CPDP, the conference for Computers, Privacy and Data Protection takes place annually in Brussels and has, for the past 16 years, been an important platform where policy, industry, academia and civil society meet. This year’s edition was informed by the latest amendments of the forthcoming AI Act, and the ongoing hype of AI. The Helsinki Institute for Social Sciences and Humanities was present with a panel on the practicalities of responsible AI and data practices.
Convening in the early morning of CPDP’s final conference day this panel consisted of stellar participants: Paul Nemitz, principal advisor for the digital transition at the EU Commission’s Directorate General Justice & Consumers; David Graus, lead data scientist at Randstad Group; Maria Koomen, lead of the Open Governance Network; Iris Muis, data ethicist and lead operations at Utrecht University’s Data School. The panel was chaired by HSSH visiting professor Mirko Tobias Schäfer.
“We currently see tech bro’s touring parliamentary hearings and university lectures, spreading fear, doubt and uncertainty about a speculative future of AI. This panel is less concerned with speculative problems of a distant future but will inquire how we can address the challenges that are raised through AI and data practices effectively today. We will discuss practical approaches to responsible AI beyond trickle down policy and corporate ethics washing,” Mirko said to kick off the panel.
The backdrop to the discussion is a plethora of ethics manifestos, guidelines and frameworks for ethical AI, as well as the legislation under way for regulating AI practices. From their respective perspectives the panel participants described how to close the gap between policy and practical application. David Graus reported from the practices at Randstad where impact assessments are used to evaluate possible breach of fundamental values through machine learning models. As a company engaged in the organisation of human resources, they are aware of the high impact their algorithms can have on people’s lives. Not only works Randstad has developed over the past years in the industry and academia, such as using model cards (Mitchell et al 2019), carrying out fundamental rights impact assessments (Gerards et al 2020), but also through actively engaging in critical AI research (e.g. Van Els et al 2022). Graus emphasized how they develop awareness for ethical issues and create space for the necessary critical inquiry of machine learning models, and the conversation on value-sensitive design and social impact.
This resonated well with the experiences Iris Muis shared from their work with public administrations in the Netherlands. While the Netherlands have become the go-to example for bad AI and data practices, the country is now making a concerted effort to implement checks and balances on all levels of public administration. Impact assessments such as the Data Ethics Decision Aid (DEDA) or the Fundamental Rights & Algorithms Impact Assessment (FRAIA) are now frequently used in (local) government organisations. Last year, a motion in parliament plead making such instruments mandatory for the entire public management sector, and also an amendment in the AI Act pushes for mandatory human rights impact assessments. As a co-author of FRAIA, Iris Muis also trains numerous government employees in applying the impact assessment.
Maria Koomen spoke about the need for emancipatory policies that enable civil society to utilize AI and data for improving their quality of life and fostering their political agency. In addition, the panel saw the need for general literacies, an active tech-journalism, and effective oversight. Arguing strongly for law and oversight was Paul Nemitz who criticized the shallow promise of tech companies to self-regulate. With a reference to the GDPR and its lack of effective implementation, the discussion then revolved around practicalities of organizing oversight. Nemitz emphasized the need for regulation and oversight authorities to cooperate closely across the EU and being able to share information, access to files, and to engage in joint action.
With an eye to the practices reported by David Graus and Iris Muis, the panel could also agree that commitment to compliance is already emerging when legislation is under way. In two areas, industry and public management, practices were developed or adopted helping practitioners to bridge the gap between policy and practice. There is still a long way ahead, the panel agreed, but very promising steps in adapting existing checks and balances to the needs of a digital society are well under way.