“Success in creating AI would be the biggest event in human history. Unfortunately, it might also be the last, unless we learn how to avoid the risks.” By Stephen Hawking, Theoretical Physicist, Cosmologist, and Author
INTRODUCTION
Artificial Intelligence (AI) is increasingly gaining traction as the quintessential tool in data processing. AI is part and parcel of our everyday life through processing of data on our personal computing machines such as mobile phones. A key tool to machine learning is where mass volumes of data enable computer systems create correlations, and build algorithms with predictions that assist and sometimes force the human component to make decisions. The time is ripe to put a legal framework that embraces big data and AI that enables these systems recognise biases, and fallacies of human behaviour such as discrimination or impartiality.
ANALYSISING BIG DATA AND AI
Big Data enables self-learning autonomous machines to draw non-intuitive inferences and predictions about the behaviours, preferences, and private lives of individuals. These inferences are drawn from a highly diverse and feature-rich data bases. By self-learning, autonomous systems make decisions which were previously left for natural persons, the intuitive link between actions and perceptions is being eroded, leading to a loss of control over identity and how individuals are perceived by others.
It’s a cause for concern the unregulated methodology that these self-autonomous systems use to draw privacy-invasive inferences that cannot be predicted, understood, or refuted. The primal problem is whether an individual has a right to control any data that may be or is currently being processed by a self-learning autonomous system.
THE DATA PROTECTION ACT
The Data Protection Act of Kenya, [hereafter the Act], which draws its mandate from Article 31 of the Constitution of Kenya, provides the legal framework in respect to privacy rights. Relevant to this topic is Section 35 of the Act which provides for the rights of a data subject not to be subject to decisions based solely on automated processing, including profiling, if that decision has a legal effect concern or significantly affects the data subject. The Act further provides for three exceptions (a) where the data subject enters into or performs a contract between the data subject and a data controller (b) where the decisions based solely on automated processing are authorized by a law, and that law includes appropriate measures to safeguard the data subject’s rights, freedoms, and legitimacy, and (c) where the decisions based solely on automated processing, including profiling are given subject to the prior data subject’s consent. The Act further limits the commercial use of personal data and only allows such use of personal data, with the prior consent from the data subject and/or when commercial use of personal data is authorised under any written law and the data subject has been informed of such use when collecting personal data from the data subject. Even with the above statutory limits in place, mandatory safeguards are that data controllers must have in place mechanism on the use of personal data for commercial purposes that ensure to anonymize the personal data in such a manner that the data subject is no longer identifiable.
MEASURES TO SAFEGUARD A DATA SUBJECT’S RIGHTS, FREEDOMS AND LEGITIMATE INTERESTS
There is light at the end of the tunnel with the statutory safeguards provided under Section 35(5) of the Act, which gives the Cabinet Secretary the mandate to create regulations to provide suitable measures to safeguard a data subject’s rights, freedoms and legitimate interests in connection with decisions based solely on automated processing.
The age of big data and AI is a testing ground for privacy rights world over, and legal and regulatory reforms are a necessary component in the advancement of this technology, for instance in the UK the proposed Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament on 8 March 2023, marking a significant shift in the UK’s approach to data protection and digital information management.
CONCLUSION.
The age of big data and AI is with us today, legal and regulatory reforms to data protection will act as a necessary safeguard to the repproachment of the naysayers on the advancement of big data and AI vis-a-vis privacy rights. The law on data protection and privacy rights must embrace this new frontier and advance in tandem with the advancement in big data and AI.
This article is provided free of charge for information purposes only; it does not constitute legal advice and should be relied on as such. No responsibility for the accuracy and/or correctness of the information and commentary as set in the article should be held without seeking specific legal advice on the subject matter. If you have any query regarding the same, please do not hesitate to contact Litigation Department at Litigation@wamaeallen.com
