Data Protection and In accuracy – Emotional AI as a Case Study

Show video

I think we'll slowly get started now  uh most people uh had a chance to join the webinar   the zoom webinar but people will filter in over  the next couple minutes uh but in the interests   of uh remaining on schedule I want to get us  started here so that we don't run over and eat   into people's uh lunches unduly um so first off  I'll introduce myself my name is Dr Ryan Whalen   I'm really happy to be here today at the invitation  of the hku law and Technology Centre to chair   this talk and moderate this talk I'm really  excited to hear what our speaker today has   to share with us. The structure of the  talk will be as follows. So it'll be initially will give   um Dr Clifford a period of time to present  his work um I suspect that would be 30 to 40   minutes although you're free to Air on either  side of that window as you prefer Dr Clifford   um and as we go along if the audience has  questions please feel free to use the Q&A   box and then in the period after the talk I'll  I'll pose those questions to Dr Clifford and we   can have a bit of an extra change of ideas okay so  first off I'm going to introduce today's speaker   Dr Damian Clifford is a senior lecturer at the  Australian National University College of Law and   he's a chief investigator at the ANU humanizing  machine intelligence brand challenge project and   the socially responsible insurance in the age  of artificial intelligence ARC linkage project   he's also an affiliate of the ARC Center of  Excellence for automated decision making in   society and at The Institute of advanced legal  studies which is at the University of London so   Dr Clifford thank you so much for taking time  out of your busy day to talk to us here today   at HKU and in Hong Kong and I'm going to give  you the floor now to to present your work to us   thanks very much Ryan um so I'll just  share my slides and I can get started   okay so you should be able to see those um thank  you um yeah so thanks very much for the invitation   and the opportunity to to speak um so today  I'm going to speak about data protection and   the accuracy principle in data protection and I'm  going to do it through the lens of emotional AI   so uh you know to start this off um I thought that  you know I just kind of give a brief explanation   as to what this accuracy principle is that  appears in a lot of data protection legislation um   essentially it requires that personal data is kept  up to date and corrected or deleted were relevant   um and my I suppose starting premise um you know  for the work that I'm presenting is that you know   I think this is an underexplored dimension or  principle within data protection legislation   um okay but that's like fair enough um and you  know you might be wondering why I'm actually   interested in it and I suppose my interest started  inaccuracy largely because I started to look at   emotional AI or affective computing I suppose  that the context which I'm going to be exploring   um you know the accuracy principle in this talk  um so there are a range of examples I'm just going   to give a couple from Facebook here because um I  suppose when it comes to kind of you know um some   behavior that has uh you know led to some debates  uh they provide a few uh very good examples   so the first one is the emotional contagion  experiment uh in which I suppose researchers   bought a different academic institutions and at  Facebook uh found that if they manipulated the   user feeds of users they could then change how  those users interacted with the framework and   whether they did so kind of either positively or  negatively um there has also been um leaks around   um you know Facebook saying to advertisers that  they can allow them to target teens who are   feelings insecure or vulnerable um there were a  range of patents um dealing with emotional AI and   of course then there's the Cambridge analytical  Scandal which had a clear kind of emotional impact   I suppose around the capacity to persuade now  these technologies have been very controversial   for a variety of reasons but some of them have  been very controversial as well from an accuracy   perspective so there's been wide scale critiques  of what's known as facial action coding or the   detection of emotions through facial expressions  so there have been a lot of discussions more   recently about the accuracy of such technologies  in particular so the reason I kind of   wanted to look at this thing is well because of the  kind of garbage in garbage out so if you look at   the role of data protection and potentially this  accuracy principle as a means of regulating some of the issues kind of actually play some sort  of a role in terms of correcting or requiring the   deletion of information that isn't accurate and  that may play a role I suppose in the deployment   of these technologies now aside from that I'm  also interested in it because data protection   law and in particular I suppose I'm referring  to the GDPR as a particular so the general   data protection regulation in the EU as  a particularly strong example of regulation that   has extensive accountability mechanisms or tools  within it so you have things like data protection   impact assessments or privacy impact assessments  and other jurisdictions as they're known and you   have requirements for data protection or privacy by  design by default and you also have protections   around automated individual decision making or  profiling so you know there are robust regulatory   tools that could play a role in this space and  through which I suppose we could look at accuracy   as a principle and whether it could actually  play a role in mitigating some of the challenges   um before I get into I suppose some of the  specifics on this I wanted to highlight a couple   of two preliminary points so the first is that  you know when we're looking at accuracy often what   we're talking about in this context or any context  would be more in the range of kind of accurate   inputs so there's a focus very much in ensuring  that the data process isn't isn't incorrect   um and you could say that that kind of reflects  the historical roots of these types of Frameworks   but also um there are broad goals so um their  goals uh what I mean here is you know that   they're designed to protect privacy under data  protection but also um the the other goal within   this is to provide a level of uniformity and  certainty to allow for information flows and