both private and public sector organizations around the world. AI can
hugely benefit masses in the contemporary world as in a digitally charged environment around
the globe. AI and personal data protection has much to do for the sake of a welfare state.

Artificial Intelligence and data protection have their relevance in their own sphere. We cannot
undermine neither the value of AI nor of the data protection laws. On the other hand we should
not let AI and data protection laws harm each other in terms of their utility rather there shall be
certain machine learning mechanism designed in such a way that tracks both these variables
i.e. AI and personal data protection so that they do not encroach upon the area of that other
while doing their respective targeted jobs.

This article introduces AI and some of the applications enabled by it, as well as some of the
challenges and tensions between AI and existing data protection laws and principles. It seeks
to provide a more nuanced understanding of those applications and argues that their interaction
with data protection laws necessitates, and provides a welcome opportunity for, revising those
laws to reflect 21st century technological realities.

As far as AI and personal data protection is concerned, the major challenge that it has to face
is to replicate the benefits of the same on PAN India level. As one of the main objective of AI
and personal data protection is to serve its purpose in every discipline in such a way that human
should not feel as if some machine is working but they are working in true sense and for that
to develop AI setup shall be so much consolidated that it will develop human trust and in return
AI would be working responsibility for human welfare by protecting privacy rights of the
citizens.

Defining Artificial Intelligence

In this era Artificial Intelligence (AI) involves computer systems that perform different tasks
for example, playing games, identifying images, or corroborating identity by identifying
patterns in data. We have witnessed ample number of examples like “Narrow AI”. The Purpose
of this AI is to perform one task or set of tasks 2. Narrow AI is still a complex subject matter.

2
Executive Office of the President of the United States, National Science and Technology Council Committee
on Technology, Preparing for the Future of Artificial Intelligence (Oct. 2016), available at
https://obamawhitehouse.archives.gov/sites/default/files/whitehouse_files/microsites/ostp/NSTC/preparing_for_
the_future_of_ai.pdf. (Last Visited on: 26-March-2020

Electronic copy available at: https://ssrn.com/abstract=3560047

As the New York Times noted, even narrow AI tools can be confusing and “dodge
understanding because they involve a state of confusion in statistical data 3. When a machine
or a robot behaves in a way that it acts more like human or it is difficult to identify whether it
is a machine or human, it is said to pass the so-called “Turing Test,” set out by Alan Turing in
1950

John McCarthy first coined the term artificial intelligence in 1956 when he called up a group
of researchers from a variety of fields including language simulation, neuron nets, complexity
theory and several others to a summer workshop called the Dartmouth Summer Research
Project on Artificial Intelligence to deliberate what would ultimately become the field of AI.
At that time, the researchers sat to clarify and develop the concepts around “thinking machines”
which up to this point had been quite divergent. McCarthy has picked the name artificial
intelligence to avoid highlighting one of the tracks being utilized at the time for the field of
“thinking machines” that included cybernetics 4, automata theory and complex information
processing. The proposal for the conference said, “The study is to proceed on the basis of the
probability that every aspect of learning or any other feature of intelligence can in principle be
so precisely described that a machine can be made to copy it.”

Today, modern dictionary definitions focus on AI being a subset of computer science and how
machines can copy human intelligence (being human-like rather than becoming human). The
English Oxford Living Dictionary cited this definition: “The theory and development of
computer systems able to perform tasks normally requiring human intelligence, such as visual
perception, speech recognition, decision-making, and translation between languages 5.”

Defining Data Protection

Data surrounds us and is generated in virtually everything we do. One type is data that we may
voluntarily share, and the second type is the data which is generated literally every time we do
something – whether it be travel, order a meal or use transportation. There is no doubt that this
data is immensely valuable and several companies are willing to pay for access to this data.

3
Kuang, C., “Can A.I. Be Taught to Explain Itself?” New York Times Magazine (21 Nov. 2017), available at
https://www.nytimes.com/2017/11/21/magazine/can-ai-be-taught-to-explain-itself.html?_r=0. (Last Visited on:
26-March-2020)
4
Rieland, R., “Artificial Intelligence Is Now Used to Predict Crime. But Is It Biased?,” Smithsonian (5 Mar.
2018), available at https://www.smithsonianmag.com/innovation/artificial-intelligence-is-now-used-predict-
crime-is-it-biased-180968337/. (Last Visited on: 26-March-2020
5
English Oxford Living Dictionaries, “Artificial Intelligence,” available at:
https://en.oxforddictionaries.com/definition/artificial_intelligence. (Last Visited on: 27-March-2020)

Electronic copy available at: https://ssrn.com/abstract=3560047

Indeed, in this age of universal and virtually free access to the internet, data is the new currency.
It is even more intriguing that the full potential of the data is not known. As technology
progresses, newer applications emerge enhancing the value of the data.

