140 likes | 333 Views
March 14 , 2019. Digital Governance … … and Algorithms. Law and Ethics for Disruptive Technologies Alan Charles Raul . Key Themes. Shifting zeitgeist .
E N D
March 14, 2019 Digital Governance … … and Algorithms Law and Ethics for Disruptive Technologies Alan Charles Raul
Key Themes • Shifting zeitgeist. • High-profile data breaches, recent controversies concerning personal data (e.g., Cambridge Analytica), and foreign privacy laws have irrevocably changed debate about information regulation; sea change from decades-old “hands-off” approach • Digital issues at intersection of humans and machines will be even harder. • Next generation of digital technologies – artificial intelligence, autonomous decision-making, IoT, Big Data – will involve privacy and cybersecurity but will be more complex • Digital governance is necessary. • Tech challenges and opportunities will necessitate digital governance to guide oversight of technologies and business practices that implicate sensitive data and decision-making • Specific elements of digital governance include: • Structuring and resourcing companies to understand and address digital challenges • Ensuring leadership knows what the their companies are doing or could be doing with sensitive data and disruptive technologies • Supporting an organizational culture that identifies and values fair digital practices • Understanding the promises and risks of a highly dynamic and unpredictable zeitgeist • Governance and, or Governance Versus, Innovation and Competitiveness? SIDLEY AUSTIN LLP
“I want control over my personal information” • Key issue: Consumers control use and monetization of personal data • Governed by data privacy and consumer protection laws (FTC, GDPR, CCPA, GLBA, HIPAA, Constitution, etc.), increasing litigation, and public opinion As digital technologies increasingly occupy more of our lives, information regulation expands commensurately. Privacy • “I’ll give you my data, but you have to protect it.” • Key issue: Consumers, businesses and governments need to protect their information and ensure data availability and integrity and business continuity • Governed by critical infrastructure regulation, litigation, and notification Cyber-Security • “I want to know why this happened to me and ensure that humans are in control” • Key issues: Human control, transparency, bias, values, risks … TBD • Governed by … TBD Disruptive Technologies SIDLEY AUSTIN LLP
“Crisis of New Technologies” – Constant Controversies Raise Concerns and Shift Views on Data Practices SIDLEY AUSTIN LLP
“Crisis of New Technologies” – Tim Cook (2018) • Platforms and algorithms can magnify worst human tendencies • Beware the data industrial complex • Our own informationis being weaponized against us • Countless decisions are made on the basis of our likes and dislikes • This process creates an enduring digital profile pounding preferences into hardened convictions SIDLEY AUSTIN LLP
What is Digital Governance? • Oversight of technologies that use personal or sensitive information, make autonomous decisions or exercise human responsibilities • Disruptive technologies include Artificial Intelligence (AI), connected devices (IoT, cars, ubiquitous sensors, etc.), machine learning, etc. • Digital Governance guides companies on organizational structures, internal processes and policies, ethics, and morality to advance: • Legal compliance • Fiduciary standards and preservation of assets • Shareholder value • Reputation, company values, stakeholder expectations • Innovation, economic productivity, competitiveness • Transparency, intelligibility, explainability • Fairness and human dignity SIDLEY AUSTIN LLP
Digital Governance Risk Factors – Microsoft 2018 10-K • The development of the internet of things presents security, privacy, and execution risks. ... IoT solutions may collect large amounts of data, and our handling of IoT data may not satisfy customers or regulatory requirement... • Issues in the use of artificial intelligence in our offerings may result in reputational harm or liability. … As with many disruptive innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. AI algorithms may be flawed. Datasets may be insufficient or contain biased information. Inappropriate or controversial data practices by Microsoft or others could impair the acceptance of AI solutions. These deficiencies could undermine the decisions, predictions, or analysis AI applications produce, subjecting us to competitive harm, legal liability, and brand or reputational harm. • Some AI scenarios present ethical issues. If we enable or offer AI solutions that are controversial because of their impact on human rights, privacy, employment, or other social issues, we may experience brand or reputational harm. … We may experience backlash from customers, government entities, advocacy groups, employees, and other stakeholders that disagree with our product offering decisions or public policy positions. Damage to our reputation or our brands may occur from… Public scrutiny of our decisions regarding user privacy, data practices, or content. ... [and] Data security breaches… SIDLEY AUSTIN LLP
What Else Are Companies Doing? • Microsoft: Technology and Corporate Responsibility Team reports to President/Chief Legal Officer • Guidance to Board and management on ethical business practices, privacy and cybersecurity; internal ethics board to navigate AI technology (guardrails) • BNY Mellon: Technology Committee of the Board • Review and approve technology planning, strategy and investment • Monitor existing and future technology trends • Note: technology risk oversight remains with Risk Committee (with reports to Audit Committee) • AIG: Technology Committee of the Board • Review information technology planning, strategy and investment • Review cybersecurity risk management and assessment • Walmart: Technology and eCommerce Committee of the Board • Oversight and guidance on technology, including emerging tech issues and trends • Effectiveness of developing new business opportunities • Bank of America: Identifies information security and privacy as “key governance topic” SIDLEY AUSTIN LLP