to   provide that certainty for businesses now within  that I suppose those competing values um there is   also uh uh I think that that's manifested in the  fact that accuracy has a bit of an unusual role   yeah and so in that even inaccurate data are still  considered personal data or personal information   so um it is a principle I suppose rather than a  strict rule that information has to be accurate   and there's good practical reasons um uh for that  you know um say for instance just a very simple   example if you had um you know provided your  address and telephone number and various other   personal information on sign up just because you  change your address your telephone number doesn't   mean that they don't then relate to you in the  future so this feature of data protection that   even inaccurate information is still personal  information is manifested clearly in different   types of Frameworks be that the general data  protection in the ndu or the Australian Privacy   Act within the Privacy principles um as I've  noted there in the slide um but let's look at   this notion of like accurate inputs and where it  could kind of play some sort of a role then in   order to to provide some sort of illustration  um so to do this I'm just going to use um   uh this figure that I had um that I suppose I used  in an article with some colleagues that I wrote   um and what I want to kind of highlight is  that traditionally I suppose we would see a   reward for the accuracy principle and data  protection to be everything within the the   red circle so if it comes within the definition  of personal information there's a requirement   to correct or ensure that the information you  know in your sign up but also potentially any   personal information about might be within  the training data or that might be used to   ensure that it is accurate if it is if it comes  within the definition of personal information   um now another point that I want to highlight out  of this is that the broadness of your definition   of personal data will affect accuracy as well so  what do I actually uh mean by that now if you have   a broader definition of personal information more  information is obviously going to come within it   and that raises potential issues because if that  information May relate to multiple people so let's   take an example in order to kind of highlight it  a little bit so we take this um graph again or   this figure which effectively is discussing um the  potential deployment of a machine learning system   in a hypothetical Insurance context but if we take  the data here that I've kind of circles now in red   with a smartphone Smartwatch sensor data um you  know that device related information would clearly   come within the definition of price information  in certain jurisdictions but there are doubts in   others such as Australia because that information  may not necessarily be about the individual so you   know if you're talking about something like  an IP address um you know that may relate to   multiple individuals but it still comes within  the definition of person information in the EU   um even though it may relate to multiple  individuals so the broader your definition   of personal information the more that you  have challenges with this accuracy principle   um so it does kind of show the flexibility of it  and that it should be seen as a principle because   um you know its operation is a little bit context  dependent now within this as well it's also   important to remember that this also relates  to so-called sensitive data categories in data   protection um in multiple regimes in different  jurisdictions they protect either personal data   um and or sensitive data so there are certain  categories of sensitive information such as health   data for instance um so when we're considering  this and considering it through the context of   emotional AI um we may then start to think about  the sensitive instances that may be drawn from   seemingly innocuous device related information  regarding for instance our emotional state and how   we classify those types of information are those  sensitive inferences potentially sensitive data   within the scope of data protection adjustation so  let me kind of explain that within the garbage out   side of this equation so if we look at this then  we're looking at the right hand side of our our   diagram yeah so the inferred data output so you  know you have the detailed processing of various   types of information which run through a machine  learning model and then spit out some sort of an   output so the question here is whether you know  these potentially sensitive piece uh information   whether they also come within the definition  of process information or personal data and   whether then the protections that are afforded in  data Protection Law um in particular the accuracy   principle also applies to this side of you know  the equation so does it play a role both in terms   of the garbage in but also the garbage out um now  um you know within this I think you know we can uh   there have been some developments and discussions  um uh but it would be uh generally um accepted I   suppose now come to this in a second that you know  the definition of person information uh would be   covered within this inferred data output um and  there have been some developments uh recently   um speaking about you know um the uh overlapping  intersection between personal data information   and uh sensitive inferences that may be drawn uh  particularly in the U um but also um for instance   in the reform of the Australian Privacy Act where  you can see here with the Triple C's and digital   platforms inquiry report a direct reference to you  know a recommendation that we need to consider the   role of uh inferences yeah so what would happen  and a further elaboration about in the Attorney   General's discussion paper uh around whether the  categories of sensitive information need to be   adjusted to take account of the fact that um such  developments are able to draw sensitive inferences   so um you know we can see um that there is a  role potentially for accuracy both uh in the   context of the uh inputs of uh these types  of systems but also uh in terms of an output   um but the next thing then to consider is whether  there are any potential weaknesses in that regard   you know so any potential restrictions um to  accuracy playing a key role for instance in   regulating the impacts of emotional AI in  terms of its inaccuracy so there are a few   here that I want to to highlight the first  is that um you know when you're looking at   data Protection Law there's an assumption  generally that the purposes are legitimate   um and effectively the Frameworks are kind of  set up as risk mitigation mechanisms uh you know   the Frameworks avoid afford certain rights  to individuals to whom the data will relate   um they play certain obligations on the  shoulders of those processing the information   um but they generally don't say anything  about the legitimacy of the purposes for   which you're actually using the information  and generally speaking if you're talking to   particular users they're often concerned about  the particular uses that technology are put up   within this concern then you have washed  barchap corpses referred to as you know the   focus of data protection being on the Upstream  so the input data as I have put it as opposed   to the output part of it and the last part then  you know I mean we have to remember with on all   this is that even inaccurate data are still  considered personal uh data or information   and therefore can we really consider there  to be some sort of a positive obligation to   mitigate the negative impacts the risks  associated with uh inaccurate outcomes   um particularly when we consider that you know  users or consumers will often have agreed to   the potential for this risk of inaccuracy uh  when signing up to use the particular service   um so we have I think you know some limitations  there within the consideration of data protection   um but maybe to kind of spell out some of that  more specifically in the context of emotional AI   um okay so given that inferences our  personal uh data at least in the EU anyway   um what role you may be wondering does  data protection have to play in preventing   inaccuracies in the context that you know the case  study that I'm using to test this a little bit   um so um I I mentioned I suppose that  there were these white uh uh you know   these uh broad concerns with the accuracy  of facial action coding in particular   um but I suppose you know there's just to kind of  give you a flavoring of these criticisms you have   um the AI now Institute at NYU basically  saying that the whole thing is a pseudoscience   um and then you have uh researchers such as  Feldman barish and others uh saying that there's   a methodological flaw within it in that they  rely on what are known as basic emotions and   that fails to capture the richness of emotional  experiences so I suppose there are um kind of   fundamental theoretical uh debates here as to  whether the entire thing is the pseudoscience   or whether there is a need for I suppose some  sort of um methodological tweaking uh within the   development of the Technologies to ensure that  they actually achieve what they set out to do um no the criticism um you know the response to  the criticism that has been there is to kind of   adjust some of the methodology methodologies so  instead of looking at a basic emotion approach   they've adjusted to a more appraisal approach  and that effectively requires the Gathering   of far more data you know because it's a  far more context aware of uh assessment   um and uh essentially that requires then uh more  uh information gathering in order to put what is   gathered into context to drive more accurate  inferences as to someone's emotional state   So within that then you end up with a question  yeah so accuracy um say if we take the general   data protection regulation in the U as an  example has a series of principles within it   um one of which is accuracy um as I've  been speaking about but others includes a   data minimization where you only have to gather  where you should only gather the minimum amount   of information in order to achieve a specific  purpose so um you know adjustments um here in   terms of the methodology require some balancing  between the interests the different principles   in order to achieve accuracy if that's we're  setting out but that may then negatively impact   uh individuals uh vis-a-vis um you know the more  extensive Gathering of information so you end up   I suppose having to to question I suppose how  these various principles are balanced fairly um the next key point I suppose that I want to  highlight is um you know it's kind of a statement   but there's also a question to it I suppose is you  know if there's a flaw in the entire methodology   um there's a question as to whether it  really matters in terms of input or output   um whether that's accurate yeah so  what's the role of data Protection Law if   um you know the entire methodology  that is being relied upon uh is flawed   so um I thought I'd take again the example  of the facial action coding to kind of   um illustrate what I'm trying to to say here um  but if we um you know so with this uh particular   um example of emotional AI essentially the  premise behind it is that the facial expressions   of an individual reveal these basic emotions so  how they are feeling at any particular moment   um and there have been serious questions regarding  that premise that methodology or understanding   that grounds um the technological developments  um so now within okay I suppose an accuracy's   perspective from the data side um the data might  be perfectly accurate in that the detection of   the facial expressions might be Flawless but  the underlying methodology or the correlation   between those facial expressions and the emotion  that the individual is actually feeling may not   be correct so there is a question as to  whether data protection is the appropriate   lens through which to consider this potential  fault or this particular particular problem   so that kind of leads me then um to this point  so if data protection isn't the solution how   do we kind of regulate the potential for  garbage in the middle yeah so we can see a   role for data protection as an input you know when  personal data is an input and for data protection   when there's sensitive personal data outputs or  inferences that are drawn through this detailed   complex processing but what about regulating the  machine learning model in the middle that might be   um you know flawed in terms of its fundamental  reasoning as to how it is drawing these inferences   in the first place so this is kind of um you know  where I am at the moment in terms of this research   and where I'm going but I I'd like to kind of  maybe spell out in the last few slides exactly   where my thinking is and uh where the the