Impact of AI on Privacy

1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Impact of AI on Privacy
Antonio Kung (Trialog)
Data protection in real-time. Transforming
privacy law into practice. Oxford – Sept 10th,
2019
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
1
This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034

2. AI based applications
Current wave
Automatic speech recognition
Machine translation
Spam filters
Search engines
…
Upcoming wave
Autonomous cars
Robots for elderly people
Autonomous drones
…
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
2

3. Example: Safety Application
Cooperative ITS
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
3
Road side unit
Sending vehicle
Receiving vehicle
Broadcast message (CAM – Cooperative Awareness Message)
Position of vehicle
Movement of vehicle (speed, acceleration, steering angle, …)
Static information about the vehicle: type and size
Recent Path (limited to the last 30 seconds at maximum)

4. Privacy-by-design: Pseudonyms
(see https://www.sevecom.eu/ 2006-2008)
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
4
Pseudonymization authority
Road side unit
Sending vehicle
Receiving vehicle

5. Ecosystem
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
5
Road side unit
Application operator
(Safety, Traffic)
Pseudonym issuer
(PKI)
Vehicle
operator
Road side unit
operator
On board
Application operator
Safety

6. Ecosystem Threats
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
6
Road side unit
Application operator
(Safety, Traffic)
Pseudonym issuer
(PKI)
Vehicle
operator
Road side unit
operator
On board
Application operator
Safety
Linking data
(using AI)
Linking pseudonyms
(using AI)
Identify driving behaviour
Identify driving offence

7. Autonomous
vehicle
example
Example: Autonomous Vehicle
AI to help decision
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
7
toon
Policy management
process
Autonomous vehicle
manufacturer
Control and
monitoring process
Applies
Autonomous vehicle
Vehicle and
passengers
to manage
Safety, security,
privacy policies
follows
applies
to monitor Establishes
follows

8. AI to Assist System Lifecycle Processes
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
8
Process AI support
Agreement AI-assisted data sharing agreement
Organisational AI assisted decision making
AI assisted knowledge management
Technical
management
AI assisted risk analysis
AI assisted compliance
Technical process
AI-assisted risk analysis
AI-assisted design
AI-assisted verification
AI assisted operation
AI assisted maintenance
ISO/IEC/IEEE 15288

9. AI to help Cybersecurity Lifecycle
(ISO/IEC 27101 – NIST)
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
9
Process AI support
Identify AI assisted risk analysis
Protect
Pattern recognition for the design of security
and privacy controls
Detect
Anomaly detection
- off-line analysis
- on-line detection
Respond Assisting and training operators
Autonomous decision taking?Recover

10. AI to help Risk Analysis
Assistance to avoid attacks
(reduce likelihood of threats)
Assistance to breaches (reduce
severity of impact)
Data protection in real-time. Transforming privacy law into
practice
10/09/2019
10
Absolutely
avoided or
reduced
Must be
avoided or
reduced
Must be
reduced
These risks may
be taken
Negligible
Likelihood
Limited
Likelihood
Significant
Likelihood
Maximum
Likelihood
Negligible
Impact
Limited
Impact
Significant
Impact
Maximum
Impact

11. AI to Break Cybersecurity
security incident / privacy breach
is more likely to occur
Security incident / privacy breach
has more impact
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
11
Absolutely
avoided or
reduced
Must be
avoided or
reduced
Must be
reduced
These risks may
be taken
Negligible
Likelihood
Limited
Likelihood
Significant
Likelihood
Maximum
Likelihood
Negligible
Impact
Limited
Impact
Significant
Impact
Maximum
Impact

12. Data Poisoning
Courtesy Ivo Emanuilov (KUL – citip – Imec)
Adversarial examples: malicious inputs to machine learning models
Data Poisoning: Fooling the models
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
12

13. Malicious AI Report (February 2018)
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
13

14. Conclusions
AI will improve lifecycle processes
AI will improve security and privacy risk management
Malicious AI will increase security and privacy risks
Security and Privacy Governance Model for AI to meet
Empowerment capability
Explainability capability
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
14

15. Context or presentation
ISO Study period Impact of AI on privacy
Started in October 2018 for one year
Rapporteurs
 Antonio Kung
 Srinivas Poosarla
 Peter Dickman
 Gurshabad Grover
 Peter Deussen
 Heung Youl Youm
 Zhao Yunwei
SC27 work, liaison with SC42 AI
Terms of reference
review new generation of AI-based systems (autonomous systems) and identify their impact on privacy,
review new threats to privacy which AI can create,
review how AI can be used by deploying improved privacy controls, and
provide recommendations for standardization work.
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
15

16. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Thank you for your
attention
Questions?
For more information, visit:
www.pdp4e-project.org
Contact points
Antonio Kung (Trialog)
Antonio.kung@trialog.com
Yod Samuel Martín (UPM)
ys.martin@upm.es
10/09/2019
Data protection in real-time. Transforming privacy law into
practice
Slide 16