1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Impact of AI on Privacy
Antonio Kung (Trialog)
Data protection in real-time. Transforming
privacy law into practice. Oxford – Sept 10th,
2019
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
1
This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034
2. AI based applications
Current wave
Automatic speech recognition
Machine translation
Spam filters
Search engines
…
Upcoming wave
Autonomous cars
Robots for elderly people
Autonomous drones
…
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
2
3. Example: Safety Application
Cooperative ITS
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
3
Road side unit
Sending vehicle
Receiving vehicle
Broadcast message (CAM – Cooperative Awareness Message)
Position of vehicle
Movement of vehicle (speed, acceleration, steering angle, …)
Static information about the vehicle: type and size
Recent Path (limited to the last 30 seconds at maximum)
5. Ecosystem
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
5
Road side unit
Application operator
(Safety, Traffic)
Pseudonym issuer
(PKI)
Vehicle
operator
Road side unit
operator
On board
Application operator
Safety
6. Ecosystem Threats
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
6
Road side unit
Application operator
(Safety, Traffic)
Pseudonym issuer
(PKI)
Vehicle
operator
Road side unit
operator
On board
Application operator
Safety
Linking data
(using AI)
Linking pseudonyms
(using AI)
Identify driving behaviour
Identify driving offence
7. Autonomous
vehicle
example
Example: Autonomous Vehicle
AI to help decision
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
7
toon
Policy management
process
Autonomous vehicle
manufacturer
Control and
monitoring process
Applies
Autonomous vehicle
Vehicle and
passengers
to manage
Safety, security,
privacy policies
follows
applies
to monitor Establishes
follows
8. AI to Assist System Lifecycle Processes
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
8
Process AI support
Agreement AI-assisted data sharing agreement
Organisational AI assisted decision making
AI assisted knowledge management
Technical
management
AI assisted risk analysis
AI assisted compliance
Technical process
AI-assisted risk analysis
AI-assisted design
AI-assisted verification
AI assisted operation
AI assisted maintenance
ISO/IEC/IEEE 15288
9. AI to help Cybersecurity Lifecycle
(ISO/IEC 27101 – NIST)
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
9
Process AI support
Identify AI assisted risk analysis
Protect
Pattern recognition for the design of security
and privacy controls
Detect
Anomaly detection
- off-line analysis
- on-line detection
Respond Assisting and training operators
Autonomous decision taking?Recover
10. AI to help Risk Analysis
Assistance to avoid attacks
(reduce likelihood of threats)
Assistance to breaches (reduce
severity of impact)
Data protection in real-time. Transforming privacy law into
practice
10/09/2019
10
Absolutely
avoided or
reduced
Must be
avoided or
reduced
Must be
reduced
These risks may
be taken
Negligible
Likelihood
Limited
Likelihood
Significant
Likelihood
Maximum
Likelihood
Negligible
Impact
Limited
Impact
Significant
Impact
Maximum
Impact
11. AI to Break Cybersecurity
security incident / privacy breach
is more likely to occur
Security incident / privacy breach
has more impact
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
11
Absolutely
avoided or
reduced
Must be
avoided or
reduced
Must be
reduced
These risks may
be taken
Negligible
Likelihood
Limited
Likelihood
Significant
Likelihood
Maximum
Likelihood
Negligible
Impact
Limited
Impact
Significant
Impact
Maximum
Impact
12. Data Poisoning
Courtesy Ivo Emanuilov (KUL – citip – Imec)
Adversarial examples: malicious inputs to machine learning models
Data Poisoning: Fooling the models
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
12
13. Malicious AI Report (February 2018)
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
13
14. Conclusions
AI will improve lifecycle processes
AI will improve security and privacy risk management
Malicious AI will increase security and privacy risks
Security and Privacy Governance Model for AI to meet
Empowerment capability
Explainability capability
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
14
15. Context or presentation
ISO Study period Impact of AI on privacy
Started in October 2018 for one year
Rapporteurs
Antonio Kung
Srinivas Poosarla
Peter Dickman
Gurshabad Grover
Peter Deussen
Heung Youl Youm
Zhao Yunwei
SC27 work, liaison with SC42 AI
Terms of reference
review new generation of AI-based systems (autonomous systems) and identify their impact on privacy,
review new threats to privacy which AI can create,
review how AI can be used by deploying improved privacy controls, and
provide recommendations for standardization work.
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
15
16. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Thank you for your
attention
Questions?
For more information, visit:
www.pdp4e-project.org
Contact points
Antonio Kung (Trialog)
Antonio.kung@trialog.com
Yod Samuel Martín (UPM)
ys.martin@upm.es
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
Slide 16