The DIFC is discussing amendments to the existing data protection rules established under DIFC Data Protection Law No. 5 of 2020. Among the planned changes are new “controls and guardrails” for the processing of personal data by “digital enabling technologies such as artificial intelligence”. and autonomous and automated systems.
Under the plan, companies must ensure that the AI systems they use are designed according to the principles of fairness, ethics, transparency, security, and accountability.
In addition, there is an obligation to inform data subjects where AI systems are used to process their data. This includes the purpose of data processing, the output that the AI system produces, and how the output is used, and where that data is further processed. Personal data that is not human-initiated or directed may be accepted. You should also inform data subjects how their use of the system affects how they exercise their rights.
There are also provisions under the proposed new rules for the use of AI systems in the DIFC that will be subject to audit or certification requirements in the future. Prevent “undue prejudice” and assist law enforcement in preventing or prosecuting crimes.
DIFC said: At the same time, it is potentially very dangerous in terms of unwanted biases, controversial political or financial consequences, or the impression or course of action that adversely affects the data subject himself. ”
“Implementing the basic technical, organizational and ethical obligations of controllers and processors is the starting point for ‘regulating’ all types of generative, machine learning and large-scale language model systems. This is because they are still very much an unknown quantity, but the ability to assert controls and concepts to direct processing and mitigate risk is not. Until understood, it is a pressing concern to strengthen relevant controls and concepts and set regulations to develop them fairly and ethically. ”
Other changes under discussion include new rules for reporting and handling personal data breaches. This includes situations where an individual inadvertently controls or possesses personal data, such as accidentally sending an e-mail containing personal data. Collection and use of personal data in connection with providing digital communications and services.
The consultation is open for feedback until May 17th. Martin Hayward, a technical law expert at Pinsent Masons in Dubai, said the proposal would require companies within the DIFC that use AI systems to understand how they would work, especially globally across multinational organizations or corporate groups. It states that it encourages them to better understand if they are employed. Information that you may need to provide to the data subject.
The DIFC is not the first jurisdiction to consider how AI should be regulated.
For example, the EU has proposed a new AI law. The bill, which is currently under scrutiny by the European Parliament and the Council of Ministers, envisages regulating AI systems according to the level of risk they are believed to pose.
In the UK, by contrast, the government is proposing to keep the existing sector-by-sector approach to how to regulate the use of AI by businesses, although there are no overarching principles that regulators “must interpret.” It complements it with a cross-sectoral framework of “Applies to AI within its mandate.” The five principles are safety, security and robustness. Appropriate transparency and explainability. fairness; accountability and governance; and Competitiveness and Remedy.
Ross McAlister of Pinsent Masons said: Instruct the AI system itself to seek human intervention, as opposed to the data subject itself requesting human intervention, where the processing could lead to unjustified prejudice, or directing law enforcement to Related parties with access to systems by government authorities, including.
