Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)

Asia Pacific sessions

In brief

Global digital transformation has resulted in advancements in AI technology, alongside a keen cross-sector interest in utilizing it. However, this technology comes hand in hand with concerns around privacy, ethics, bias and discrimination. Our second session examined the implementation of AI's in the region, potential regulatory developments in the Asia Pacific region in view of the proposals in the EU seeking to govern AI systems more stringently, and key privacy considerations when deploying AI solutions.

AI has become a regular sight in consumer technology — from automated text messaging to computer-controlled video game enemies and many applications that are embedded into our daily lives. However, a number of AI applications come with an increased data privacy risk which must be taken into account, such as the use of AI in an employment context, machine learning and facial recognition. Such applications necessitate the collation and use of a large amount of user data, prompting questions surrounding data privacy, data minimization, storage, legitimate purpose and data subject's consent.


Contents

Session 2: Artificial Intelligence (AI) and privacy

Developments in the regulation of AI

  • EU developments: The EU approach has thus far set the benchmark for regulation of AI technology, with Regulations expected in the latter half of 2022 poised to divide AI programs into categories based on their riskiness. High-risk AI, such as facial recognition and infrastructure-related AI will be subject to strict obligations, requiring risk assessments similar to the GDPR's Data Protection Impact Assessment (DPIA). The Regulations also propose requirements related to transparency, traceability and human oversight. Obligations for lower-risk AI, such as chatbots, primarily relate to transparency and security.
  • Japan: There is currently limited regulation of AI in Japan. While the Ministry of Internal Affairs and Communications issued the Guidelines in 2018 warning those implementing AI to ensure privacy rights of users and data providers are not violated, these are quite high-level and do not address many of the issues raised by AI.
  • Australia: While Australia does not have specific privacy laws governing AI, existing privacy legislation applies broadly and impacts upon AI compliance requirements. Australia's Privacy Act is technology-neutral, principle-based and largely limits the ways in which entities can use information for secondary purposes, requiring data controllers to disclose the purpose for which personal information is collected and to obtain consent for any further purposes. The Australian government is also examining AI regulation outside of the privacy-specific framework, issuing the AI Ethics Framework in 2019 which introduced the AI Ethics Principles. While these Principles are currently voluntary, a number of them touch on data privacy concerns when developing AI technology which mirrors the EU's "Privacy by Design" approach. Enforcement relating to AI has focused primarily on biometrics and facial recognition, as there were multiple enforcement actions on this front in 2021.  
  • Singapore: The Model AI Governance Framework, while not mandatory, highlights Singapore's current approach to AI regulation. The Framework provides a baseline for industry and technology, focusing on the introduction of AI and including a compendium of use cases and a checklist for safe implementation. The approach is similar to other jurisdictions in that the Framework focuses on the principles of transparency, explicability and fairness.

Emerging privacy considerations when using AI

AI systems can be subject to a number of cybersecurity concerns — if the system is not secure, information can be extracted which can constitute a data breach and potential violation of data protection laws. The absence of specific legislation does not mean absence of repercussions, as existing privacy frameworks can apply to the data that powers the AI. Companies using AI should also be aware of where the data comes from, to ensure that the data enabling the AI to make decisions has been gathered lawfully and with the data subjects' consent.

Access the session recording and other materials here

Speakers: Divina Ilas-Panganiban, Kensaku Takase, Simone Blackadder and Alex Toh

Related webinars

Global sessions

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Not ‘If’ But ‘When’: Cybersecurity Global Update - Session 2 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World: Data Privacy Global Update - Session 1 (Webinar)

International: Deciphering Data Webinar Series - Journey Around the World - Data Privacy Global Update - Session 2 (Webinar)

Europe sessions

Europe: Deciphering Data Webinar Series - Managing Workforce Data (Webinar)

Europe: Deciphering Data Webinar Series - When Data Goes Wrong - Enforcement and Litigation Trends Across Europe (Webinar)

Europe: Deciphering Data Webinar Series - Cookies and Online Advertising - Recent Trends in Europe (Webinar)

Europe: Deciphering Data Webinar Series - International Data Transfers - What’s Next? (Webinar)

Asia Pacific sessions

Asia Pacific: Deciphering Data Webinar Series - Spotlight on privacy developments (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Artificial Intelligence (AI) and privacy (Webinar)

Asia Pacific: Deciphering Data Webinar Series - Effective and sustainable privacy compliance programs (Webinar)


Copyright © 2022 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.