Week 8 - Ethics

Question 1

Ethics

Answer 1

Principles of right and wrong that guide behaviour.

Question 2

Legal frameworks

Answer 2

Laws based on ethics to regulate behaviour.

Question 3

Best practice

Answer 3

Going beyond legal requirements to act ethically.

Question 4

Standards

Answer 4

Formal rules that define and enforce best practice.

Question 5

Data Protection Act (DPA)

Answer 5

• Before 2018 UK data protection was goverened by DPA
• Its key features were:
  − Granted rights to data subjects - individuals could request a copy of stored personal data.
  − Imposed obligations on organisations - organisations had to securely store personal data.
  − Introduced Information Commissioner role - commissioner could issue fines for non-compliance and maintain a register of data controllers.

Question 6

General Data Protection Act (GDPR)

Answer 6

• GDPR replaced DPA in 2018.
• Its key enhancements were:
  − expanded rights for data subjects - right to be forgotten
  − stricter obligation on organisations - organisations required to notify authorities of data breaches within 72 hours
  − strengthen role of Information Commissioner - increased fines of max(€20 mil or 4% global turnover) for non-compliance.

Question 7

Importance of GDPR compliance

Answer 7

• Any organisation must comply with GDPR if collecting data on data subjects who are EU citizens.
• In the UK, investigation and enforcement are carried out by the Information Commissioner’s Office (ICO).
• Compliance is essential to avoid financial or reputational damage.

Question 8

Provisions (rights to data subjects)

Answer 8

• Consent: data collection requires informed and freely given consent.
  Individuals can withdraw consent at any time.
• Right to be forgotten: individuals can request data deletion.
• Right of access: individuals can access their personal data held by organisations. Access through Subject Access Request (SAR).
• Breach notification: organisations must notify individuals and regulators of data breaches.

Question 9

Personal data vs sensitive data

Answer 9

• Personal data: any data related to natural persons (living individuals) that can be directly or indirectly identified e.g., name, ID (driving license/ passport).
• Sensitive data: Data about protected attributes e.g., health, race or religion. Need greater justification to collect sensitive data and there must be higher security around it.

Question 10

7 principles of GDPR

Answer 10

1. Lawfulness, Fairness, and Transparency - Comply with other laws and provide evidence of lawfulness.
2. Purpose limitation - Collect data only for specified, valid reasons and inform individuals.
   If you are asked for data without a reason, you do not have to give the data.
3. Data Minimisation - Limit data collection to what is relevant and necessary for the stated purposes.
4. Accuracy - Ensure data is up to date and allow individuals to correct inaccuracies.
5. Storage Limitation – Delete data when it is no longer needed.
6. Integrity and Confidentiality - Protect data from unauthorised access or breaches.
7. Accountability - Demonstrate compliance with GDPR by keeping records and documenting actions.

Question 11

How you should work with ethics

Answer 11

• Need approval from Ethics Review Boards (ERBs) when collecting data and when building systems with collected data.
• Need to keep detailed records to demonstrate compliance with what you planned and stated.
• Should collaborate with specialists who understand the legal requirements.
• If working alone, need to familiarise yourself thoroughly with the relevant laws and regulations to ensure compliance.

Question 12

BCS code of conduct - professional competence and integrity

Answer 12

• Only undertake to do work or provide a service that is within your professional competence;
• NOT claim any level of competence that you do not possess;
• Develop your professional knowledge, skills and competence on a continuing basis, maintaining awareness of technological developments, procedures, and standards that are relevant to your field;
• Ensure that you have the knowledge and understanding of legislation and that you comply with such legislation, in carrying out your professional responsibilities;
• Respect and value alternative viewpoints and seek, accept and offer honest criticisms of work;
• Avoid injuring others, their property, reputation, or employment by false or malicious or negligent action or inaction;
• Reject and will not make any offer of bribery or unethical inducement.

Question 13

Equality act of 2010

Answer 13

• Protects against direct and indirect discrimination:
  Direct: Treating someone unfairly due to a protected characteristic.
  Indirect: Policies or practices that disadvantage certain groups.
• Monitored by the Equality and Human Rights Commission (EHRC)
• It is linked to GDPR as it ensures fairness and lawfulness in data use.

Question 14

Positive action

Answer 14

• Steps to improve representation and inclusion.
  E.g., helping individuals overcome disadvantages or meeting specific needs.
• This is recommended.

Question 15

Positive discrimination

Answer 15

• Treating one group less favourably than another.
  e.g., refusing to hire men solely to increase the number of women.
• This is illegal.

Question 16

Can AI discriminate

Answer 16

Yes.
AI can discriminate if it is trained on data where discrimination is present e.g., Amazon had to scrap an AI after it started penalising CVs if they included the word “woman”.

Question 17

BCS code of conduct - public interest

Answer 17

• Have due regard for public health, privacy, security and wellbeing of others and the environment;
• Have due regard for the legitimate rights of third parties;
• Conduct your professional activities without discrimination on the grounds of sex, sexual orientation, marital status, nationality, colour, race, ethnic origin, religion, age or disability, or of any other condition or requirement;
• Promote equal access to the benefits of IT and seek to promote the inclusion of all sectors in society wherever opportunities arise.

Question 18

Roles in AI development to ensure functional, compliant and responsible system

Answer 18

• Buisness owner: define business goals and requirements
• Data scientist: uses data to train models to meet requirements
• model validator: uses business goals, regulations and best practises to test models
• AI operator engineer: deploys and monitors models in running services.

Question 19

Factsheets

Answer 19

• Standardised documents providing key details about an AI systems purpose, design, data and performance.
• They are tailored for different stakeholders (e.g., clients, risk managers, auditors) to ensure transparency and accountability.

Question 20

Algorithmic transparency standard

Answer 20

• An effort to move towards creation of auditable documentationfor AI systems
• It is a standard helping organisations to provide clear information on the algorithmic tools used and reasons for them.
• Aims to help prove transparency and accountability for AI systems.

Question 21

Regulating AI - AI safety summit 2023

Answer 21

• World leaders, including China, came together to discuss AI governance.
• AI expert panel was established with the aim of identifying and assessing potential AI risks.
• Agreed that AI requires robust regulatory frameworks.
• Agreed that testing plans need to be made to ensure safety and accountability.

Question 22

Criticisms of AI safety summit 2023

Answer 22

• Large tech companies were involved with shaping laws - could shape laws to benefit their company.
• No clear agreement on global standards or mechanisms to enforce regulations was made.
• Disagreement on if regulation should betop-down(government-led) ordemocratic(inclusive and participatory.
• Debatable if its appropriate for the tech industry to shape the rules it will be governed by - could introduce bias.