SlideShare a Scribd company logo

Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr

Sharp Cookie Advisors
Sharp Cookie Advisors

Presentation on key legal issues regarding use and developments of BOTs, AI - GDPR, Data Protection. Case study BRISbot. Presentation delivered at Epicenter 30 of May 2017 in partnership with BRIS and Microsoft.

Law
1 of 21
Download to read offline
Explain Simplify Improve. BRISbot - juridiska nyckelfrågor & lösningar Sofia Edvardsen, Managing Partner (CIPP/E) sofia.edvardsen@sharpcookie.se
CEO/Founder, (LL.M., M.Sc., CIPP/E) AIPPI, National Expert Copyright Law 2006 Degrees in Law & Business 2006 Nokia Corp., Trainee 2007 Chalmers Invest, Legal Counsel 2009 District Court Gothenburg, Junior Judge 2010 Baker McKenzie, Stockholm & London, Advokat 2014 Synch, Advokat/Head of Business Development 2015 Sharp Cookie Advisors, CEO/Founder Sofia Edvardsen • Business law firm • Focus on tech and growth in the digital market • Our clients are tech leaders • We help our clients to prioritise • Expert in IT, AI, Data Protection, transactions, SaaS • Legal Counsel as a Service Background & Profile
“‘Chatbots are the new apps.” Satya Nadella, CEO Microsoft
25 of May 2018 GDPR will replace PUL 1 law in the entire EU Free flow of data in EU Fines 4% or MEUR 20
Legal key issues
Build solutions that are continuously “approved” by an innovation task force consisting of Sales, Marketing, Finance, Legal, IT. Bots are a powerful service tool spanning over numerous building blocks. Legal key issues. Adopt ethical principles for AI development it is not only best practice, it is good business (and the best way to stay on the right side). Databases Software Development Data Science & Business Intelligence Commercial Offer Marketing Data Protection Cloud Services
1. Focus on the value add for the individual 2. Adopt an ethical approach to AI 3. Document the AI development properly 4. Evaluate the technical environment for your BOT 5. Design transparent, easy to understand terms 6. Monitor, evaluate and improve continuously Cheat sheet
- Legal basis for processing the data - Consent - Agreement - Legitimate interest - Purpose Limitation and Second Use - BRIS - Counselling services to children, adults, families - Information services to the public 1. Focus on the value add to the individual
GDPR on Fairness. Effects - How big data is used is an important factor in assessing fairness of the use of the personal data for new purpose of big data analytics. - Targeted ads can be relevant or profiled in a way that perpetuates discrimination. - The GDPR does not prevent automated decision making or profiling, but it does give individuals a qualified right not to be subject to purely automated decision making. Fairness - Some type of big data analytics, e.g. profiling, can have intrusive effects on individuals. - Organisations need to consider whether the use of personal data in big data applications is within people’s reasonable expectations. - The complexity of the methods of big data analysis, such as machine learning, can make it difficult for organisations to be transparent about the processing of personal data. Expectations - Consider whether people could reasonably expect their data to be used in the ways that big data analytics facilitates. - Deciding what is a reasonable expectation is linked to the issue of transparency and the use of privacy notices, and also to the principle of purpose limitation, ie whether any further use of the data is incompatible with the purpose for which it was obtained.
Data minimisation. Accuracy - There are implications regarding the accuracy of personal data at all stages of a big data project: collection, analysis and application. - Results of data analysis may not be representative of the population as a whole. - Hidden biases in datasets can lead to inaccurate predictions about individuals. In brief - Big data analytics can result in the collection of personal data that is excessive for the processing purpose. - Organisations may be encouraged to retain personal data for longer than necessary because big data applications are capable of analysing large volumes of data. Right to be forgotten (Art. 17) - Data subjects will have the right for their data to be erased in several situations. - Applicable where the data is no longer necessary for the purpose for which it was collected, or where it is processed on the basis of consent and the data subject withdraws that consent.
2. Adopt an ethical approach to AI • the use of algorithms • the opacity of the processing • the tendency to collect “all data” • the repurposing of data, and • the use of new types of data Some distinctive aspects of Business Intelligence and Big Data are: Provided data - consciously given Observed data - recorded automatically *Derived data - produced data, e.g. calculations, grading *Inferred data - correlations between datasets based on probabilities, e.g. profiling *High risk processing, take extra care and seek expert advice