progress  for the future research that I'm doing and how   it's going to tie in with this so um the first  thing to mention and you know we need to I mean   consider some of the regulatory developments that  are happening in this space is that the proposed   AI act um in the EU is essentially suggesting that  there should be transparency requirements uh for   Technologies including emotional AI why this  is interesting um in particular is that there   have been a series of um reports I suppose from  policy makers but also enforcement authorities   actually calling for a ban of these Technologies  um and that has kind of led me to kind of question   okay in what how should we regulate you know  that the the potential garbage in the middle   um these enforcement authorities of the  European data protection board and the   European data protection silver supervisor  for instance are suggesting this ban but   um how does that kind of fit together how should  we view this and that has led to me kind of   um coming up with a few different questions  um that I am particularly interested in   um so I suppose one of the fundamental ones um  that is uh I guess to a certain extent plaguing   me at the moment is you know do we want policy  makers uh deciding on you know what could be   construed as scientific debates so the merits of  different Technologies uh from a purely scientific   perspective and within that in the context  of emotional AI you can question whether it   is a scientific debate at all yeah there are  some who say that it is purely a pseudoscience   um and that's it there are others who say okay  well there are fundamental flaws in some of the   technologies that have been developed but  this is an evolving space and so you know   um there is a scientific debate to be had um now  you know I the second bullet point there kind of   points I suppose uh some of the complexities  that are underpin that you know so uh the   fact that some of the criticisms uh don't really  narrow down on what they're criticizing whether   it be it the underlying methodology or um for  facial action coding in particular and uh you   know the point within that is that policy  makers are often probably not best placed   um to recognize recognize the nuances and  these types of arguments um and you can   question whether it is actually the appropriate  place to have these types of discussions then um so you know this has kind  of LED them to me considering   um the broader um uh implications of the  research that um on this particular area um more   specifically focusing on you know how we might  go about regulating the inaccuracy more generally   um emotionally I might be just one example  of it and how we kind of start to think about   um how we regulate inaccuracy how we've  regulated in the past um and I suppose one of the   fundamental things that I want to that I noticed  I suppose such is obvious is that inaccuracy   is everywhere in consumer products so the fact  that we have some you know newfango technology   um with you know um AI in the title that uh is  suddenly inaccurate um is in particularly unique   um uh in this space the next one is that you know  there are a range of harmful products or Services   um that are easily accessible to uh to Consumers  um no there may be uh for instance certain   restrictions on the access to certain harmful  products uh for instance alcohol or tobacco but   um there are extremely harmful products  that are left open to the general public   um so one will be unique about  regulating a particular technology   um uh broad scale through the through uh  actually Banning it like emotionally I um the next thing I suppose that I'm starting  to think about a little bit is if there is   a difference between Banning a um you know  a product or a service uh versus Banning a   particular technology and if that actually matters  yeah so I suppose within this I'm starting to kind   of question whether there could be a shifting  regulatory targets when we're talking about a   specific uh deployment of Technology um you know  um as opposed to particular types of products that   we may or services that we may have regulated in  the past um that may make us far more difficult to   um effectively regulate the inaccuracy  through bands in this particular context   um Okay so then you know the final uh  points that I kind of want to highlight   is really you know the where from here you  know and what I'm kind of uh focused on and   um you know part of this research that's kind of  moving into the future of us I'll be doing with   um Professor Jeannie Patterson at University  of Melbourne where we're going to be kind   of looking at this issue through a broad or uh  regulatory lens um you know so looking at existing   contract law mechanisms but also for instance  protections that may exist in consumer law to   look at for instance misrepresentations  and capacity of these particular uh   um Technologies May perhaps contained in  terms of conditions or the potential for   the application of consumer protection mechanisms  around misleading or deceptive conduct but also   the potential role for the application of  entrepreneurial terms regulations um also   down to you know the unfair trading Provisions  that exist for instance in the EU or the US   um but also within this to view and understand  more other exante means of regulating um in   addition to data protection and data protection  accuracy mechanisms uh such as consumer guarantees   law uh and whether there could be kind of a more  principled based regulatory intervention compared   to outright bands of specific technological  developments um and but within that we also still   want to look at this role for more paternalistic  means of intervention uh more specifically bans uh   the circumstances of where and when they should  happen even for um you know as I mentioned for   very harmful products there may not be whole scale  bands and we need to kind of explore those kind of   trade-offs in order to determine okay on what  point of this kind of paternalism empowerment   scale do we need to land on in order to  effectively regulate these types of Technologies so um I think that that's uh is kind of bringing  me to the the end of what I wanted to say I   realized that I kind of you know kept that very  much within time but that then allows us for a   more elaborate discussion which I think is is good  um and I'm happy to kind of elaborate on any of   the the parts I think it's kind of like wind me up  and watch