International Cooperation for Research on Privacy and Data Protection - Australia's Approach
1. Australia’s National Science Agency
International
Cooperation for
Research on
Privacy and Data
Protection
Australia’s Approach
Liming Zhu
Research Director, CSIRO’s Data61
Chair, Blockchain & Distributed Ledger
Technology, Standards Australia
ISO/IEC JTC 1/SC 42/WG 3 - Artificial intelligence –
Trustworthiness
2. CSIRO’s Data61: Australia’s Largest Data & Digital
Innovation R&D Organisation
1000+
talented people
(including
affiliates/students)
Home of
Australia’s
National AI
Centre
Data61
Generated
18+ Spin-outs
130+ Patent
groups
200+
Gov &
Corporate
partners
Facilities
Mixed-Reality Lab
Robotics Inno. Centre
AI4Cyber HPC Enclave
300+
PhD students
30+
University collaborators
Responsible
Tech/AI
Privacy & RegTech
Engineering & Design of
AI Systems
Resilient &
Recovery Tech
Cybersecurity
Digital Twin
Spark (bushfire) toolkit
2 |
3. § More sources & types from public & partners
§ Inter-governmental/cross-border data flow
§ Access and use of sensitive data from another
organisation/country
§ Data analytics over encrypted data -
”sharing/use without access”
§ Foundation models and LLMs
§ Privacy and data security concerns
Trend: Value Arises from Data Sharing & Joint Analytics
Data sharing, Large-Language Models, Foundation Models
3 |
Sensitive Data
4. Trend: Regulation/Ethic Overlay
Data Economy: Balancing Innovation & Regulation Burden
Legislations and Standards
• Global: GDPR, EU AI Act, NIST AI RMF, ISO AI Standards
• Australia
• AU Privacy Act Review
• Security of Critical Infrastructure Act (SOCI) Amendments
• Consumer Data Right (CDR): Open Banking, Energy, Telcom
International Dynamics
• Data, Software and AI Supply Chains
• Data used in AI, Trustworthy data and AI
• Responsible AI – Trust Data/AI-powered Service
- Tradeoffs between Fairness/Transparency vs. Privacy/Security
- Right to be forgotten
4 |
5. • Human, societal and environmental wellbeing
• Human-centred values
• Fairness
• Privacy protection and security
• AU Privacy Act
• Data Breach Notification
• SOCI Amendments
• Reliability and safety
• Transparency and explainability
• Contestability
• Accountability
Australian AI Ethics Principles
Privacy and Data Protection is part of it
5 |
6. • Risk silos competing for resources
• Board risk committees: financial, legal, reputation
– + HSE + privacy + security + ethics + AI + ….
• Different stakeholder interests & complex landscape of risk
assessment
• Limited connections between risks assessed separately
• Risk mgt perceived as a barrier – a separate thing dreaded doing
• Preventing research collaboration
Industry Challenge: Competing risk silos
6 |
7. • Connecting risks with concrete trade-offs/mitigations
– Privacy + Data Protection + AI Risks + other risks
• Closing the Gaps between privacy/protection principles & algorithms
– Algorithm-level approaches (like DP) are good starts
– System-level views and engineering practices are next
• Forming an international research alliance
– National-level research connections
– Coordinate on (de-facto) standards contribution
– Regulation-aware and harmonisation
– Data-sharing across borders with advanced tech
Solution Principles
7 |
9. • Connect multiple technical risks when possible
• Vis responsible AI risks assessment (including privacy and data security)
• Focus on mitigations that help address multiple risks first
Connecting Risks via Integrated AI/Privacy/Data Risk Assessment
9 | https://research.csiro.au/ai4m/operationalising-responsible-ai/
https://research.csiro.au/isp/research/privacy/r4/
10. Closing the Gap via Engineering Practices
10 | https://research.csiro.au/ss/science/projects/responsible-ai-pattern-catalogue/
11. International Research Alliance in Responsible AI
• National Level Research Collaboration
• Germany/Fraunhofer, France/Confiance.AI, Canada/CIRFA, US NSF/NIST..
• System-level assessment and measurement focused
• Standards Contribution
• Cross-border data sharing for security and privacy research
• With secure enclave and privacy-preserving technologies
• With domains: Agrifood export, Hydrogen supply chain, ESG…
11 |
https://www.csiro.au/en/about/challenges-
missions/trusted-agrifood-exports
https://research.csiro.au/ss/science/projects/h
ydrogen-esg-certification/
12. • Connecting risks with concrete trade-offs/mitigations
– Privacy + Data Protection + AI Risks + Other risks
– Foundation model and LLM risks?
• Closing the gaps between privacy/protection principles & algorithms
– System-level views and engineering practices?
• Forming an international research alliance
– National-level research connections
– Coordinate on (de-facto) standards contribution?
– Regulation-aware and harmonisation?
– Data-sharing across borders with advanced tech?
Ways forward – How?
12 |