Privacy Impact Assessments & Ethics. Ethical approaches - An ethical approach to the processing of personal data in a big data context is a very important compliance tool. - Ethics boards at organisational and national level can help to assess issues and ensure the application of ethical principles. - Ethical approaches to the use of personal data can help to build trust with individuals and enhance brand value. In brief - A privacy impact assessment is an important tool that can help to identify and mitigate privacy risks before the processing of personal data. - Under the GDPR, it is highly likely that doing a privacy impact assessment – known as a ‘data protection impact assessment’ – will be a requirement for big data analytics involving the processing of personal data. “ Industry specific risks are the use of inferred data and predictive analytics.” Private Sector - IBM has published an ethical framework for big data analytics (2014) - Vodafone publishes a set of privacy commitments (2015) - International developments. In the USA, the Alliance of Automobile Manufacturers and the Global Alliance of Automakers has produced a set of privacy principles for the consumer data derived from new vehicle technologies (2014).
- Legal basis for processing the data - Consent - Agreement - Legitimate interest - Purpose Limitation and Second Use - BRIS - Instructions to developer - Data Protection Programme 3. Document the AI development properly
Is Personal Data actually required? Use anonymised data. Be transparent. Provide meaning-
 ful privacy notices. Is this processing fair? Do a Privacy Impact Assessment. Could we design this more secure? Adopt a privacy by design approach. Is this in line with our ethical principles? Develop your principles or ethics board. Is this algorithm auditable? Document the rationale and audit it regularly. Key recommendations.
- Your own website or application? - Security - Consent or alternatives - A partner’s website, messenger platform or app? - Security - Within the EU? - Detailed instructions and requirements on data - BRIS - Simple BOT on Facebook Messenger and Kik - Advanced BOT on own website 4. Evaluate the technical environment for your BOT
- The Legal Documents - Terms and Conditions - Privacy Policy - Cookie Policy - Emerging Best Practice - Just in time notices - Layered notices - Highlights - Full Terms - FAQ - Swedish or English - A partner’s website, messenger platform or app? - Detailed instructions and requirements 5. Design transparent, easy to understand terms
Conditions for processing of personal data. Legitimate interest (Art. 6(1)(f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except if contrary to the freedom of the data subject. - The processing is not necessary if there is another way of meeting the legitimate interest that interferes less with people’s privacy. In brief - Obtaining meaningful consent is often difficult in a big data context, but novel and innovative approaches can help. - Relying on the legitimate interests condition is not a ‘soft option’. Big data organisations must always balance their own interests against those of the individuals concerned. - It may be difficult to show that big data analytics are strictly necessary for the performance of a contract. Consent (Art. 6.(1)(a) + Art. 7) - The opaque nature of analysis using AI techniques can make it difficult for meaningful consent to be provided. - New alternative of ‘just in time’ notifications, yes/no at the time of the offer through the relationship. - If an organisation buys data sets, it need to ascertain that the original consent obtain by the supplier covers the further use of the data. - May be need to provide a new privacy notice or seek further consent.
- Monitor - Evalute - Improve - BRIS - Data Protection Programme with the Board’s support - Embedded into the culture of BRIS - Data Protection Officer 6. Monitor, evaluate and improve continuously
Compliant approach No Personal Data Often, big data analytics will not require the use of data that identifies individuals. Algorithmic transparency - Auditing techniques can be used to identify the factors that influence an algorithmic decision. - Interactive visualisation systems can help individuals to understand why a recommendation was made and give them control over future recommendations. Anonymisation - discovery phase Anonymised data that do not identify an individual is no longer personal data. The anonymisation ‘keys’ and other relevant data that enable identification should not be kept by the organisation. Data masking, aggregation, pseudonymisation. Ethics Boards Can help shape and improve the transparency of the development of machine learning algorithms. The Board should develop ethical values for assuring assessment and evaluation of big data analytics. E.g. Google’s AI Ethics Board for Deep Mind (2014). “Bottom up” approach Begin with the data itself, experimenting with what is available to see the correlations it reveals. Do this with anonymous data first.
1. Focus on the value add for the individual 2. Adopt an ethical approach to AI 3. Document the AI development properly 4. Evaluate the technical environment for your BOT 5. Design transparent, easy to understand terms 6. Monitor, evaluate and improve continuously Take aways
Tack! Sofia Edvardsen, Managing Partner sofia.edvardsen@sharpcookie.se Office Hälsingegatan 49, 113 61 Stockholm + 46 8 12 44 33 50 (switchboard) info@sharpcookie.se

Recommended

The Data Value Map for GDPR - May 2018 - GDPR summit Dublin
The Data Value Map for GDPR - May 2018 - GDPR summit DublinThe Data Value Map for GDPR - May 2018 - GDPR summit Dublin
The Data Value Map for GDPR - May 2018 - GDPR summit Dublin
Ken O'Connor
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
Ray Bugg
 