Data protection implies that policies and procedures seek to minimize breach into the privacy
of an individual caused by collection and usage of their personal data with their Consent. Usage
of personal data in India or information of citizens is handled by the Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or Information)
Rules, 2011, under Section 43 A of the Information Technology Act, 2000. The Rules define
personal information of an individual as any information which may be utilized to recognize
them. The corporate who are using the data of the individual are liable to compensate them if
their data is leaked by these body corporates. These corporates should fix such standards in
their regulations so that there are least chances that these corporate firms deny these individuals
their privacy 6 rights.

Relation between AI and Data Protection

The need of Artificial Intelligence (AI) in everyday life raises a number of issues from a data
protection perspective. All such concerns will have to be considered carefully taking into
account the provisions of EU Regulation 2016/679, General Data Protection Regulation
(GDPR). Purposes of the personal data processing and the enhancement of AI systems entails
a material issue with reference to the purposes of the data processing. This issue is directly
connected with the "machine learning 7" features of an AI system (that is, the ability of an AI
system to interact with the surrounding environment, to learn from the experience, and to
address future 8 behaviors based on such interactions and learnings.)

AI and machine learning features may cause the processing of personal data to be carried out
in different ways and for different purposes than those for which it was originally set. This may
result in the complete loss of control, by the data subjects, of their data. Any such loss of control

6
Greenberg, A., “An AI That Reads Privacy Policies So That You Don't Have To,” Wired (9 Feb. 2018), available
at https://www.wired.com/story/polisis-ai-reads-privacy-policies-so-you-dont-have-to/. (Last Visited on: 27-
March-2020)
7
Machine Learning, Coursera, available at https://www.coursera.org/learn/machine-learning(Last Visited on: 27-
March-2020)
8
Devlin, H., “Could online tutors and artificial intelligence be the future of teaching?,” The Guardian (26 Dec.
2016), available at https://www.theguardian.com/technology/2016/dec/26/could-online-tutors-and-artificial-
intelligence-be-the-future-of-teaching. (Last Visited on: 27-March-2020)

Electronic copy available at: https://ssrn.com/abstract=3560047

is obviously against the principles of GDPR 9. Legal basis of the processing of personal data
and it is often difficult to identify the legal basis for the personal data processing, in addition
to the general legal basis of the performance of a contract between the data controller and the
data subject. Express consent may not be appropriate always: It is hard to be obtained due to
the general ways of operation of AI systems, but it is also "dangerous" from a data controller
perspective, since the data subject can withdraw such consent at any moment, often creating
operational issues that may not be managed by AI systems.

Legitimate interest may also be critical, as it requires a difficult balance between the rights of
the data subjects and the legitimate interests of the data controller; there are no clear guidelines
on how to carry out such balance. Setting up the legal basis and purposes of the personal data
processing remains one of the most important features to take into account when dealing with
AI systems and related machine learning features. This issue, often addressed with regard to
IoT-based datasets, becomes even more relevant in an AI-based scenario. AI systems may
allow to transform anonymous information into personal data, including special categories of
personal data. AI providers "reluctantly" allow audit and controls on their AI systems, even
when such audits and controls are specifically required by GDPR provisions. Such reluctance
is generally due to the complexity of (algorithms of) AI systems. This is also one of the main
issues that has to be addressed from a contractual perspective

Artificial Intelligence Way Ahead In Protecting Data

In recent times, artificial intelligence has been prevailing around the globe across various
industries and applications than ever before as computing power, storage capabilities, and data
collection has increased rapidly.

Digitizations seem to drive tremendous advantages to various industries like banking, trade,
and healthcare 10 as these sectors have a high level of vulnerabilities towards cyber-attacks. Due
to this reason, data is becoming one of the top priorities for the companies in this digital era in
order to become cyber-immune.