me go I think with this particular topic   So like um I'm happy to expand in any particular  areas if anyone has particular questions so thank   you okay uh thank you uh so much Damian  for a really nice uh introduction to this   um research project uh as a reminder to the  participants uh in the room uh you can use   the Q a box to uh post questions or if there's  an area you want Damien to if you want to wind   him up and let him run uh in a particular area  just just let them know up in the Q a box there   I will uh use the the chair is privilege to  ask um uh my main question really which is   um so I'm not a scholar of privacy I'm  more I think if you were to characterized   scholar of innovation so I think about these  things maybe from a different perspective   um and I guess my question is is kind of like  do we even need to worry about regulating   inaccuracy in this in these sorts of contexts  given that we can probably assume there's a   built-in Market incentive for accuracy right the  people who develop these Technologies want them   to be accurate if I'm building an emotional AI  I want it to do its job well if I'm building a   a behavioral advertising algorithm I want it to  accurately Target the advertisements that it it   chooses for particular users um and we know just  from the history of innovation that almost all   Technologies they they develop incrementally they  start off as sort of poor versions of themselves   and over time as Market incentives sort of  take their effect and the engineering Kinks   get ironed out the Technologies get progressively  better and and better and more at in this case it   would be more accurate and more accurate and and  I wonder whether or not even introducing the the   threat of as you said Banning inaccuracy might  upset those Market incentives and lead us to   miss out on technologies that that might turn out  to be very very very helpful for a lot of context   that they're maybe not even now applied I could  think of a lot of different contexts where I'm a   truly accurate emotional AI engine would be very  very useful and have a lot of uh good uses good   things that we would mostly think of as ethical  or moral uses that would help benefit Society   so there's quite a bit there but I just wonder  what your responses are to those thoughts yeah   no thanks very much for that I think um like I  think you've um eloquently uh expressed a concern   that I had you know stemming from the the calls  in the European Union to ban uh this particular   technology um I know I say that as someone who  is quite skeptical of like current developments   um and I I definitely take your point I mean I  suppose that was kind of like the the starting   point for this and that like um moves towards  a ban is an extreme regulatory outcome like   it's an ex you know there's a lot in terms of the  regulatory Spectrum in terms of interventions that   you can have that don't go as far as Banning an  entire technology um and I guess that that kind   of started um uh this project out you know so um  looking at more accented principle-based ways of   mitigating the impacts of inaccuracy um now I  take your your point the businesses themselves   want to avoid it yeah because the better product  that they have the more they'll be able to sell   it essentially so the market essentially  should at least in theory take care of it   um now the one thing I would say um to kind of  maybe draw back a little bit of what I said um   is that like you know there are particular uses of  this technology that are particularly problematic   yeah where inaccuracy could pay um a fairly uh I  mean it could have fairly massive negative impacts   yeah so if you're talking about using this to  you know surveil public spaces for instance   um now granted this is all about particular  uses yeah I mean you can have moratoriums   on particular uses of the technology um and I I  think that that's kind of part of the spectrum of   regulatory responses that I'm interested in you  know there's nothing particularly wrong with um   in my view if having it as parent to the kind of  a gaming feature uh for instance in a video game   um no obviously you still have those lingering  challenges associated with what is known as   function creep yeah so you use it for one thing  and then it just expands in terms of its uses   um but I think that that's a different regulatory  targets to the technology being inaccurate   um if that makes sense so I kind of you know um I  agree with you and then I've kind of expanded to a   certain extent so I hope that that kind of um you  know gives you another you know an understanding   of my position absolutely yes I I sort of picked  up implicitly on on that uh perspective that   you presented when you talked about your your  hesitancy about perhaps the European approach   to Banning specific Technologies especially at  this early stages in their development and the   potential follow-on costs that might have for  society we do have uh some questions in the Q   a box uh now so TG has listed three questions um  I'll read them all some of them I think you've   maybe already started to address the first one  I think is related to what we were just talking   about where TG asks whether or not companies who  are developing AI systems aren't already sort of   self-regulating by basically doing a b testing  so like they're just they're trying to make their   products better so I think the question here is  basically the same it's like do we even need to   to intervene in these contexts when companies  already are concerned about this the the second   question is quite broad TGs whether or not there's  a regulatory technology or a reg Tech solution to   to regulate accuracy the third question I think is  maybe the most interesting here is whether or not   um regulating disclosure or transparency might  upset the market and allow some companies to to   benefit off of the work done by their competitors  right so if if there's a disclosure regime that   requires companies to disclose how their black  box algorithm works is that then put them at a   competitive disadvantage because their competitors  don't need to reverse engineer it they can see it   it's all been disclosed to them and because that  then itself perhaps uh undermined incentives to   produce good algorithms because you're not able  to internalize the benefit of the algorithm so   there's quite a bit there you're free to sort  of answer any of those all those uh you like   yeah this was a maybe um