1. Create Focused Organizational Structure and Practices • Put someone in charge – a Chief Digital Officer? • Consider forming a Digital Governance or Technology Committee • Engage privacy and cybersecurity programs • Establish a digital compliance and ethics program, and assign and empower qualified personnel • Allocate appropriate resources • Require reporting, accountability and escalation • Provide appropriate training on key issues of digital fairness SIDLEY AUSTIN LLP
2. Understand What Company Is Doing and Could Be Doing by Mapping Data and Digital Technology Uses • What sorts of data and digital technologies are significant to the company’s productivity, profitability and competitiveness? • Has management taken stock of its digital assets and options? • What are peer companies doing? • Who is thinking ahead of the curve? • How can we best monetize data and digital technologies like AI? • Are we investing the right amount? • What metrics or outcomes demonstrate progress or stagnation? • What are the relevant risks – including privacy and security? • Are Legal, Compliance, Communications and CSR functions fully engaged? • Who at the company understands what the algorithms are doing? • Full understanding of what the company is doing is required for intelligent decision-making about what it should be doing SIDLEY AUSTIN LLP
3. Promote an Organizational Culture that Values Fair Digital Practices • Identify and comply with relevant legal obligations • Understand stakeholder expectations and sensitivities • Include ethical considerations in development and deployment of digital technologies: • Assess impacts and risks with respect to fair digital practices • Establish fair digital practices review boards • Evaluate and audit outcomes, including by establishing expectations for reporting to senior leadership and the Board SIDLEY AUSTIN LLP
Keep in Mind These Ethical Considerations • Preserving human autonomy and free choice • Providing transparency, intelligibility, explainability to assure human agency • Assuring auditability, accountability, redressability of automated decisions • Anticipating allocation of responsibility and liability • Protecting vulnerable populations (e.g., children) • Assuring relevant and quality data and algorithms • Avoiding biased outcomes or entrenching biases • Avoiding discriminatory exclusion • Avoiding digital determinism (by limiting choice or prejudging preferred or efficient outcomes, and diminishing role of serendipity in life) • Confronting painful realities (e.g., Tinder’s “hotness” algorithm) • Addressing embedded value judgments (e.g., the “trolley” dilemma regarding whom to allow being killed) • Promoting human (not machine) welfare SIDLEY AUSTIN LLP
Alan Charles Raul Partner Privacy and Cybersecurity Practice Washington, D.C. +1 202 736 8477 araul@sidley.com ALAN RAUL is the founder and leader of Sidley’s highly ranked Privacy and Cybersecurity practice. He represents companies on federal, state and international privacy and cybersecurity issues, including digital governance, global data protection and compliance programs, data breaches, consumer protection issues and Internet law. Alan advises companies regarding their cybersecurity preparedness and helps them address crisis management for data security incidents. His practice involves litigation and counseling regarding consumer class actions and investigations, enforcement actions and policy development by the FTC, State Attorneys General, SEC, Department of Justice, international Data Protection Authorities, and other government agencies. Alan provides clients with perspective gained from extensive government service. He previously served as Vice Chairman of the White House Privacy and Civil Liberties Oversight Board, General Counsel of the Office of Management and Budget, General Counsel of the U.S. Department of Agriculture, and Associate Counsel to the President. In addition to leading a “Privacy and Data Security” practice nationally rated by Chambers Global and Chambers USA, Alan is ranked by Chambers in its top tier of Privacy and Data Security practitioners. Chambers USA has described him as a “true ‘ambassador’ for the privacy sector” who “attracts praise for his deep knowledge of the field. Interviewees stress that ‘he gives invaluable advice’ and is known to be a strong litigator. He also earns plaudits for his regulatory compliance and data protection policy expertise.” Alan was also named to Ethisphere Institute’s “Attorneys Who Matter” in Data Privacy/Security, which recognizes lawyers with the highest commitment to public service, legal community engagement and academic involvement. Alan is a frequent author and speaker on privacy and related issues. He is the editor and contributing author of The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd. 5th ed. Oct. 2018), co-author of Administrative Law of the European Union: Oversight (ABA 2008), and author of Privacy and the Digital State: Balancing Public Information and Personal Privacy (Kluwer Academic Publishers 2001). Alan received his J.D. from Yale Law School, A.B. from Harvard College, and M.P.A. from the Harvard Kennedy School of Government. Full biography: https://www.sidley.com/en/people/r/raul-alan-charles SIDLEY AUSTIN LLP
Beijing Boston Brussels Century City Chicago Dallas Geneva Hong Kong Houston London Los Angeles Munich New York Palo Alto San Francisco Shanghai Singapore Sydney Tokyo Washington, D.C. sidley.com