MALTA Law and Practice Contributed by: Andrew J Zammit, James Bartolo and Nicholas Scerri, GVZH Advocates
and freedoms of individuals, particularly for sen - sitive or large-scale datasets. This ensures that risks are identified and mitigated before engag - ing a cloud provider. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Liability, Data Protection, IP and Fundamental Rights Projects involving big data, machine learning (ML) and AI have one common factor in that they need to make use of vast amounts of data, which may be of a personal nature. This brings about challenges in relation to the management of such personal data in compliance with the GDPR and Maltese data protection law. ML and AI also raise various other legal issues, as out - lined below, together with potential solutions. Data Protection An AI system needs extensive data to train and develop the algorithmic models on which it operates in order to provide an accurate output. Much of this data may be personal in nature, thus compliance with the GDPR and Maltese data protection law is necessary; however, the volume of personal data processed makes com - pliance more complex to achieve. These obligations become particularly problem - atic in the case of ML and AI since access to and collection of personal data is generally restricted by law. Furthermore, personal data can only be processed for its original intended purpose and although the scope to reuse data for additional purposes has been widened by the Data Act, it is still limited. This legal requirement could limit the possibility of extracting new value from the combination of datasets. It should also be noted
that, under the GDPR, decisions that were taken solely in an automated manner must allow for human review of that decision if it significantly affects the data subject. Additionally, the data subject has a right to an explanation as to how a decision was reached. Whilst these principles can stifle the development of ML and AI technol - ogy to some extent, they also ensure that such technology is developed in an ethical manner that respects human rights and the right to pri - vacy of each individual. ML and AI companies and applications that involve the use of personal data can achieve trust by ensuring that they are compliant with the requirements of the GDPR, by implementing the necessary safeguards and ensuring that data protection is present at the design stage and by default. Ethics Closely related to the discussion of data protec - tion is the matter of ethical development of ML and AI technologies. In October 2018, the Malta AI Taskforce was set up by the Maltese govern - ment to advise on strategies, ethics and legal issues relating to the development of such tech - nologies. One of the documents published by the Taskforce is the Ethical AI Framework which, though it does not have the binding force of law, lays down a set of guiding principles for trust - worthy AI governance. The Framework builds upon the Ethics Guidelines for Trustworthy AI, published in April 2019 by the European Com - mission’s High-Level Expert Group on Artificial Intelligence (AI HLEG), and adds a number of control practices which aim to guide developers and users of ML and AI technologies in terms of how the principles set out therein should be translated in practice. The Framework sets out four ethical principles for trustworthy AI, namely:
256 CHAMBERS.COM
Powered by FlippingBook