The rapidly developing robotics, artificial intelligence and encryption technologies pose a number of new challenges for data protection, the Communique from the 38th International Conference of Data Protection and Privacy Commissioners says.
New Zealand Privacy Commissioner John Edwards is currently Chair of the ICDPPC executive committee. The conference was held in Marrakech, Morocco, this month.
The communique says both Robotics and Artificial Intelligence are intended to simulate human characteristics as they perform functions to assist users.
"The field of social robotics, which involves the anthropomorphic design of machines to engender, or manipulate the trust of the user is likely to lead to the widespread use of the devices to assist with the care of the elderly and others. These devices are equipped with numerous sensors, are likely to be connected online, and are in effect all seeing, all remembering in-house guests. As such, they pose challenges for a consent model of data collection and present challenges for security."
Artificial Intelligence, or machine learning, poses challenges that are only just beginning to be understood, it says.
"Conference members were told that that a mark of machine learning is the unpredictability of the outcome of a data processing function. This feature was described as 'unpredictability by design' and presents a particular challenge when it comes to responsibility or accountability for automated decision making, when the algorithm used to arrive at a conclusion is not known and is in fact unknowable by the designer or user of the application.
"Initial bias reflected in coding or sample selection used in a machine learning process can taint the algorithmic outcome, but with no transparency as to the mechanism by which the programme has produced its results or conclusions."
The communique says encryption is an important mechanism for business and consumers to protect their information at rest, on servers, from those who would attempt to steal or corrupt it, and in transmission for those who wish to intercept or manipulate the content.
"Encryption poses a significant challenge for law enforcement agencies and others with lawful authority to intercept communications, but without the technical means to act on that lawful authority, because the chosen channel of the target individual is protected by strong encryption.
"No satisfactory response to this challenge has yet been identified," the communique says.
"Conference members heard that most industry and technical experts do not favour the introduction of selective vulnerability to cryptographic programmes, to enable properly authorized law enforcement access, because such solutions introduce complexity, and complexity reduces security for everyone.
"Nor are regulated solutions of commercially available products likely to prevent bad actors from 'going dark', given that many of those most motivated to protect their communications from law enforcement and intelligence agencies have the capability to access or develop their own strong crypto."