An Introduction to the General Data Protection Regulation (GDPR)
An Introduction to the General Data Protection Regulation (GDPR)An Introduction to the General Data Protection Regulation (GDPR)
An Introduction to the General Data Protection Regulation (GDPR)
Bright
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
Samuel Pouyt
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
Piwik PRO
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Delphix
 

Recommended

The Data Value Map for GDPR - May 2018 - GDPR summit Dublin
The Data Value Map for GDPR - May 2018 - GDPR summit DublinThe Data Value Map for GDPR - May 2018 - GDPR summit Dublin
The Data Value Map for GDPR - May 2018 - GDPR summit Dublin
Ken O'Connor
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
Ray Bugg
 
An Introduction to the General Data Protection Regulation (GDPR)
An Introduction to the General Data Protection Regulation (GDPR)An Introduction to the General Data Protection Regulation (GDPR)
An Introduction to the General Data Protection Regulation (GDPR)
Bright
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
Samuel Pouyt
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
DATAVERSITY
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
Piwik PRO
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Delphix
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
Piwik PRO
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
Vuzion
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
DAMA Ireland
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
Franco Coin
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
Ken O'Connor
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
MarketingArrowECS_CZ
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer Experience
MongoDB
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 
Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence
Ebuka David Obi
 

More Related Content

What's hot

Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
Piwik PRO
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
Vuzion
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
DAMA Ireland
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
Eryk Budi Pratama
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
Franco Coin
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
TrustArc
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
Ken O'Connor
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
MarketingArrowECS_CZ
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer Experience
MongoDB
 

What's hot (20)

Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy Piwik PRO The Real Cost of Data Privacy
Piwik PRO The Real Cost of Data Privacy
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Guardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & AnalyticsGuardians of Trust: Building Trust in Data & Analytics
Guardians of Trust: Building Trust in Data & Analytics
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
Building Your DPIA/PIA Program: Tips & Case Studies [TrustArc Webinar Slides]
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
 
Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016Dama Ireland slides - Data Trust event 9th June 2016
Dama Ireland slides - Data Trust event 9th June 2016
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer Experience
 

Similar to Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 
Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence
Ebuka David Obi
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Consumer Law Seminar ABTA
Consumer Law Seminar ABTAConsumer Law Seminar ABTA
Consumer Law Seminar ABTA
RedEye
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
Bharath Rao
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadline
accenture
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
Ravindra Babu
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
Capgemini
 
Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry
Capgemini
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
UlfMattsson7
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurers
dipak sahoo
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
Shradha Verma
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
EQS Group
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
IRIS
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
Marc Vael
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Ivan Tsarynny
 

Similar to Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr (20)

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence Imperative of advanced analytics and ai in leadership excellence
Imperative of advanced analytics and ai in leadership excellence
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Consumer Law Seminar ABTA
Consumer Law Seminar ABTAConsumer Law Seminar ABTA
Consumer Law Seminar ABTA
 
Big data - The next best thing
Big data - The next best thingBig data - The next best thing
Big data - The next best thing
 
Looking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance DeadlineLooking Beyond GDPR Compliance Deadline
Looking Beyond GDPR Compliance Deadline
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry Big Data Analytics in light of Financial Industry
Big Data Analytics in light of Financial Industry
 
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty ComputationISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
ISC2 Privacy-Preserving Analytics and Secure Multiparty Computation
 
Big data analytics for life insurers
Big data analytics for life insurersBig data analytics for life insurers
Big data analytics for life insurers
 
Big_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_publishedBig_data_analytics_for_life_insurers_published
Big_data_analytics_for_life_insurers_published
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Whos role is it anyway
Whos role is it anywayWhos role is it anyway
Whos role is it anyway
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
 

Recently uploaded

Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
lawyersonia
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
SKshi
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptxReceivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
sunitasaha5
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
RichardTheberge
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
bhavenpr
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
gjsma0ep
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
HarpreetSaini48
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
veteranlegal
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
Justin Ordoyo
 
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and ToolsThe Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
Milind Agarwal
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
MasoudZamani13
 

Recently uploaded (20)

Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
 
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
Presentation (1).pptx Human rights of LGBTQ people in India, constitutional a...
 
