Doing business with the UK

A moment of clarity?

So, if last week’s election result did anything, it may at last have provided clarity on the state of data protection for British businesses and those operating in the UK market, and in particular data transfers between the UK and the EU. Given the size of the new Conservative majority it is (almost) inconceivable that the Prime Minister will not be able to push through his deal towards the end of the week. Brexit is now inevitable.

That being so, it is worth a quick review of the status of the data protection relationship between the EU and the UK under that deal, the steps that need to be taken on both sides; and while we are at it, perhaps to speculate a little on future state…

The deal

The deal and transitional arrangements agreed between the UK Government and the EU provide a degree of certainty and, importantly, consistency between the current data protection regime and what comes next, at least during the transition period, which is likely to run until the end of 2020. 

There is no need, according to the published document, to have an Adequacy agreement at that point, though one will happen quickly. While the UK will no longer have its seat at the European Data Protection Board, it may (note: may) still be invited along to provide insight into specific issues (at the EU 27’s discretion it should be noted – it will have no ‘right of access’). This will continue through the transition period, for as long as that lasts or until it is replaced by something more solid – for example a UK Adequacy finding.

Unilateral acceptance – getting data out is easy (in, less so).

The position of the UK government on data transfers is that they will continue to honour the existing transfer compliance arrangements, and, whatever happens (at least in the short-term), the EU Standard Contractual Clauses, Binding Corporate Rules, Adequacy Findings and Privacy Shield will all continue to be recognised, unilaterally, by the UK – meaning that UK-based firms can rely on all of those methods to underwrite their international transfers just as they do now. The challenge will come where there needs to be reciprocal arrangements, and, in particular where the data is coming from the EU, or may otherwise be subject to GDPR protections.

It should be noted that the Deal only covers transfers between the EU and UK – not with other jurisdictions. So, the UK will need to approach other governments to negotiate data transfer arrangements anew and bilaterally – the most obvious example being Japan, where the reciprocal arrangement which came into force at the end of January 2019 has had to be be renegotiated between Japan and the UK.

(In the long run, both Japan and the UK will need to be sure that changes in the UK’s posture on privacy issues do not indirectly affect Japan’s own adequacy status – onward transfers to third countries were specifically called out by the EDPB when the Adequacy decision was under review, and the UK will count as such, post-transition and if no UK Adequacy finding is in place.)

Likewise, US companies with Privacy Shield in place will need to ensure that they update their registration to specify that they are extending their registration to include transfers to the UK, as well as the EU – otherwise transfers based on those Privacy Shield arrangements would not be lawful under the UK Data Protection Act 2018.

What to do?

In the short-term, transfers to and from the EU should be covered by the transition agreement. However, while a year may seem like a long time, to those who have been involved in GDPR and latterly CCPA preparedness, a year is one of those elastic timeframes – when changes are announced, they rubber band is pulled back hard, only to snap back and compress rapidly… so, thinking, and acting, ahead of time is the best option.

Once the transition phase is over, the UK will become a Third Country. It may receive an Adequacy finding – either wholly or partial – but if not, to receive GDPR-protected personal data, UK firms will need to ensure that they have a mechanism in place.

Transfer mechanisms do, of course, exist already that permit data to be sent from the EU to third countries.  Companies with Binding Corporate Rules (BCRs) in place are in a strong position, as these findings will be respected (subject to regular reviews, as normal).

The EU Model Clauses (the SCCs) are also there precisely to provide for transfers to Third Countries – and it is to these that many will turn; they are comparatively easy to implement, and may already be sitting within contracts. If not, EU clients and affiliates can be approached with the Model Clauses as a good option to add to existing Data Processing Agreements.

If you do already have SCCs in place, it will be important to verify the following elements;

  • Whether the UK company or UK-based affiliates are listed separately as data importers;
  • Whether the Controller needs to be informed of the change in status;
  • Whether there are any onwards transfer restrictions (i.e. data can go to the EU to be processed but no further, or from another adequate country – such as Japan – but no further).

