HealthTech InsurTech LawTech retail

AI, data protection and data ownership

New technologies such as Artificial Intelligence / Deep Learning pose challenges for the law for example in regulatory or civil matters. Two areas where these challenges will have to be met by companies and in business are data protection in the regulatory field and data ownership in civil law.

SwissCognitiveNew technologies such as Artificial Intelligence / Deep Learning pose challenges for the law for example in regulatory or civil matters. Two areas where these challenges will have to be met by companies and in business are data protection in the regulatory field and data ownership in civil law.

Artificial Intelligence and Data Protection

Whenever technologies work with information relating to natural persons, data protection law will be applicable. Functionalities of tools may even work to include such information in the scope of such law that would previously not fall in this area: Being able to collect and connect data that is initially not referable to a specific person from different sources and its analysis could lead to the identifiability of a natural person.

Developers of technologies should therefore aim to integrate technical and organisational measures implementing data protection principles into the design of a tool (“Data protection by design”). Using tools in business operations may additionally require a risk assessment regarding the protection of personal data (“Data protection impact assessment”) and trigger an obligation to designate a data protection officer.

Lawfulness of Processing and Transparency

The General Data Protection Regulation (GDPR) requires a legal basis for any processing of personal data, and obliges the data controller to provide transparent information. If, for example, a tool assists employees of a support hotline in finding possible solutions for the callers, use of such tool must be made transparent to the person seeking support. This includes providing information on purposes and the legal basis for the processing. Depending on nature and extent of the data processing, e.g. storing and analysing the voice of the person making the call in order to enhance the tool, consent by the data subject may have to be obtained.

Automated Decision-Making

The GDPR grants an individual’s right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning this individual or similarly affects this individual. With regard to , a broad range of software agents in sectors like banking and finance, retail, healthcare, insurance and advertising may be restricted: The regulation applies where not a human but an algorithm decides on the question of whether a certain service, payment method or rate of interest is offered to the consumer, e.g. based on credit scoring, profiles on the consumer’s personal preferences or other data collected about the individual user.[…]

read more – copyright by www.lexology.com

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.