The reliability of current AI systems is also highly dependent on the quality of the input data. And this often includes data about us humans, or data directly created by humans. From the perspective of the trustworthiness of AI systems, it is therefore important that we also think about the impact on our privacy when developing, deploying and using them. The third requirement for trustworthy AI therefore deals specifically with issues relating to privacy and data protection, data quality and integrity, and data access management.
When developing and using AI, we must bear in mind that the data we collect and use can often contain sensitive information about users. This may be information that the user has provided directly, but it may also be information that has been generated during the user’s interaction with the system. Consider a situation where the system offers various recommendations to the user during the interaction and stores not only this information, but also how the user responded to the recommendations. From such data and interactions, other sensitive attributes such as age, gender, but also, for example, sexual orientation or political views can be identified or inferred. It is therefore crucial from the perspective of the trustworthiness of AI systems that we can trust the process of collecting and storing our data and ensure that it is not misused against us. Privacy must therefore be ensured from the moment a user provides information to the system, and throughout the system’s lifecycle.
When looking at the performance and accuracy of artificial intelligence systems, it is essential that we pay particular attention to the quality of the data used by the system. The collection and use of data always carries with it the risk of social biases, various distortions and errors. These can affect the reliability and credibility of the outputs generated. It is therefore essential that these issues are addressed before the actual training of the system. The processes used to process the data as well as the datasets themselves should therefore be systematically tested and documented at each stage of development, from planning through training to testing and deployment, to ensure that they are sufficiently reliable.
Among other things, organisations should implement processes and procedures that clearly define the rules regarding access to personal data beyond the scope of applicable legislation such as the General Data Protection Regulation (GDPR). These procedures should transparently state who is authorised to access data and under what circumstances, plus provide adequate tools to verify or investigate how the data is being handled. Access to data should be restricted to employees who not only have the necessary skills, but also the authority and legitimate reason to access individuals’ personal data. Similarly, users should be able to monitor how their data is being handled in a simple and transparent way and where they can direct their doubts about the appropriateness of such processing of their data.This not only ensures privacy protection, but also prevents the potential misuse of information, thereby increasing overall confidence in artificial intelligence and its ability to process our data efficiently and ethically.