occasion for reflection: the scenario relating to personal data, ethics, AI, robotics

The European Data Protection Day (Data Protection Day), which is celebrated on January 28 of each year (in Italy the Data Protection Authority has organized an event to be held in Rome on January 29), offers the opportunity for some reflections.

The issue of personal data protection is extremely important and should not be underestimated. Technologies are used daily especially through computers, smartphones, tablets and other devices. We provide our personal data to enjoy goods and/or services and the data controller is required to comply with the provisions of the GDPR and the privacy code, as amended by Legislative Decree 101/2018. Moreover, the issue of the transfer of personal data abroad or to international organizations assumes further importance, especially in the use of services or technologies whose infrastructures are not located within the European Union.

The principle of accountability requires the data controller not only to comply with the principles contained in Article 5, par. 1, of the GDPR but also to be able to prove it.

Beyond these aspects, we cannot disregard emerging phenomena such as Artificial Intelligence (AI), Blockchain and Robotics which have a significant impact on personal data. The relevance of the aforementioned topics has attracted, for some time now, the attention of the Data Protection Authority, the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB). In fact, although production by institutional bodies has been recorded for some years, in 2018 there was an increase in documents on these topics:

  1. on March 9, 2018, the European Group on Ethics in Science and New Technologies of the European Commission published the “Statement on Artificial Intelligence, Robotics and ‘Autonomous’ Systems”;
  2. on April 25, 2018, the European Commission published the “Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions - Artificial Intelligence for Europe - COM(2018) 237 final”;
  3. the 40th International Privacy Commissioners Conference held in Brussels from October 22 to 26, 2018, published a document entitled “Declaration on Ethics and Data Protection in Artificial Intelligence”;
  4. on December 3, 2018, the European Commission for the Efficiency of Justice (CEPEJ) of the Council of Europe published the “European Ethical Charter on the Use of Artificial Intelligence in Judicial Systems and their environment”;
  5. On December 18, 2018, the European Commission’s High-Level Expert Group on Artificial Intelligence - AI HLEG published the document entitled “_Draft Ethics Guidelines for trustworthy AI”.

It is evident how, especially the topic of Artificial Intelligence (AI) has attracted particular attention precisely with regard to the protection of personal data. Moreover, recently, the Data Protection Authority has intervened on “The new emergency for world privacy is called app economy”, an equally delicate and current topic in consideration of the personal data provided for the use of apps. It should not be forgotten that in Europe the right to personal data protection and the right to privacy are fundamental rights.

Personal data is a value in absolute terms due to its close correlation with the human person and, at the same time, we cannot disregard ethics also with regard to human dignity. Improper uses of personal data that are not consistent with the purposes declared by the data controller to the data subject cannot be allowed.

The issue of ethics nowadays assumes primary importance and, although its reference is not expressly contained in the regulations, it is still possible to use the principles contained in the GDPR, and specifically provided for in Article 5, par. 1, («lawfulness, fairness and transparency», «purpose limitation», «data minimization», «accuracy», «storage limitation», «integrity and confidentiality», «accountability»), for an ethically oriented reading of personal data processing. It is clear that - for example, the principle of «lawfulness, fairness and transparency» (Article 5, par. 1, letter a) of the GDPR) cannot disregard an approach that involves ethical evaluations.

In the same way, we cannot disregard ethics in compliance with the principle of «integrity and confidentiality» which requires the data controller to adopt “appropriate technical and organizational measures” to “ensure adequate security of personal data”. Beyond the strictly regulatory reference, it is essential to acquire an ethical approach to the issue of personal data and its processing. Not only is awareness-raising activity on the topic of ethics necessary, but even more so the acquisition of concrete awareness of ethics that must become a real “ethical consciousness”.

An ethical consciousness implies compliance with the law on personal data protection (GDPR and privacy code), but the opposite may not be true, that is, complying with the law does not necessarily mean having an “ethical consciousness”.

I hold the position of president of UNIDPO - Italian National Union of Data Protection Officers, an association established in May 2018.

The association is characterized by a multi-professional membership, since the members are Lawyers and Engineers, whose professionalism is complementary for performing the role of Data Protection Officer (DPO). The high level of professionalism distinguishes each member. UNIDPO is sensitive to all issues concerning the processing and protection of personal data and, therefore, to occasions, such as that of European Data Protection Day, useful for increasing discussion and sharing of professional experiences on these topics.

I thank the Board and all members for the excellent work done and for the energy devoted to achieving the association’s goals. I wish UNIDPO to celebrate European Data Protection Day as an opportunity to continue cultivating interest in the subject in the spirit that inspired the establishment of the association and the sharing of its mission.