Could AI assist in data protection?

null

On 25th May 2018, all member states of the European Union will adopt the new General Data Protection Regulations (also called GDPR) which promises to tighten up rules on the collection, management and usage of personal data. The new regulations have wide ranging implications on the way consumer data is collated, how it must be storage and protected, and how it is able to be used.

No longer will organisations be able to collect copious amounts of data about consumers for multi-faceted analysis, there’s now a requirement for data controllers to minimise processing of personal data, effectively limiting activity to only what’s necessary for a specific purpose. Moreover that purpose must be clearly communicated to the individual whose data is being processed, and requirements for gaining consent must be far more explicit. So those unwieldy and obfuscated Terms and Conditions that we’re all familiar with will become inappropriate: companies processing personal data must instead be transparent in explaining what data they collect, why it’s important and how they intend to use it.

Another important consideration is that GDPR gives individuals who have agreed to their data being processed the right to withdraw consent at any time. Notably it becomes mandatory for data controllers to advise people of this right; they must also provide simple methods for people to revoke consent, deleting that data within a reasonable timeframe. This alone represents a fundamental change in data processing regulations with massive implications.

Companies that cannot demonstrate strict compliance to GDPR theoretically face substantial fines; as such, data privacy and protection has just become a whole lot more important to them. This is driving organisations and service providers to profoundly reconsider their data collection and processing arrangements.

How might AI help?

Given the repercussions of getting GDPR compliance wrong, businesses could be forgiven for not wanting to collect any data about individuals at all. But a flow of data between businesses and consumers is essential and, whilst it can be minimised to just what is necessary to provide service, it cannot be avoided.

So how might AI help? Let’s examine some potential scenarios and our interpretation of how employing AI may mitigate some of the risks.

Behavioural targeting for security

Consider a busy airport with thousands of people traversing the concourses and terminals every day, with these areas under constant surveillance by video recording equipment.  The cameras create a constant stream of video data which are aggregated and monitored in the security control room before being stored for archive purposes. These videos contain millions of frames of data, each containing hundreds of images of people, their faces, activities and also their route through the airport facilities.  It’s a challenge to monitor all the various video feeds effectively, even with experts trained to watch for suspicious activities, but more importantly these systems are creating and archiving vast amounts of data, the majority of which is largely mundane and unnecessary.

Under GDPR, encryption of the video feeds between camera and control room becomes essential to protect the data feeds as they traverse the network infrastructure; indeed this basic level of security should be in place already. But by introducing AI capabilities into the camera units themselves we can improve on this still further: in this instance, neural network processors within the video signal processing chip would be programmed to anonymously identify people and objects within each scene, but flag any suspicious behaviours or anomalies when they are detected. An example might be spotting a person entering an area with two items of luggage but leaving with only one, despite not having visited a check-in desk, then automatically recording just the relevant portions of the video.  Further analytics can them identify the individuals involved, with all other people in the video remaining anonymous. So not only can AI significantly reduce the amount of data needing to be processed, it can also help anonymise data at the source.

Safety first in automotive

The airport example illustrates a potentially obvious situation where AI can be applied, but one in which people expect to be monitored and are considered to be within airport private property.  A more succinct example is in vehicles where cameras are employed in ADAS systems. In these circumstances cameras are constantly capturing images of the public highway whilst the vehicle is in motion. It’s clearly impossible to gain data processing consent from all road users, drivers and pedestrians along the route.

Employing neural networking technology in ADAS systems can help by processing all relevant data “at the edge” on the camera or sensor itself. The output from a camera may not necessarily be an image that humans can recognise; instead, using AI within the image processing pipelines, it may simply become a digital stream of metadata. An example may be a road-sign recognition system that reads speed limits, where only the numerals and distance to the sign are important: 30kph in 100m.  Of course this is a simplified example – actual road-sign recognition systems are far more complex – but it serves to illustrate how AI and neural network processing on the SoC can significantly reduce the amount of data being processed downstream.

Neural networks provide a solution

In any data processing application where consent cannot be easily demonstrated, especially where mass assimilation of identifiable personal data cannot be avoided, adding neural networks into the silicon chips to create platforms capable of artificial intelligence can offer a unique solution.

Elements of neural networking technology are already being integrated into smartphone SoCs for applications such as face recognition and payment security. Likewise AI running on neural inference engines will revolutionise autonomous driving; it will lead to consumer electronics devices capable of natural human conversation; it will become central to a new generation of smart home and IoT. GDPR is no doubt one of the major catalysts for a wholesale review of data protection and processing requirements. Ultimately we interpret these new regulations will drive innovation in the way that electronic devices themselves collate and process information.  It’s easy to foresee this trend penetrating across a wide range of applications, potentially even a world in which it’s OK for AI to “know” but for humans “not to know” in order to comply with data protection laws.

Simon Forrest, Director of Segment Marketing, Consumer Electronics, Imagination Technologies
Image Credit: Sergey Nivens / Shutterstock