Of course, this is all predicated on the persistence of the SCCs as a valid legal mechanism. With the opinion of the Advocate General of the CJEU expected any day now, the chessboard could be well and truly overturned – in which case, we can expect a flurry of activity by the Commission and the EDPB to get their house in order and issue a new set of SCCs post-haste – but whether that will happen in time to assist UK companies is another matter. In the longer-run, BCRs would seem to be the safer option.

What the future holds

Given how we have ended up here, it would be foolish to speculate overlong on the future relationship between the UK and trading partners in respect of data transfers. But there are a few areas which may give an indication.

The first of these is the very strident position of the ICO recently – the notices against both BA and Marriott seem to be putting a marker down for erstwhile EDPB colleagues that the ICO, better resourced and able to take on major brands, might just continue to be a useful ally, whatever the official status of the UK. France and Germany, with their own large fines, may of course resist this…

The largest initial question is whether the UK will receive adequacy status. The line that the UK Government has taken would seem to give the EU little wiggle room – if the UK has fully implement GDPR, it would be churlish to withhold it. However… one should not discount the economics of the number of firms relocating head offices and data centres (their own or outsourced) into the EU to head off problems post-Brexit.

Additionally, once outside the EU, the UK will no longer be able to rely on the national security exemption available to member states – pragmatically, one could again argue that it would be churlish to turn down Adequacy on those grounds. But the UK’s participation in the Five Eyes programme, the PRISM programme and other intelligence operations – as well as the likelihood to significant changes in the UK Human Rights Act which may affect compatibility with the European Convention – might well give the Commission pause for the reflection.

One way through this could be a UK Privacy Shield – which would, in the same way as the US version, almost certainly be subject to challenge, review and scrutiny over many years, bedding in uncertainty (again, get working on those BCRs!).

And in the long run, there is nothing to suggest that the UK would not start to plough its own furrow in defining data protection. The GDPR is hardly the last word, as we’ve seen in the growing body of privacy statute in the US – and the UK has some strong history in developing law in this area, albeit with a different emphasis (some might say a more pragmatic emphasis) than some European neighbours.

The emphasis on the tech sector in the UK will mean that the country will be well-placed to start to develop in perhaps a slightly different way – is the unilateral declaration of recognition the starting gun on a freer approach to handling of personal data by corporations and governments? If so, I would urge caution. The use of data by aggregators and corporations may be a short-term golden egg, but it is one that may be laid at the cost of individual privacy and freedom. Throw in use of data political parties and nation-states and there are definite risks which we are already seeing crystallise – for example, the inability of the Electoral Commission and others to act on social media campaigning.

Such a move might also cause problems outside of Europe – as US jurisdictions and others (including Japan) start to tighten up controls, and put the individual first. Whatever happens, with so much at stake and in play, it’s going to be an interesting journey to observe – did I say observe? I meant take… after all, this is one that will undoubtedly affect us all…

Some content in this blog was originally published here, and copyright of that material is owned by NTT Security (UK) Ltd.

Judgement day

The scariest thing about AI is the humans

Artificial Intelligence (AI) – so-called – is one of the current buzzwords across technology.  Whether it’s in the technical security industry, the world of Big Data (the buzzword of yesteryear) or, these days, even music composition, AI is the tag that is stamped across the virtual box to make those of us who gravitate to the newest, shiniest thing go “oooohhh”.

But how AI does this is key to understanding some of its shortcomings and its risks. I’m not talking SkyNet here, or The Matrix– at least not yet! But how current AI works is perhaps one of its greatest drawbacks – because it relies on humans.

Shakespearean Monkeys

The Shakespearean Monkey analogy is a useful one.  The Monkeys first need a few basic tools, language being the principle one. 

A quick search of ‘Shakespeare AI’ brings up an experiment of AI ‘composing’ sonnets, which goes some way towards this – effectively, the 154 sonnets were loaded into the Machine and the machine the ‘learnt’ enough about them to be able “…capture[s] meter implicitly at human-level performance.” [1] But the papers conclusion shows the difficulties of achieving anything beyond this:  

“Our research reveals that vanilla LSTM language model captures meter implicitly, and our proposed rhyme model performs exceptionally well. Machine-generated generated poems, however, still underperform in terms of readability and emotion.”[2]

So, unsurprisingly, computers have a difficulty in connecting the technical aspects of writing something that fits and makes sense, with something that connects with the reader – there still needs to be a human in there to do the ‘emotional’ stuff.  

Broadening beyond just sonnets, they need specific understanding of the metre used; the voices and speech patterns assigned to the different social classes; they need to understand why certain lines are funny, for which they need the social context that gave birth to them.  

The same applies to platforms like JukeDeck and AIVA that compose music based on Algorithms (Algo-rhythms?). Music is largely based on maths; whether a major, minor, whole-tone or pentatonic scale (or any of the many, many other variations), it comes down to intervals and harmonies played in a certain order.  

But, once again, there is a level of social conditioning in our human reaction to that music – we associate certain scales with ‘happy’ or ‘sad’; certain intervals are described as ‘resolving’, which, even writing it down, makes me exhale slightly in relief. The tension of the Jaws theme tune, or the emotional tension of Barber’s Adagio are what they are because of that conditioning.  It should be possible to load all of that into an AI and produce something that mathematically ticks those same boxes, but will it ever have the same emotional thrust if the composer cannot understand why humans have that reaction?

Inputs/Outputs

But what does this have to do with the privacy and social risks of AI?  Well, both of the examples above show the underlying need for humans to be involved at some level to provide the datasets and context in which the machine then operates – both in terms of inputs, and then in evaluation of its work as ‘acceptable’.

In Privacy circles, and particularly with Data Protection Authorities, the in-built assumption is that, by keeping humans in the equation, fairness will be built in.  The right to be informed of and object to automated decision-making – i.e. to have the decision referred to a human – is built in to the EU General Data Protection Regulation.  Given the current state of the art, that’s not an unreasonable proposition – if the AI cannot fully ‘understand’ the whole of the data or context, then there should be review, so that individuals are not unfairly disadvantaged.  

And while a human can overcome ‘conditioning’, a computer won’t (currently) do that.  Machine Learning is, in a sense a misnomer – the Machine isn’t learning in the true sense, which implies acquisition of knowledge. What it’s doing is processing information, and applying rules to it, as it’s been trained to do – Machine Training is possibly a better description.  So, it’s better that a human should review a decision and make sure that it is reasonable.

However, there is a deeper risk here that both supports that view but asks of it some basic questions. If AI is reliant on humans both for inputs and outputs, is it really any better than humans – or is it just that it can work faster at scale? 

In their blog on the subject[3] the UK Information Commissioner’s Office encouraged the use of current tools like DPIA as a way to try and understand and address biases in datasets. But that relies on humans within an organisation to be able to detect their own and their organisation’s cultural bias – they note that ‘a diverse workforce is a powerful tool in identifying and managing bias and discrimination in AI system’[4].  Indeed… but how many businesses would acknowledge that they are not truly diverse, and in whose opinion is that judgement being made? And, more than that, what if those biases are deemed to be ‘ok’?  It’s not just the data that may be biased – it’s also the inferences drawn from the data, and the resulting outcomes.

AI meets social policy

Coverage in the UK newspaper The Guardian examined the impact of machine learning on social policy[5] – namely immigration and a social security benefits (the introduction of Universal Credit). It argued that because of the scale and speed of decision-making available through AI, there is an intense risk of the magnification of social injustice.  For that to be the case though, the injustice must be inherent in the rules that the machine is applying – and those rules are written by humans.  

The answer in those particular cases should be testing before live application – modelling the socio-economic outcomes of policies before implementing them, and that should be possible using current technology. This would assist in picking up unintended consequence.  However, given the way political decision-making tends to work (again, a human context – not the machines’ fault), there seems to be little desire to add cost or time to go to those types of lengths.

This risk is arguably further amplified by those in control of the technology. There has also been coverage recently on the lack of diversity in the pool of developers working on AI and Machine Learning, and how this has impacted on inherent bias.  Rep. Alexandra Ocasio-Cortez (D, NY) recently used her high media profile to raise the issue of bias in the algorithms used, particularly in policing – where historical datasets have been used to predict patterns of behaviour, baking in historical biases – biases that occur because of the shortcomings on the human side, and also, potentially, because of the demographic of most of those currently involved in development of the technology. 