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
Receivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptxReceivership and liquidation Accounts Prof. Oyedokun.pptx
Receivership and liquidation Accounts Prof. Oyedokun.pptx
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
 
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdfV.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
V.-SENTHIL-BALAJI-SLP-C-8939-8940-2023-SC-Judgment-07-August-2023.pdf
 
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
一比一原版(Lincoln毕业证)新西兰林肯大学毕业证如何办理
 
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersDefending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence Lawyers
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
 
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and ToolsThe Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Genocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptxGenocide in International Criminal Law.pptx
Genocide in International Criminal Law.pptx
 

Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr

  • 1. Explain Simplify Improve. BRISbot - juridiska nyckelfrågor & lösningar Sofia Edvardsen, Managing Partner (CIPP/E) sofia.edvardsen@sharpcookie.se
  • 2. CEO/Founder, (LL.M., M.Sc., CIPP/E) AIPPI, National Expert Copyright Law 2006 Degrees in Law & Business 2006 Nokia Corp., Trainee 2007 Chalmers Invest, Legal Counsel 2009 District Court Gothenburg, Junior Judge 2010 Baker McKenzie, Stockholm & London, Advokat 2014 Synch, Advokat/Head of Business Development 2015 Sharp Cookie Advisors, CEO/Founder Sofia Edvardsen • Business law firm • Focus on tech and growth in the digital market • Our clients are tech leaders • We help our clients to prioritise • Expert in IT, AI, Data Protection, transactions, SaaS • Legal Counsel as a Service Background & Profile
  • 4. 25 of May 2018 GDPR will replace PUL 1 law in the entire EU Free flow of data in EU Fines 4% or MEUR 20
  • 6. Build solutions that are continuously “approved” by an innovation task force consisting of Sales, Marketing, Finance, Legal, IT. Bots are a powerful service tool spanning over numerous building blocks. Legal key issues. Adopt ethical principles for AI development it is not only best practice, it is good business (and the best way to stay on the right side). Databases Software Development Data Science & Business Intelligence Commercial Offer Marketing Data Protection Cloud Services
  • 7. 1. Focus on the value add for the individual 2. Adopt an ethical approach to AI 3. Document the AI development properly 4. Evaluate the technical environment for your BOT 5. Design transparent, easy to understand terms 6. Monitor, evaluate and improve continuously Cheat sheet
  • 8. - Legal basis for processing the data - Consent - Agreement - Legitimate interest - Purpose Limitation and Second Use - BRIS - Counselling services to children, adults, families - Information services to the public 1. Focus on the value add to the individual
  • 9. GDPR on Fairness. Effects - How big data is used is an important factor in assessing fairness of the use of the personal data for new purpose of big data analytics. - Targeted ads can be relevant or profiled in a way that perpetuates discrimination. - The GDPR does not prevent automated decision making or profiling, but it does give individuals a qualified right not to be subject to purely automated decision making. Fairness - Some type of big data analytics, e.g. profiling, can have intrusive effects on individuals. - Organisations need to consider whether the use of personal data in big data applications is within people’s reasonable expectations. - The complexity of the methods of big data analysis, such as machine learning, can make it difficult for organisations to be transparent about the processing of personal data. Expectations - Consider whether people could reasonably expect their data to be used in the ways that big data analytics facilitates. - Deciding what is a reasonable expectation is linked to the issue of transparency and the use of privacy notices, and also to the principle of purpose limitation, ie whether any further use of the data is incompatible with the purpose for which it was obtained.
  • 10. Data minimisation. Accuracy - There are implications regarding the accuracy of personal data at all stages of a big data project: collection, analysis and application. - Results of data analysis may not be representative of the population as a whole. - Hidden biases in datasets can lead to inaccurate predictions about individuals. In brief - Big data analytics can result in the collection of personal data that is excessive for the processing purpose. - Organisations may be encouraged to retain personal data for longer than necessary because big data applications are capable of analysing large volumes of data. Right to be forgotten (Art. 17) - Data subjects will have the right for their data to be erased in several situations. - Applicable where the data is no longer necessary for the purpose for which it was collected, or where it is processed on the basis of consent and the data subject withdraws that consent.
  • 11. 2. Adopt an ethical approach to AI • the use of algorithms • the opacity of the processing • the tendency to collect “all data” • the repurposing of data, and • the use of new types of data Some distinctive aspects of Business Intelligence and Big Data are: Provided data - consciously given Observed data - recorded automatically *Derived data - produced data, e.g. calculations, grading *Inferred data - correlations between datasets based on probabilities, e.g. profiling *High risk processing, take extra care and seek expert advice
