We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Business case for using AI must be properly defined
Pic: Shutterstock

29 May 2024 / technology Print

Business case for using AI must be properly defined

An AI seminar organised by William Fry LLP has heard that liability issues and the factual context in which personal data is processed are key to the roll-out of the technology.

The 28 May event at the Aviva Stadium heard that GDPR and legal rules applied to large language models and AI systems.

Emma Redmond of OpenAI said that human reviewers giving feedback on AI responses, and the concept of reinforced learning, had been pioneered at her firm.

AI neurons mimicked the human brain, she stated.

“There are a lot of nuances, a lot of mathematical operations that take that input in order to create that output,” she said.

The right question

Asking the right question of AI was key, since language was used in a wide variety of ways to communicate, the seminar heard.

However, appropriate guardrails are important in terms of compliance with data protection when deploying AI systems and, in particular, the environment in which they were being deployed.

Key risks must be assessed in the build-out, said Redmond, and that meant understanding the life cycle of the product or system.

Design principles must incorporate GDPR and mitigate risks as these products are being developed.

This means properly defining the business case for using AI, with properly stated objectives.

Most businesses would have sophisticated and mature privacy programmes with good risk-profiling, the seminar heard. External vendors will have data-processing agreements in place, but further contractual requirements may be needed.

This can help understanding how AI risk could materialise, which can then be mitigated through either technical or policy controls.

Redmond said that context was king for AI use, and the business-use proposal must be clearly understood.

“Staff training can't be underestimated,” Redmond commented. Privacy notices and help-centre articles would also need to be updated for transparency and accountability, she said.

Best practice

Nish Imthiyaz (global privacy counsel, Vodafone) said that best practice could be shared by building awareness across the organisation.

“Try not to make sure that you're not focused too inwardly; there are lots of different initiatives going on externally that you can join – and most of them are free,” he said, pointing to the Global Digital Foundation.

Redmond said that she always tried to be best friends with her engineers, because there was massive value in being able to ask questions.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland