Regulation of Artificial Intelligence in Selected Jurisdictions

Comparative Summary This report examines the emerging regulatory and policy landscape surrounding artificial intelligence (AI) in jurisdictions around the world and in the European Union (EU). In addition, a survey of international organizations describes the approach that United Nations (UN) agencies and regional organizations have taken towards AI. As the regulation of AI is still in its infancy, guidelines, ethics codes, and actions by and statements from governments and their agencies on AI are also addressed. While the country surveys look at various legal issues, including data protection and privacy, transparency, human oversight, surveillance, public administration and services, autonomous vehicles, and lethal autonomous weapons systems, the most advanced regulations were found in the area of autonomous vehicles, in particular for the testing of such vehicles. The Oxford Dictionary defines AI as “the theory and development of computer systems able to perform tasks normally requiring human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.” The majority of surveyed jurisdictions see AI in a positive light and aspire to become leaders in the field. Many countries have therefore developed or are in the process of developing national AI or digital strategies and action plans. Canada was the first country to launch such a national AI strategy in 2017. The strategies and action plans highlight, among others things, the need to develop ethical and legal frameworks to ensure that AI is developed and applied based on the country’s values and fundamental rights. Many countries have established specific commissions to look into these issues. However, with the exception of the EU, no jurisdiction has yet published such specific ethical or legal frameworks for AI. In December 2018, an expert group of the European Commission released draft AI ethics guidelines that set out a framework for designing trustworthy AI. South Korea in 2008 enacted a general law on the “intelligent robot industry” that, among other things, authorized the government to enact and promulgate a charter on intelligent robot ethics. However, it appears that no such charter has yet been enacted. Some countries have taken the first steps to use AI in the area of justice. In Portugal, a legal assistance tool will be launched that conducts research on the requests made and learns from them. In the future, it might be used to predict the probability of success of a judicial process. Likewise, in France the Courts of Appeals of Rennes and Douai tested predictive justice software on various appeals cases in 2017. Many of the surveyed countries are contracting parties to the 1968 Vienna Convention on Road Traffic, an international agreement with the objective to “facilitate international road traffic and to increase road safety through the adoption of uniform traffic rules.” A 2016 amendment to the Convention on Road Traffic removed legal obstacles for the contracting parties to allow transferring driving tasks to automated technologies. Countries that have enacted regulations to allow for the testing of autonomous vehicles on public roads generally require that a human driver be present in the car who can take over the driving functions if necessary. As an exception, the Netherlands and Lithuania have passed legislation that allows the experimental use of self-driving vehicles without a human driver present in the car on public roads. Israel passed a regulation and a directive for experimentation in autonomous vehicles. Authorization to conduct experiments in autonomous vehicles requires, among others, a review by a professional committee. Spain, Qatar, and the United Arab Emirates authorize the testing without a human driver present on a case-by-case basis, but have not enacted specific legislation. New Zealand, unlike other countries, has no specific legal requirement for vehicles to have drivers. However, the government has not received any formal requests to test autonomous vehicles on public roads. In Singapore and the Province of Ontario, Canada, it is up to the discretion of the responsible authority to approve driverless testing. Other testing requirements for autonomous vehicles may include insurance, the transmission of certain data to the government, or accident recorders in the vehicle. Finland allows the testing of autonomous vehicles, but one political party has suggested forbidding nonautonomous vehicles as a long-term goal. With regard to lethal autonomous weapons systems (LAWS), countries regularly meet in the Governmental Group of Experts (GGE) of the Convention on Certain Conventional Weapons (CCW) to discuss the applicability of international humanitarian law norms to LAWS. The majority of countries agree that meaningful human control is necessary for LAWS. Countries either support the adoption of a new, legally-binding treaty to ban the use of LAWS; support the adoption of a political declaration as a middle ground to develop a shared understanding of the challenges posed by LAWS; oppose the adoption of a treaty as basic principles remain ill-defined; or think that no action is necessary at this point. The following visuals give an overview of the different positions and actions that countries have taken with regard to national AI strategies and actions plans, autonomous vehicles, and LAWS

Privacy by (re)design: a comparative study of the protection of personal information in the mobile applications ecosystem under United States, European Union and South African law.

Doctoral Degree. University of KwaZulu-Natal, Durban.The dissertation presents a comparative desktop study of the application of a Privacy by Design (PbD) approach to the protection of personal information in the mobile applications ecosystem under the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Protection Act (CCPA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, and the Protection of Personal Information Act (POPIA) in South Africa. The main problem considered in the thesis is whether there is an ‘accountability gap’ within the legislation selected for comparative study. This is analysed by examining whether the legislation can be enforced against parties other than the app developer in the mobile app ecosystem, as it is theorised that only on this basis will the underlying technologies and architecture of mobile apps be changed to support a privacy by (re)design approach. The key research question is what legal approach is to be adopted to enforce such an approach within the mobile apps ecosystem. It describes the complexity of the mobile apps ecosystem, identifying the key role players and the processing operations that take place. It sets out what is encompassed by the conceptual framework of PbD, and why the concept of privacy by (re)design may be more appropriate in the context of mobile apps integrating third party services and products. It identifies the core data protection principles of data minimisation and accountability, and the nature of informed consent, as being essential to an effective PbD approach. It concludes that without strengthening the legal obligations pertaining to the sharing of personal information with third parties, neither regulatory guidance, as is preferred in the United States, nor a direct legal obligation, as created by article 25 of the GDPR, is adequate to enforce a PbD approach within the mobile apps ecosystem. It concludes that although a PbD approach is implied for compliance by a responsible party with POPIA, legislative reforms are necessary. It proposes amendments to POPIA to address inadequacies in the requirements for notice, and to impose obligations on a responsible party in relation to the sharing of personal information with third parties who will process the personal information for further, separate purposes