my_ml_notes

Responsible AI in the Generative AI Era

Responsible AI Pillars:

image-20240614134752087

Tools:

Regulations

GDPR - General Data Protection Regulation

There are two key parties under the GDPR, each with key compliance responsibilities.

Key obligations under the GDPR in relation to generative AI solutions:

Below are some key obligations described in GDPR & Generative AI .

Transparency (Article 12 - 14): data controler needs to provide data subjects with certain key information about how personal data will be used (e.g. privacy notice).

Data Subject Rights (Articles 15 - 21): data controlers must ensure a position to comply with their obligation to respond to requests from data subjects in relation to the exercise of their rights with assistance from data processors.

Processor Obligations (Article 28): data controlers should use data processors to process personal data on their behalf only when sufficient guarantees exists to meet key requirements of the GDPR. These key requireements are:

Technical and Organizational Security Measures (article 32): data controlers and data processors need to implement technical and organizational measures to ensure a level of security appropriate to the risk taking into account the nature, scope, context and purpose of the processing of personal data.

Data Protection Impact Assessments (Article 35): data controllers to undertake a data privacy impact assessment (DPIA) when processing personal data.

Transfers of Personal Data to Third Countries (Article 44-50): The GDPR permits personal data to be transferred to a third country outside of the EU or EEA (including the US) where certain conditions have been satisfied. These conditions include where there has been an adequacy decision by the European Commission or where appropriate additional safeguards (such as the EU Standard Contractual Clauses) have been put in place.

Nice to know:

EU AI Act

TBD

References: