|
|
This involves a two-step process. First, a pre-DPIA isundertaken, whereby a series of high-level questions are asked to assess if theproject has the potential to pose significant privacy risks. If such risks areidentified, then a full DPIA must be completed. At this point detailed analysisof the project takes place, including consultation with key stakeholders. Suchan approach allows for a recalibration of a project if the privacy risks aretoo high, or the adoption of mitigating actions to reduce the risk level.
Examples for marketers might include the introduction of a new first-party dataFind Your Mobile Number List strategy or the introduction of a practice that any new marketing tools that may utilise personal data should besubjected to a DPIA. AI and Data Privacy Artificial Intelligence AI platformsare becoming increasingly popular with marketers, powering activities such asautomated website chatbots. The introduction of ChatGPT and other largelanguage models LLMs provides significant potential for marketers to increasetheir productivity. For example, generating blogs and articles as part of acontent marketing strategy. Marketers considering such technology must be awareof the data protection risks. Transparency is a key principle underpinning theGDPR. Marketers using AI tools that process personal data must be able toexplain in clear and simple terms how this data is being used. This is aconsiderable challenge as it is not often easy to identify exactly how data isbeing processed by AI technology. In addition, Article of GDPR gives individualsthe right to object to automated decisions that may have a legal effect.
V
Forexample, ‘automatic refusal of an online credit application or e-recruitingpractices without any human intervention. In these instances, they have theright to obtain human intervention as part of the decision-making process.Highlighting the potential data protection concerns arising from the use of AI,Google was required to delay the introduction of a new AI chatbot, Bard,following an intervention on the part of Ireland’s Data Protection CommissionDPC. The Commission stated that the tech giant needed to provide furtherinformation as to how EU citizens’ privacy rights would be protected. Googlesubsequently launched Bard in the EU, following what the DPC described as ‘a numberof changes, in particular increased transparency and changes to controls forusers. Data compliance is an ongoing journey.
|
|
發表於 2024-2-24 19:07:09