Author: Tim Wright
Tim Wright, Partner, Fladgate LLP (firstname.lastname@example.org)
In January 2019, Singapore’s privacy regulator, the Personal Data Protection Commission (PDPC), published a Proposed Model Artificial Intelligence (AI) Governance Framework for public consultation.
The PDPC recognises the many benefits of AI, but also calls out the emergence of concerns such as AI’s impact on personal privacy and algorithmic bias. The Model Framework aims to articulate a set of common and consistent definitions and principles – for use by Singapore’s regulators and policy-makers – relating to the responsible use of AI and is intended to help shape Singapore’s growing AI ecosystem. It was developed with input from a number of interested parties, including technology companies such as IBM, Microsoft, Salesforce and Facebook, and financial services firms such as AIG and Standard Chartered, as well as the Info-communications Media Development Authority (IMDA) and the Advisory Council on the Ethical Use of AI and Data.
The PDPC describes the Model Framework as a ‘general, ready-to-use tool to enable organisations that are deploying AI solutions at scale to do so in a responsible manner’, providing guidance on key issues to be considered and measures that can be implemented to address identified risks. It is not intended for organisations deploying commercial off-the-shelf software that happens to incorporate AI in its feature set.
The Model Framework, which is algorithm-, technology-, and sector-agnostic, is underpinned by two guiding principles: the decision-making process should be explainable, transparent and fair; and AI solutions should be human-centric.
Whilst adopting Model Framework is voluntary and is no substitute for compliance with applicable laws and regulations, its adoption will assist businesses operating in Singapore to demonstrate implementation of accountability-based practices in data management and protection, e.g. in line with the Personal Data Protection Act (2012) and the OECD Privacy Principles. With this in mind, a helpful healthcare-healthcare-related use case (UCARE.AI) has been included at Annex C.
The Model Framework covers four main areas:
An oft-voiced concern about some AI tools and products is the lack of explainability of AI-based decisions (aka black box). The Model Framework provides that where explainability cannot be practicably achieved, organisations should consider documenting the repeatability of results produced by the AI model. Documentation of repeatability is not an equivalent alternative to explainability but instead refers to the ability to consistently perform an action or make a decision, given the same scenario, with consistency in performance offering AI users a certain degree of confidence. Helpful practices identified in the Model Framework include:
As the PDPC point out, the Model Framework is not intended to be complete or exhaustive. Ethical and governance issues will continue to evolve alongside AI technologies themselves. The PDPC intends to update the Model Framework periodically (taking on board feedback it receives) to ensure that it remains relevant and useful to organisations deploying AI solutions.
For GDPR-related legal updates, please visit Fladgate Privacy Updates