9
Ohm, P., “Changing the Rules: General Principles for Data Use and Analysis,” Privacy, Big Data, and the Public
Good: Frameworks for Engagement at 100 (2014).
10
Marr, B., “How Is AI Used In Healthcare—5 Powerful Real-World Examples That Show The Latest
Advances,” Forbes (27 Jun. 2018), available at https://www.forbes.com/sites/bernardmarr/2018/07/27/how-is-
ai-used-in-healthcare-5-powerful-real-world-examples-that-show-the-latest-advances/#5b20b9975dfb. (Last
Visited on: 28-March-2020)

Electronic copy available at: https://ssrn.com/abstract=3560047

Over the years, we have seen a dramatic increase in online attacks all over the world; not only
these threats are increasing in terms of number, but they are also becoming more sophisticated.
It is more critical than ever to have your systems and processes in place to protect your data as
more and more companies are embracing digital technologies and cloud solutions. Here the
question arises, how? Well machine learning and Artificial intelligence are improving
themselves to make the data more secure and consolidated.

Nowadays, hackers are launching strikes with the aid of automated attacks because many
organizations use the same manual techniques to detect attacks which can contextualize them
with external threat data 11. It can be dangerous to use the traditional techniques because they
are time-consuming when it comes to detecting intrusions, and by that time, hackers would
have proceeded with vulnerabilities by comprising and accessing your delicate data.

Experts think that artificial intelligence 12 (AI) is the future as it has the sources to transform
everything right from healthcare to space exploration. Enterprises have already started
analyzing ways to utilize AI to process and protect data. Some of you might have heard the
term ‘Big data 13’. Big data is mainly on AI and machine learning (ML), and is not only useful
in collecting data, but in protection of data too.

AI In Endpoint Data Protection

Endpoint security has become crucial from an antivirus solution to using AI for data protection
from cybercriminals. The merits of AI is that end-point security is taken to the next level as AI
can swiftly detect, block and analyze attacks and perform behavioral exercises 14. AI in endpoint
data protection can provide a whole lot of gains including:

• Quickly notify when it detects any kind of unauthorized behavior from applications
running in your information systems or network services.

11
Communication from the Commission, Artificial Intelligence for Europe, COM (2018) 237 final, available at
http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=51625. (Last Visited on: 28-March-2020)
12
House of Lords Select Committee in Artificial Intelligence, AI in the UK: Ready, Willing and Able?, HL
Paper 100 (2018), available at https://publications.parliament.uk/pa/ld201719/ldselect/ldai/100/100.pdf. (Last
Visited on: 28-March-2020)
13
Some recent applications of AI, such as the use of AI to defeat CAPTCHA and Google’s AlphaGo Zeros that
taught itself to play Go at the championship level, have occurred with minimal training data, suggesting that AI
may not always be linked to big data.
14
Greenberg, A., “An AI That Reads Privacy Policies So That You Don't Have To,” Wired (9 Feb. 2018),
available at https://www.wired.com/story/polisis-ai-reads-privacy-policies-so-you-dont-have-to/.(Last Visited
on: 30-March-2020)

Electronic copy available at: https://ssrn.com/abstract=3560047

 • Automatically locks all kinds of suspicious websites and actions even before they get
functional.

• Analyze and stop all kinds of unauthorized data dissemination.

• Examine your sandboxes and report any kind of suspicious activity in your app data.

• In the event of a security attack, AI blended with machine learning can help in
immediate rolling back to the previously working and secure endpoint.

• Swiftly analyze and separate any suspicious endpoints and data processes.

AI-Powered Data Protection Solutions

Robust data protection is a complex safeguard for enterprises to protect their data and other
assets. AI tools are available that assist in providing predictive insights on data behavior using
advanced AI algorithms. These tools not only assist organizations in analyzing historical data
and behavioral analysis, but they can also provide operational back even before the attack is
carried out

Concluding Remarks

The area of artificial intelligence gives the ability to the machines to process analytically, using
concepts. Tremendous contribution to the various areas has been made by the Artificial
Intelligence techniques from the last two decades. Artificial Intelligence will continue to play
an increasingly important role in various fields like data privacy. This paper is based on the
concept of artificial intelligence in securing privacy of data. As already tested, AI is slowly
emerging as a great supporter for enterprises in data protection. Data security issues are on the
rise and AI can largely help in recognizing potential threats and protect sensitive data of
organizations to a great extent. While the impact of AI can be felt in every aspect of people’s
day to day life in the future, it certainly raises a few questions on data privacy as well. But there
is a whole lot of research going on using AI to provide complete security over your private,
personal and critical data.

Electronic copy available at: https://ssrn.com/abstract=3560047