Likewise, algorithms used in Facial Recognition are skewed in terms of accuracy when recognising non-caucasian features[6], and with women often under-represented in historical datasets, there is potential bias present there too.

Extrapolating, it’s not unlikely that similar technology developed in other demographically restricted groups – say China for example – would show similar deficiencies and skews. Some balance against this possible – but in order to do that, it has to be detected and desirable to do so.

Automatic for the people…

But the issue may go further even than that. I recently attended an evening on the use of AI which included a presentation from a company that uses AI in combination with video-interviewing (undertaken by a Bot, not a live interviewer), which recognised and drew inferences from minute facial expressions. It proposed then, that it would provide a profile of candidates so that HR departments could make selection decisions. Even leaving aside some obvious concerns from the regulatory side (whether or not the candidate is aware of being interviewed by a Bot, not least of these), this type of application opens up questions.

First up, is this automated decision-making? The defence here is that the inferences are referred to HR or a recruiting manager – who acts or doesn’t act on those inferences.  But realistically, if a company has bought in and applied a technology, why would they not act on those inferences – it’s why you buy the product, right? And it’s going to be a brave line manager who says ‘no, I’m going to ignore the tech that the company has spent £0000s on and do it the old-fashioned way’. So, we can assume that in many cases the inference provided by the AI becomes the decision made by the human.

The second issue – and perhaps a more important one – is the parameters that underly those inferences, and where they come from.  It’s a truism that we mostly get on with people who agree with us – and more than likely share social background, political opinions and other features with us.  There are already products on the market which ostensibly map working styles between employees and managers, aiming to get a good ‘match’.  

Feeding these types of parameters to AI, in combination with the other more obvious skew of the technology needing to meet its clients’ expectations (i.e. find a ‘face that fits’) could drive some very problematic results and behaviours – from filling vacancies with ‘yes’ people that drives down a company’s ability to innovative or challenge assumptions, all the way to more blatant discrimination of work-places made up of a single, or at least a very restricted number of social, ethnic or other groups.  Far from the technology being agnostic to those types of behaviours, it may actually up re-inforcing them. 

Better than human

But why is this any worse than a human making the same type of decision – either knowingly or unconsciously? Studies have repeatedly shown that unconscious bias can be present in humans for any number of reasons – even down to the number of hours since someone last ate[7]

It’s not an unreasonable prospect that a computer may do a better job of ignoring ‘bio-bias’ – i.e. rushing a decision to get to lunch or the bathroom… in the same way that, while we are intrinsically worried about the idea of driverless cars even though the data shows they are safer than humans, isn’t this just more technophobia?

We’ve seen above that use of the technology at scale can amplify injustice – it takes the issue away from one or two individuals who may have certain prejudices, but potentially applies inbuilt prejudice across a whole population.  Worse, by virtue of the ‘scientific’ nature of an algorithm, there is a risk that respectability is conferred on the bias – the computer says it; ergo, it must be true. 

The impact of this potential bias will depend greatly on the application of the technology. Being served the incorrect ads on social media is certainly irritating; being mis-identified by police, denying you employment, promotion or social security payments, or even deciding asylum status all have potentially life-changing, and even life-threatening impact. In potential combination with limited rights of appeal, this must be a matter of significant ethical and social concern.

Bigger data

So far, we’ve primarily discussed the use of probably quite limited datasets – but the real ‘Skynet’ moment comes when AI is tied to Big Data.  Not just social media, but information held by insurers, banks, healthcare providers, online retailers… adult sites… in an online world the list is potentially endless.  

The Cambridge Analytica case is such a questionable use of individual’s data that it has prompted a knee-jerk reaction, of which the California Consumer Privacy Act is a direct, if somewhat flawed, consequence. But that’s only one use of a large – but limited – dataset. 

But it’s not a huge step on to broader datasets beind used to underpin life-changing decisions. As well as transaction information, and social media likes, you can at very least throw in physical appearance, health data, biometrics and location. The Pizza Ordering scenario[8] (worth a watch) is more and more relevant.  

Regulators have begun, tentatively, to address this.  As well as CCPA, with its broad definition of selling (consideration), is an attempt to make dataflows visible to individuals, in the same way as the ePrivacy Directive in the EU. Meanwhile, the Netherlands government last year commissioned a Data Protection Impact Assessment looking at Microsoft Office 365[9].  In this instance, O365 was sweeping up all sorts of data and metadata in order to understand how user errors were made in order to improve their product – i.e. the AI that sits within O365 to improve user experience and helps us write our documents.

The DPIA conducted on this subject does not accuse Microsoft of anything more nefarious than using the data for purposes other than as declared, and potentially acting as a Controller without proper notice. Importantly though, some of its concern is what data the could be used for, rather than what it is used for.  And the reality is that few regulators or even governments will take on the larger product providers – in this instance it was noted even within the DPIA that use of Microsoft products was so endemic that there was no obvious solution.

Humanity 2.0?

In any case, it doesn’t necessarily take a nefarious intent for bad consequences to follow – just a lack of understanding of the risk, and failure to apply controls. It’s not too much of a stretch to multiply the totality of data which relates to each of us and put a biased AI solution underneath it and a will to effect real-world consequences – in fact, evidence suggests that it’s not any stretch at all.  The examples above show that it is already happening.

The data is already there, and is projected to be growing by 1.7mb per person per second by 2020.  AI technology being applied in increasingly inventive ways. But, for the moment at least, it’s not likely to be the machine’s themselves that are the root cause the issue – as with many other technological advances over mankind’s history, it’s the human factor that poses the biggest risk.

All of that said of course, machine learning can have positive outcomes – cyber security threat detection being a good case in point.  And, in the case of health data, the larger the dataset, the far better the outcomes from a clinical improvement perspective.  Even here though, controls have to be applied to limit both the collection and the onward use of data that’s gathered, to make sure that it is only used for the stated purpose. The recent proposal as part of the UK general election campaign to offer free genome mapping to every child sits some way between a sensible way to understand health and plan future services and a creepy and invasive Gattacascenario…

And the future? Well, the much-maligned Alien Resurrection coined the phrase ‘Untaught’ to describe next generation AI robots that acquired knowledge in the same way as humans, but with greater computing power.  Likewise, omniscient Minds controlled almost every aspect of Iain M Banks’ Culture.  

Whether there is a societal desire to go that far or not may be a moot question – it may become necessary to remove human emotional, biological or sociological bias from AI altogether, if the technology is ever to be truly trusted. Or maybe our basic humanity will cry out against absolving ourselves of that responsibility – once humans are obsolete in making so many decisions, what are we there for…? In the immortal words of Sarah Connor in Terminator 2: “The future is not set. There is no fate but what we make for ourselves.”

[1] Deep-speare: A joint neural model of poetic language, meter and rhyme, Lau, Cohn et al: 2018. https://arxiv.org/pdf/1807.03491.pdf

[2] Ibid

[3] https://ai-auditingframework.blogspot.com/2019/06/human-bias-and-discrimination-in-ai.html

[4] Ibid

[5] https://www.theguardian.com/commentisfree/2019/jun/10/the-guardian-view-on-digital-injustice-when-computers-make-things-worse

[6] https://www.washingtonpost.com/news/powerpost/paloma/the-technology-202/2019/01/28/the-technology-202-alexandria-ocasio-cortez-is-using-her-social-media-clout-to-tackle-bias-in-algorithms/5c4dfa9b1b326b29c3778cdd/?noredirect=on&utm_term=.8369217cbb9b

[7] https://www.economist.com/science-and-technology/2011/04/14/i-think-its-time-we-broke-for-lunch

[8] https://www.youtube.com/watch?v=RNJl9EEcsoE

[9] https://www.privacycompany.eu/en/impact-assessment-shows-privacy-risks-microsoft-office-proplus-enterprise/