respond to the last  question first then um I mean I think yes but   uh to a certain extent I mean um entire  transparency um would uh disincentivize   um innovation in that sense but I suppose you  know it isn't um it is all or nothing it's   essentially my my very brief response to that you  know if you think about like transparency around   um say automated individual decision making in  the gdpr um you can have layering of information   it might only be the information that is needed  for the consumer to have some idea of how their   information is being processed without necessarily  revealing the trade secrets that might go behind   it um you know there's a broader discussion here  about uh things I'm less varsed in as to whether   you know um uh you know there's a broader need for  um Powers regulatory powers to step in and kind of   examine I suppose what's happening underneath  the Hood um I think you know again that's kind   of a more graduated response than saying whole  scale you have to publish everything online um   it's more kind of okay well there are restricted  powers to investigate in certain circumstances   um so I think like you know my response to that  question is essentially that there's a potential   Spectrum uh when it comes to transparency  and it isn't you know entire transparency   or nothing at all um so that's kind of maybe  you know a fairly simple answer but I think   that there's some way to it um you know in terms  of the rake Tech solution for regulating accuracy   um I'm not entirely sure you know  it might depend a little bit on   um you know the that difference I was say if we  take the emotional AI context whether there's a   flaw within the underlying uh premise of the  technology so in the matter ideology that's   actually being used or not um you know I think  that that would be fairly clear based on the the   type of work that's actually going there but if  it's less based on the fundamental approach the   methodology then it can become a little bit more  difficult perhaps and then you may need Technical   Innovations in order to figure out what precisely  went wrong but again I'm you know I think that   that's more of a computer science question than  a law question or regulatory question proceed   sure so we we have another question uh here  which I think it raises something you uh you   briefly uh discussed before which was about the  use of these Technologies in video games where   you suggested maybe there's less of a concern  there and then you know they're maybe more more   sensitive areas but William lamb asks um what  if the there's sort of a transition towards   what people call the metaverse obviously that  can mean different things to different people   but I think implicit in this question is what  happens if and when I'll use the if because I   don't know that it's uh predetermined but  if a lot of more of our social behavior   starts to take place in in game like context  virtual reality whatever you want to call it   um thereby making more of these the applications  of these these Technologies potentially   um it gives them more power to sort of  influence the day-to-day activities of Our   Lives that aren't just recreational maybe  it's uh quite important things like you   know meeting of our lovers Etc things like  that really important personal experiences   um do the considerations change in a context like  that does it does it did your concerns change um yes I mean I think that they shift to concerns  I mean uh concerns about our capacity to make   decisions for ourselves essentially us or  I mean they become a lot about autonomy   um and I think like you know there's  already debates about this in terms of   the effects of a mediated environment  when you can personalize content   um and potentially I mean depending on  your your way of viewing this I mean some   would say manipulate Behavior depending on the  context of the personalization and some of the   the examples I showed at the very beginning  you know whether it be the kind of Cambridge   analytica or the emotional contagion experiments  kind of point to those types of things the risk   of you know the impacts and autonomous  decision-making capacity of individuals   um and you know you could see that with in you  know the market yeah so can they effectively   choose the products that they want are they even  aware that they're potentially being manipulated   um you know can they even retrospectively say that  they didn't want a particular product or service   or whatever whatever it is it is so certainly  I think that those things kind of feature in   um and to a large extent I think that they relate  as well to the points I kind of hinted at around   um function creep yeah so I mean you can think  as you said uh in your first question I think um   that there are uh you can point at religiousness  ethical uses of this technology when it's accurate   you know I mean you can think of potentially  Healthcare uh applications as a particular context   um but it's when um you know the data from  one particular context starts to seep in terms   of usages uh to kind of have some sort of an  influencer or direct Behavior around commercial   decision making that I really think then you  have uh you know it starts to to play some sort   of significant role so um again I think hopefully  it kind of gives you an idea of what I'm thinking   great thank you uh so we have another  question here from Anonymous attendee who uh   the premise is that most data protection laws  provide a right to correct or Rectify inaccurate   personal data that's collected about an individual  and then the question is in the case of inaccurate   inferred data how or would it even be possible  could daters could data users be able to honor   such requests so would they have to I guess tweak  the algorithm somehow at the individual level   um bite the algorithm and retrain their model  like is there is there any thoughts about how   the engineering or actual like functionally  that could take place uh I mean I I suppose   it depends on what point you're deleting yeah so  if it's in terms of the impacts of an inference   um then you can maybe change the outcome yeah  if it has to do with okay um you know various   aggregated data um are collected in order to you  know um train the model uh then it's going to be   very difficult to kind of remove anything from  you know uh that particular stage yeah so if   you're thinking about like okay uh the impacts of  this in terms of the influencer