This post originally appeared on MIT Technology Review
Just a month ago the EU outlined its new AI and data governance strategy, which called for, among other things, data sovereignty and for European AI to be trained on only European data to ensure its quality and ethical sourcing. The guidelines were lauded for their leadership in protecting data privacy and facilitating trustworthy AI. But according to the Financial Times, the coronavirus pandemic is now forcing regulators to re-think them.
Such restrictions, as originally envisaged, would risk slowing the pace of progress as scientists rush to develop vaccines and algorithms in the fight against the global crisis. Though regulators have not yet walked back on their original recommendations, they have pushed off their deadline for implementing legislation that would have set the pace for regulatory bodies around the world.
The trade-offs that EU regulators are facing mirror the tug of war that many governments and companies are now grappling with between data privacy and public health. Rapid access to data—wherever it is—is helping to fight against the outbreak. But the loosening of traditional data privacy measures has also been controversial. “You might as well ask yourself, has history ever shown that once the government has surveillance tools, it will maintain modesty and caution when using them?” wrote Hu Yong, a well-known critic in China and professor at Peking University’s School of Journalism and Communication.
While this tension has always been present, the sheer urgency of containing a virus with exponential growth has thrown the age-old debate in sharp relief. Many countries that have successfully contained their outbreaks, including China, South Korea, and Singapore, have utilized aggressive surveillance measures to track and isolate infected individuals. Other countries that have been trigger shy about similar measures, like Italy and Spain, now face devastating case loads that have overwhelmed their healthcare systems. The US, traditionally one of the most privacy-preserving governments, is now bucking under the pressure: The White House has begun talks with Google and Facebook about whether they can tap into their data on users’ movements.
The speed and access to high-quality data have also been important beyond surveillance. Machine-learning forecasters who are working to predict the trajectory of the virus, for example, also rely on as much rich and accurate data as possible. Currently, one of the leading forecast labs in the US is pooling together web browsing behavior and social media activity to help the government ramp up its testing capacity and determine appropriate interventions. But the lab is also seeking real-time feeds for retail behaviors and anonymized health records, which it says would greatly improve its predictions.
Regulators and privacy advocates worry, however, what kind of precedent this could set for the future. The World Economic Forum (WEF) released a statement last week urging firms not to lose sight of proper AI oversight simply to gain greater speed. “We need to keep in mind that the big ethical challenges around privacy, accountability, bias and transparency of artificial intelligence remain,” said Kay Firth-Butterfield, WEF’s head of artificial intelligence and machine learning.
In his blog post, Yong recommends adhering to three principles in finding the right balance between privacy and public health. First, lawmakers must treat public interest concerns as an exception to the protection of privacy, rather than a norm. Those exceptions must also be justified by human rights law. Second, lawmakers should define the basic civil rights guarantees that should still be provided even under the weakening of privacy. “It is important to realize that, although privacy may sometimes have to be restricted for the sake of the wider public interest, privacy itself is a vital public interest,” he writes. Therefore, individuals shouldn’t have to “yield to the public interest in an unlimited fashion.” And finally, lawmakers should heavily restrict how they use any information collected during a crisis. It should not be diverted to other purposes, and it should be collected, stored, and processed with stringent security.
“Sometimes we think that technology will inevitably erode privacy, but ultimately humans, not technology” make that choice, Yong writes. “The loss of privacy is not inevitable, just as its reconstruction is far from certain.”