  • 12. Privacy Impact Assessments & Ethics. Ethical approaches - An ethical approach to the processing of personal data in a big data context is a very important compliance tool. - Ethics boards at organisational and national level can help to assess issues and ensure the application of ethical principles. - Ethical approaches to the use of personal data can help to build trust with individuals and enhance brand value. In brief - A privacy impact assessment is an important tool that can help to identify and mitigate privacy risks before the processing of personal data. - Under the GDPR, it is highly likely that doing a privacy impact assessment – known as a ‘data protection impact assessment’ – will be a requirement for big data analytics involving the processing of personal data. “ Industry specific risks are the use of inferred data and predictive analytics.” Private Sector - IBM has published an ethical framework for big data analytics (2014) - Vodafone publishes a set of privacy commitments (2015) - International developments. In the USA, the Alliance of Automobile Manufacturers and the Global Alliance of Automakers has produced a set of privacy principles for the consumer data derived from new vehicle technologies (2014).
  • 13. - Legal basis for processing the data - Consent - Agreement - Legitimate interest - Purpose Limitation and Second Use - BRIS - Instructions to developer - Data Protection Programme 3. Document the AI development properly
  • 14. Is Personal Data actually required? Use anonymised data. Be transparent. Provide meaning-
 ful privacy notices. Is this processing fair? Do a Privacy Impact Assessment. Could we design this more secure? Adopt a privacy by design approach. Is this in line with our ethical principles? Develop your principles or ethics board. Is this algorithm auditable? Document the rationale and audit it regularly. Key recommendations.
  • 15. - Your own website or application? - Security - Consent or alternatives - A partner’s website, messenger platform or app? - Security - Within the EU? - Detailed instructions and requirements on data - BRIS - Simple BOT on Facebook Messenger and Kik - Advanced BOT on own website 4. Evaluate the technical environment for your BOT
  • 16. - The Legal Documents - Terms and Conditions - Privacy Policy - Cookie Policy - Emerging Best Practice - Just in time notices - Layered notices - Highlights - Full Terms - FAQ - Swedish or English - A partner’s website, messenger platform or app? - Detailed instructions and requirements 5. Design transparent, easy to understand terms
  • 17. Conditions for processing of personal data. Legitimate interest (Art. 6(1)(f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except if contrary to the freedom of the data subject. - The processing is not necessary if there is another way of meeting the legitimate interest that interferes less with people’s privacy. In brief - Obtaining meaningful consent is often difficult in a big data context, but novel and innovative approaches can help. - Relying on the legitimate interests condition is not a ‘soft option’. Big data organisations must always balance their own interests against those of the individuals concerned. - It may be difficult to show that big data analytics are strictly necessary for the performance of a contract. Consent (Art. 6.(1)(a) + Art. 7) - The opaque nature of analysis using AI techniques can make it difficult for meaningful consent to be provided. - New alternative of ‘just in time’ notifications, yes/no at the time of the offer through the relationship. - If an organisation buys data sets, it need to ascertain that the original consent obtain by the supplier covers the further use of the data. - May be need to provide a new privacy notice or seek further consent.
  • 18. - Monitor - Evalute - Improve - BRIS - Data Protection Programme with the Board’s support - Embedded into the culture of BRIS - Data Protection Officer 6. Monitor, evaluate and improve continuously
  • 19. Compliant approach No Personal Data Often, big data analytics will not require the use of data that identifies individuals. Algorithmic transparency - Auditing techniques can be used to identify the factors that influence an algorithmic decision. - Interactive visualisation systems can help individuals to understand why a recommendation was made and give them control over future recommendations. Anonymisation - discovery phase Anonymised data that do not identify an individual is no longer personal data. The anonymisation ‘keys’ and other relevant data that enable identification should not be kept by the organisation. Data masking, aggregation, pseudonymisation. Ethics Boards Can help shape and improve the transparency of the development of machine learning algorithms. The Board should develop ethical values for assuring assessment and evaluation of big data analytics. E.g. Google’s AI Ethics Board for Deep Mind (2014). “Bottom up” approach Begin with the data itself, experimenting with what is available to see the correlations it reveals. Do this with anonymous data first.
  • 20. 1. Focus on the value add for the individual 2. Adopt an ethical approach to AI 3. Document the AI development properly 4. Evaluate the technical environment for your BOT 5. Design transparent, easy to understand terms 6. Monitor, evaluate and improve continuously Take aways
  • 21. Tack! Sofia Edvardsen, Managing Partner sofia.edvardsen@sharpcookie.se Office Hälsingegatan 49, 113 61 Stockholm + 46 8 12 44 33 50 (switchboard) info@sharpcookie.se