that it draws and   then the potential decision that comes out of it  I think you're kind of circling back to automated   decision making type protections um where there's  been a massive discussion around you know right   to explanation and all that kind of stuff but also  the right to kind of contest a particular outcome   um you know it might be that you know um  requesting the deletion of that particular   information isn't actually the most effective  outcome it's to change the outcome that was   reached uh or at least to be able to challenge  the outcome I think I think that that kind of   depends on the context a little bit and the  application that you're talking about but   um I would say that you know um yeah maybe maybe  the the deletion of inaccurate inferences isn't   um you know the the most appropriate  outcome that you would be seeking that exhaust the currently asked questions I'll  ask another uh follow-up question but I'll also   invite uh attendees if you have questions feel  free to add them to that q a box that's down   at the bottom of your your Zoom window here  um so one question I have I guess is like   so we were just talking about the ability of users  to potentially correct incorrect data or incorrect   uh predictions or inferences uh about them that  these um whatever you want to call emotional ai   ai in general uh might produce do you think it  might be useful to allow users to choose how much   inaccuracy they're willing to tolerate because  some people don't care right some people really   have uh they don't really care if you want to make  inaccurate emotional inferences about me or serve   me bad ads because of your behavioral algorithm it  doesn't matter to me very much but to other people   might actually feel very strongly about these  things and so is there a a mechanism whereby   the regulation could take those considerations  into account and allow people to sort of tailor   the amount of inaccuracy they're exposed to or do  you think that need to go over complicates things   well I mean I think maybe even the um proposed  approach in the uh proposed AI act actually kind   of does that because it says that you need to  be transparent I mean what you probably have   to add is um you know some information on the the  potential for inaccuracy yeah so some statistical   um I don't know transparency obligation that  would say that you have to provide this type   of information now how you would actually  practically realize that becomes a little bit   difficult because it might be a little bit context  dependent um but um in saying that I mean like   you know that would be I mean legally speaking I  think that that's the way you would do it yeah you   um from you know if we're supposed to be active  Market participants who provide the information   to the consumers and they effectively choose now  there's a you know a well-versed criticism of that   and that individuals have absolutely no idea  what's going on and they don't actively choose   um or you know you could say that they actively  uh choose not to be choosing or be informed   armed yeah um so I think within this and I  think it kind of underlines um you know the   emphasis of the the project you know where this  project is going is trying to kind of find that   um the right spot along the spectrum between  empowerment and fraternalism so you know how   much fraternalism is actually necessary depending  on the the risk associated with a particular   technology and you know I guess the feeling um  that I have and I try to kind of maybe convey   this through some of the answers and also of the  presentation is that I don't think wholesale bands   um are brand new learn of to kind of  respect that paternalism empowerment   divide that you need to think about  things a little with a bit more nuance   um in order to kind of respect both the fact  that you know consumer policy is there to protect   individuals from themselves but also you know  from I suppose different types of harm but also   to promote individual autonomous decision-making  capacity I mean it has multiple policy aims   um and you know the protection of an autonomous  capacity to choose is an important goal in itself   um so I I do think that when you're trying to  figure out okay where on the Spectrum you know   you want to lie you have to kind of EX yeah you  have to explore those kind of theoretical debates   I suppose that um are familiar as opposed to  Scholars and consumer protection but also to   a certain extent data protection privacy as  well great thanks um I got sort of another   follow-up question to that I guess which uh  it's a kind of a fundamental premise which is   like who decides who's accurate and is what  what is accurate in these contexts so I can   think of at least three actors or or entities  that that might be the important decision   makers here right so one is the individual in  question obviously and that's the most obvious   one right I should decide what's accurate uh  in these things that are inferred about me   um another is the the infer right they may  have a different opinion about what's accurate   um because they have different use cases right  maybe that their their use for their purposes   their prediction might be perceived by them  to be accurate but by me to be inaccurate and   the third is you suggested earlier in response I  think maybe to one of tg's questions that maybe   there was some room here for like a regulatory  intervention and maybe you could have I don't   know I I called them in my mind like the  algorithm police who could go in and look   into the black box and see what's going on and  so maybe they could be a third party uh in this   context who might have a useful perspective on on  what's accurate and what's inaccurate um is there   an overarching answer to that question or again  is it one of those like this is really context   dependent and it it varies based on the technology  the question of the application in question   um I mean I do think it's kind of text dependent  but I do think that it could ground I suppose   regulatory responses yeah so um you know if you  know that um the inaccuracy is being built yeah   so there's a fundamental flaw in what you're  deploying um then you can think about like   you know other means of Regulation that we have um  already have saying consumer protection around say   product liability or whatever else so like you  know we have mechanisms in order to respond to   some of these things and it's about like thinking  