Radar - December 2020 – 4 / 8 观点
You can read our tech predictions for 2021 here. Looking back at 2020's legal and regulatory developments around tech, AI is the area that really stands out.
Committee on Standards in Public Life report
The Committee on Standards in Public Life published a report and recommendations on AI and public standards in February. Recommendations include:
EC White Paper on AI
The EC published a White Paper on AI as part of its Digital Package in March. The White Paper on AI presents policy and regulatory options to help create excellence and trust in AI. To achieve excellence, the EC proposes:
To develop trust, the EC proposes:
Contrary to expectation, the EU has not proposed a ban on the use of facial recognition technology. High-risk AI will be subject to strict rules including compliance tests, controls and sanctions. High-risk AI covers AI used in critical sectors of healthcare, transport, the police and the legal system, or where the use of AI is critical in that it has legal effects or carries a risk of death, personal injury or damage.
In terms of regulatory plans, the EC intends to build on existing frameworks in order to cover the most significant risks associated with the use of AI (including personal data and privacy protection and non-discrimination) as well as safety and liability issues.
The EC also published a report on safety and liability implications of AI, IoT and robotics. It concluded that current product safety legislation already confers a high degree of protection in terms of the safety risks of using AI, IoT devices and robotics. It does, however, think that provisions explicitly covering new risk created by emerging digital technologies may be required to provide greater legal certainty.
OECD observatory for AI
In March, the Organisation for Economic Co-operation and Development (OECD) launched a new policy observatory to collate information from around the world about AI policies and initiatives. The database will be searchable and it is hoped that it will inform policy-making and help develop best practice.
ICO and Alan Turing Institute guidance on AI processes and decisions
The ICO, working with the Alan Turing Institute, published guidance to help organisations explain the processes, services and decisions made or assisted by AI to the individuals those decisions impact. The guidance which runs to 136 pages, is divided into three sections. Their relevance will partly depend on the level of expertise of the reader:
The guidance focuses on GDPR and DPA18 compliance with rules on automated processing for decision making and use of profiling. It also touches on other relevant laws which organisations may need to consider when using AI to make decisions about individuals.
UK public procurement guidelines for AI
In June, the UK government has issued new procurement guidelines to help inform and empower buyers in the public sector to evaluate suppliers and responsibly procure AI technologies for citizens.
EC AI risk-assessment checklist
The EC published a risk-assessment checklist for trustworthy AI, as a word document and an online tool in July. It puts the Commission's 2019 ethics guidelines into practical terms.
ICO guidance on AI and data protection
The ICO published guidance on AI and data protection as part of its framework for auditing AI in August. The guidance was jointly developed by the ICO's AI team and Reuben Binns and is intended to help organisations understand how data protection principles will apply to the development and use of AI systems. It is considerably more digestible (and higher level) than the ICO guidance produced with the Alan Turing Institute on Explaining Decisions made with AI, but it is aimed at similar audiences – DPOs, general counsel, risk managers, senior management and technology specialists. The guidance does not look at AI ethics but at how to ensure the data protection principles are observed when developing and using AI which processes personal data.
IPO consultation on intellectual property and AI
In September, the IPO published a consultation on how IP relates to AI and on future policy developments in the area.
US and UK sign cooperation declaration on AI
The US and the UK signed a declaration of cooperation on research and development relating to AI. They have agreed to:
EP legislative initiatives and report on AI
The European Parliament adopted two legislative initiatives and a report on AI in October. The legislative initiative on an Ethics Framework for AI urges the Commission to adopt a human-centric approach to a legal framework for AI and robotics, including software, algorithms and data. The legislative initiative on liability for AI causing damage calls for operators of high-risk AI to be held strictly liable for any damage. The report focuses on IPRs in AI and calls for safeguards in the EU's patent system to protect innovative developers but also protections for human developers. AI should not have legal personality so ownership of IPRs should only be grated to humans. A legislative proposal from the Commission is expected early in 2021.
Government consultation on smarter and greener transport
The government launched a consultation to make journeys easier, smarter and greener through new technology as part of the Future of Transport regulatory review. The review is accompanied by £90m funding to support trials of new transport innovation.
The CMA launched a market study into charging infrastructure in December.
Law Commission analysis of responses to second consultation on driverless cars
In June, the Law Commissions of England and Wales, and Scotland, published responses to their second consultation on regulatory changes which may be needed to allow the introduction of driverless cars. There is considerable support for a single national system for licensing operators of automated passenger services and for a lighter regime to regulate private vehicles. The view is that legal responsibility for private driverless cars should be on the registered keeper with the duties transferred to a lessee where appropriate. A third consultation will bring together proposals relating to safety assurance and operator licensing and also consider corporate liability and access to data. A final report with recommendations for new legislation will be published in 2021.
IoT devices to face new regulation in the UK and scrutiny in the EU
IoT devices were the subject of UK and EU initiatives launched in July.
The UK's focus is on cybersecurity with the announcement of a call for views on a proposed new law to help protect users of smart devices from cyberattack.
The proposals, drawn up by the DCMS and NCSC, are in line with European standards and focus on:
The government is also intending to comply with product safety standards and intends the legislation will:
Feedback on proposals for enforcement will shape the eventual regime.
The EC is focusing more on use of data and competition issues and launched a sector inquiry into the consumer internet of things. The Commission is concerned that wearables and home smart devices collect significant amounts of data, including personal data, which might contribute to market power. The Commission suggest there are indications that companies in this sector are distorting competition by restricting access to data and interoperability, using self-preferencing practices and proprietary standards which create barriers to entry and innovation. A report will be published for consultation in spring 2021 with a final report following in summer 2022.