Requesting feedback: using AI to manage privacy

The purpose of the Smart Trust Governance project is to generate new knowledge and research expertise related to the big challenges of privacy associated with the accelerated digitalization in the society. Well known breaches of privacy such as Cambridge Analytica and many more has led to increased skepticism towards digital solutions and the excessive data harvesting/sharing they frequently involve. To be able to realize the big potential in digitalization, the society must avoid a serious digital backlash.

Having briefly addressed the question about “why” above, this section addresses the “how”. We should not only “use the wip” (fines), but also make an extra effort to enable businesses and public sector agencies (municipalities etc.) to protect the privacy of their customers, patients and citizens – hence reducing to a minimum privacy breaches and thereby increasing the level of trust.

  1. AI: the goal is to lower the expertise and resources needed to comply with privacy regulations, and the research will therefore focus on the feasibility of using artificial intelligence to manage the processing- and protection of personal data within- and between organizations.

  2. Privacy: the “wicked problem” addressed by AI in this project is compliant processing- and protection of personal data. The priority in the project is on the feasibility of using AI to address this challenge (see priority 1 above) – and not the actual tools/products that can be put in place to protect the data. The outcome of this project (a series of validated hypothesis) may, however, lead to one or more “proof of concepts”.

The project involves both a well-known research institution, public- and private sector – promoting collaboration between research groups and stakeholders from outside the research sector (who need help in addressing this wicked problem). This project setup is also well positioned for the nationwide/global dissemination of project results upon completion of the project.

Excellence

The project has great potential (the overall project objective is to addresses a wicked global problem), and to test the many hypothesis we have lined up - we have assembled leading edge competence from many areas:

  • Subject-matter experts:

    • Artificial Intelligence

    • Privacy laws

    • The processors of personal data: the health industry, municipalities, many SMEs (i.e. a small plumbing company).

    • Vendors: available solutions for privacy issues (both privately held and a government agency)

    • Research methodologies

    • Project management expertise

  • Communications experts – for the nationwide/global dissemination of project results upon completion of the project.

Deliverables

The scenarios being assisted by AI/ML, and investigated in this project, include the following 4 work packages:

1. Get an overview of the personal data being processed (in the company/municipality/hospital - and between separate entities in the different value chains)

  • Input: data from databases and logs (incoming- and outgoing data)

  • Output: compare reports without AI and including the use of AI

  • Criteria:

  1. More correctly marking of data as personal data?

  2. Easier to understand reports (for the company/organization)

2. Get an overview of- and track the different grounds for processing the personal data (legal rights for example by the police, or consent from the data subject), and planning for renewing consents or removing the personal data

  • Input: data from public- and internal databases

  • Output: compare reports without AI and including the use of AI

  • Criteria:

  1. More correctly presenting the grounds for processing personal data?

  2. Easier to understand reports (for the company/organization)?

3. Support the necessary modifications following the withdrawal of a consent to process personal data (‘right to be forgotten’) or a change in the legal rights of the organization processing the personal data (the data may have been used as input to an algorithm that determines which product offerings should be sent to which type of users.

  • Input: routine documentation and data from logs and internal databases

  • Output: compare the audit logs (tracing the change activities) with- and without the assistance from AI

  • Criteria:

  1. More correctly handling the changes as a result of a consent withdrawal (or changed legal rights)?

  2. Easier to understand reports for the change activity (for the company/organization)?

4. Easy to understand privacy reports/dashboards for the customers: the organizations use of personal data and the consents and legal rights in effect (both at the point of query and historically). The national or global view: "Can all my consents be gathered in one place - both from the public- and private sectors?"

  • Input: data from public- and internal databases

  • Output: compare reports without AI and including the use of AI

  • Criteria:

  1. More correctly presenting an overview of the processing of personal data?

  2. Easier to understand reports (for the customers/users)

Preparatory work package: In parallel with the research activities mentioned above, there will be a series of digital and physical meetings to get everyone in the project group up to a minimum competence level - and get valuable feedback on the most relevant scenarios/hypothesis to focus on in the research stream. This work package also includes preparing the systems needed for the research activities (the 4 work packages listed above).

Completion work package: When there are valuable results to communicate to the market, the project will utilize the extensive networks of the project group - both for newsletters and seminars. The research papers and guidelines for others who have not participated in the project will, at the end of the project, be distributed free of charge through the same channels (mentioned above).

Novelty and ambition

Rather than focusing on how to stay compliant with privacy regulations when putting big data and AI to work (as most research and development efforts do) - this project focuses on how AI can be used to improve the management of privacy – across all the value chains (in- and between privately held businesses, NGOs and public sector agencies and institutions).

This project has the ambition to pave the road for significant advances in improved privacy using AI - and hence increase the general population ́s trust in new digitalization initiatives.

Impact

Given that the assumption is correct, and no relevant research has been done in this area/field, the results from this research can have significant impact on the future scientific challenges of AI and privacy. Not only can the privacy be better protected (with less resources), but the research may also be relevant for other related uses of AI (for example to look for money laundering attempts – by using pattern recognition etc.).

If the research shows that there is great promise in the use of AI to support the management of privacy, the results will help us solve the wicked problem of increased digital transformation while protecting our privacy. With the assistance of AI we can avoid a “digital backlash» – without having to educate everyone to privacy specialists. A “digital backlash” would otherwise be a big problem for both the IT industry and to the public sector who needs to bring new smart systems to the market.

Start-ups who get access to this research material and get used to working with these types of privacy enforcement/management – will have an important competitive advantage when taking their solutions to new markets globally. By helping restore trust in the responsible use of our personal data (by businesses and the public sector), this project will also promote future value creation in the IT industry, the public sector and the civil society as a whole.

There has been a very clear message from UN that digitalization is a critical success factor for reaching the 17 SDGs (ensuring a match between the produce the hungry people need and what the farmers take to the market etc.). Without the trust in these new digital value chains, they will not be successful and hence, we will not reach the important 17 SDGs. The results from this project may therefore be important in moving us in the desired direction – by restoring trust and therefore enabling the implementation of these critical new digital services.

Measures for communication and exploitation

The target audiences and stakeholders (for the project outputs) include the following:

  • Small- and medium size businesses

  • Local government (municipalities and associations of municipalities)

  • Health care providers/centers who process personal data (a hospital is amongst the project members)

  • Federal agencies

  • National health organizations

  • Universities and other education providers

  • Charitable foundations who process personal data

  • The IT industry: software, EdTech and services (both start-ups and established vendors)

The partners behind this application have a broad reach in all of these target audiences.

  • During the project period - the project plans to regularly publish:

  • Progress reports for funders (summarizing findings).

  • Newsletters with preliminary results from the feasibility studies (to anyone who subscribes to them).

  • Upon completion of the project - the project plans the dissemination of project results using the following "vehicles":

  • Publishing a "Smart Trust Governance Project Report" - including research results and guidelines

  • Creating and distributing program materials, such as flyers, guides, pamphlets etc.

  • Creating toolkits of training materials and curricula for other communities (incl. e-learning).

  • To ensure broad dissemination of the project results (outside the project), the project will execute on a communications plan including the following activities:

  • Issuing a press release

  • Publishing highlights of project findings in national journals / publications

  • Presenting at national conferences and meetings of professional associations (health, software, municipalities etc.)

  • Discussing project activities on nationwide radio and TV

  • Sharing information through social media, newsletters and on the participating organizations' websites

  • Publishing information in the local newspapers (in the regions where the participating organizations/business are located)

  • Presenting program results to the local community groups and other local stakeholders (see above)

As described above, many of the stakeholders will be involved in the dissemination and utilization of the project results (utilizing their big networks and broad reach – including the social media channels and speaking opportunities at their sector-specific seminars/conferences).

Summary

The excellent book “Blitzscaling”, by Reid Hoffman and Chris Yeh, shares the secret to starting and scaling massively valuable companies. In it they say that many founders´ way of finding a product / market fit is to launch a company and see if it flies. Their recommendation is to first do proper research through the network. 

  • Do you have expertise that you believe can strengthen our already strong project team?

  • Have you heard of any similar research projects (using AI to improve the management of privacy) – that we could learn from or build upon?

  • Do you know of any source of additional funding (i.e. EU) that will enable us to not only perform all the research work we hope for, but also will put us in a position for sharing the results globally?   

Thank you for your interest in our project. We´d love to hear your thoughts (please send us an e-mail)

FOR SPØRSMÅL OM AKTIVITETER OG MØTER: 
EPOST:  aktivitet@norstella.no

FOR SPØRSMÅL OM MEDLEMSKAP, FORTOLLING OG NODI-NUMMER:

EPOST:  norstella@norstella.no

POSTADRESSE:

NorStella

Postboks 70

1371 Asker

Org.nr. 977 143 330

  • White Facebook Icon
  • White LinkedIn Icon
  • Hvit Twitter Ikon

© 2021 by NorStella