NORWAY Law and Practice Contributed by: Kari Gimmingsrud, Stian Hultin Oddbjørnsen and Andreas Bernt, Haavind
Data Protection Big data, machine learning and artificial intel - ligence projects will involve the processing of large data sets. More often than not, data sets targeted for machine learning and artificial intel - ligence use and contain unstructured rather than structured data. The data sets may contain non- personal data or personal data, or a mix. The GDPR will apply where such data sets contain personal data. This includes the requirement for a legal basis for the processing and a number of safeguards. The key challenges with machine learning and artificial intelligence technologies in Norway will be: • complying with the prohibition against pro - cessing data for a purpose that is incompat - ible with the purpose for which it was col - lected; and • biased algorithms. Artificial intelligence, machine learning and big data are also likely to be viewed as high-risk pro - cessing activities, meaning the controller could be required to conduct data protection impact Ownership of non-personal data has yet to be broadly discussed in Norway, but the general view is that data that merely represents factual observations may not be “owned” by the collect - ing company or person in the traditional concept of ownership. However, databases and com - puter programs used for processing big data, machine learning and artificial intelligence are, to some extent, safeguarded by the sui generis database property right in Norwegian copyright law. The Norwegian Protection of Trade Secrets Act may also provide dovetailing protection for data if reasonable measures to avoid disclosure are implemented. As the protection offered by assessments (DPIAs). Intellectual Property
national rules is limited, it is important that intel - lectual property questions are clearly regulated by contract. The question of ownership and IPR as regards the results generated by intelligent machines has been resolved by the European Patent Office, which also impacts Norway, so an artificial intel - ligence system cannot be named as an inven - tor in Norway. Contractual regulation of IPR between parties using technology for innovation purposes will remain essential for the foresee - able future. Furthermore, it is worth noting that the imple - mentation of the Data Act may affect the current regulation of IPR (see 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection ). Discrimination The use of artificial intelligence may affect the rights and freedoms of individuals – eg, when examination reviews or job applications are pro - cessed by automatic means. While problematic from a GDPR perspective, such automatisation may also be problematic under the recently adapted Norwegian Act on Discrimination, gov - erning individuals' rights to equal treatment and not to be discriminated against based on, for example, race, sex, religion, age or sexual ori - entation. There have already been examples of such discrimination by algorithms internationally. As discrimination is already governed by law in Norway, developers must implement safeguards to prevent discrimination when developing arti - ficial intelligence. Further regulation by the EU with indirect application in Norway may be expected.
346 CHAMBERS.COM
Powered by FlippingBook