about their deployment to a certain extent   um and you know you know this potential for  like the the algorithm police to kind of come in   um I would say that like I'd be kind of hesitant  um to a large extent um I think it kind of   um there may be certain contexts and certain  uses that we say okay well um because accuracy   is an issue here we simply can't deploy because  the it's too risky yeah I'm not entirely sure   if that's actually within consumer products  yeah I mean we can think of emotional AI uses   that extend far beyond what we as consumers might  purchase um either you know embedded in products   or services online um you know be it in kind of  you know the policing National Security space   um where the potential for error and the risk  of error you know is uh I suppose and the risks   associated with error um increase dramatically  yeah um so I would be kind of um thinking more on   the lines of if there are going to be regulatory  interventions we have to think about okay well   we're in where is the risk calculus to work just  um and does that justify you know something like   a moratorium on the use of that technology in  that particular context rather than empowering   um you know a regulator necessarily to kind  of step in and say okay well this is only   59.5 accurate therefore it shouldn't be served  to Consumers you know because it like yeah I I   think that um it also just wouldn't result in a  regulatory outcome that would be economical for   the ones of a better you know for just yeah  and there are other concerns as well I think   um great thank you that's uh very useful we  are getting close to the end of time but we   have another question by either the same or  a different Anonymous attendee here which   is whether or not emotions actually qualify as  uh personal data under current data protection   regimes I don't know the answer to that but do  you uh yeah well I've I've already written on   this so there's this paper about a book chapter  that I wrote um uh kind of dealing I suppose   with some of these kind of basic questions as  well so um it will be personal information or   personal data I think uh that's not particularly  difficult to find particularly in in the EU um I   think where it gets a little bit more difficult  is whether it's sensitive personal information   um you know and here you kind of  end up with questions like well okay   um you know our Mo uh I suppose inferences  relating to someone's emotions can they be   classified as health related information which  would be classified as sensitive information or   if you look at particular deployments of emotional  AI say through facial action coding it'll be clear   that they'll probably be using biometric templates  which are generally if you look at various data   protection Frameworks they're classified as  sensitive information whereas if they're using   other means of detection that don't involve  the use of Biometrics then there may be more   questions yeah so then it's just a question  whether it's Health Data or not Health Data   um so I think yeah my answer that asks is kind of  simple like um you know the it will be classified   as these technologies will be using personal  data it's more of a question whether they're   using sensitive personal data and that may depend  on the context and whether you view the insights   that it derives to be kind of anywhere related  to health and falling within the sensitive that   category or whether they're using you know a  particular biometric information which would   otherwise bring it within the definition  of process sensitive process information   um so I hope that that kind of um answers it yeah  I think it does I know more about it now than I   did two minutes ago so thank you um maybe this  might be the last question because we're down to   the last few minutes of the hour um but uh so TT  asked the question that and this comes up right   sometimes this is people's response uh to these  these thorny questions of of privacy is maybe   we should just mandate uh anonymization right  so that you can no longer associate users with   their data it's it's challenging for a number of  reasons but I wonder what your response to that is   um I mean I suppose to a certain extent you  can say that is kind of is already somewhat   in the Frameworks in that like if you want to  avoid the scope of data Protection Law um you   render the data Anonymous and then it doesn't come  within it and then you can do whatever you want   um and there as there are requirements to  delete information if you process if you   process it so that it is anonymous um then you  know it's not going to come within the scope of   uh the statutory framework no one's saying that I  think that that's like far easier said than done   um because like you know there's kind of a  utility anonymization uh balancing yeah you   want the information to be useful and for it to be  useful you need to be able to drive some sort of   uh inferences or whatever or you need to be able  to relate it to some individual which basically   means that you it can't be anonymous um you know I  mean there are discussions around pseudonymization   um and uh you know depending on the jurisdiction  you're in whether Anonymous information comes   within the definition of personal data  I think the general consensus is Within   These Frameworks is that generally it does  because the impact of its use will still be   the same as to whether it's pseudonymous or  not but I think with this anonymization point   um I think really as soon as you start thinking  about anonymization you have a real impact on   the utility of the information that you've  gathered which then kind of undercuts the   purposes for which you might be gathering it in  the first place um which renders those kind of   very difficult so I hope that that has kind of  answered this and it's probably a nice way to   end as well yeah it was a good uh way of showing  out the competing interests between anonymization   and utility like how you put that okay so uh  we're basically out of time there uh that hour   flew by gaming it was very very fascinating so  thank you so much on behalf of hku and the law   and Technology Center for presenting your research  and entertaining our questions and uh thank you to   all the attendees for attending and for your great  questions and we hope to see you all at a future   hku law and law and Technology talks okay so  thank you uh thank you again thank you take care

2023-02-15

Show video