Connect with us

Science & Technology

GDPR Clock is Ticking for the US Companies as Well: Top 7 Tips to Get Ready

Avatar photo

Published

on

General Data Protection Regulation is about to be applicable as from 25 May 2018. Its long-arm teritorrial reach brings obligations not only to EU establishements, but to US based companies as well. Global connection through internet especially underlines the likelihood of such broad application and it will impact US businesses.One of the prerequisits for safe transfer of data between the EU and US is already accomplished by the EU-US Privacy Shield agreement. The European Commission has considered this agreement as providing adequate guarantees for transfer of data. Under Privacy Shield scheme companies may self-certify and adhere to principles stated therein. Yet, there is still less then 3000 companies in the US participating in the Privacy Shield. But GDPR safeguards have still to be followed. Below, we shall look at some of the most profound aspects of compliance with GDPR for the US (non-EU) based companies.

Data protection officer

Although it is not obligatory pursuant the GDPR, it is advisable that a company appoints a data protection officer (‘DPO’) or designate that role to a specific position in the company. DPOcan also be externally appointed. There may be a single DPO for several companies or several persons designated with DPO role in one company. The position needs not necessarily to follow such a title, but it may be a privacy officer, compliance officer, etc. Such person should possess expert knowledge about the GDPR and data privacy, and may have legal, technical or similar background. GDPR was not specific as to requirements of that person, apart from possesing expert knowledge. Role of DPO is toinform, monitor, advise, the controller, processor or employees, to cooperate with supervisory authority, provide training of staff, help in performing data protection impact assesment.

Data Protection Impact Assesment

The further step that companies affected by the GDPR including US companies should do in order to evaluate the risk of data breach is to perform a data protection impact assesment (‘DPIA’). DPIA is a thorough overview of the processes of the company, and can be done with the help of data protection officer. It may include a form or a template with a series of questions, which have to be answered for each processing activity. DPIA has to be detailed and cover all operations in the company. The function of DPIA is to predict situations in which data breaches may occur, and which include processing of private data. DPIA should contain, pursuant to Article 35 of the GDPR, a systematic description of the envisaged processing operations and the purposes of the processing, an assessment of the necessity and proportionality of the processing operations in relation to the purposes, an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph, the measures envisaged to address the risks, including safeguards and security measures. DPIA is a very useful way of showing compliance and it is also a tool that would help to company at the first place, to have an overview of processing activities and an indication of where a breach could happen.

EU representative

A US company (non-EU based company) has to appoint an EU representative if its businessrelates to offering of goods or services to natural persons in the EU, including even free goods or services, or when processing is related to monitoring of behaviour of data subjects in the EU. Behaviour may include monitoring internet activity of data subjects in order to evaluate or predict her or his personal preferences, behaviors and attitudes. EU representative is not obligatory when the processing is occasional or does not include processing on a large scale of special categories of data such as genetic data, biometric data, data concerning health, ethnic origin, political opinions, etc. and when it is unlikely to result in a risk to the rights and freedoms of natural persons. However, given that the exceptions from the duty of designation of EU representative are pretty vague, in most cases companies whose operations are not neglectable towards persons in the EU would have to appoint a reprsentative. Location of such representative would be in one of the EU Member states where the data subjects are located. Representative should perform its tasks according to the mandate received from the controller or processor, including cooperating with the competent supervisory authorities regarding any action taken to ensure compliance with this Regulation, and he/she is also liable and subject to enforcement in case of non-compliance.

Consent matters

GDPR is overwhelmed with one key word of respect the privacy:consent. If companies wish to process data of natural persons that are in the EU, they must first obtain consent to do that. Consent must be freely given, informed, specific and unambigous.

Freely givenconsent presupposes that data subject must not feel pressured, or urged to consent, or subjected to non-negotiable terms. Consent is not considered as freely given if the data subject has no genuine or free choice.Data subject must not feel reluctant to refuse consent fearing that such refusal will bring detrimental effect to him/her. If the consent is preformulated by the controller, which is usually the case, the language of the consent must be clear and plain and easily understandable for the data subject. Further, if there are several purposes for the processing of certain data, consent must be given for every purpose separately. Consent must be specific and not abstract or vague. Silence, pre-ticked boxes or inactivity is not to be considered as consent under GDPR.

Informed consent means that data subject must know what the consent is for. He/she must be informed about what the consent will bring and there must not be any unknown or undeterminedissues. It is a duty of controller to inform data subject about scope and purpose of consent, and such information must be in clear and plain language. But, one must be careful that, as today in the world of fast moving technologies we face overflow of consentsa person has to give in short period of time, there may be an occurrence of ‘click fatigue []1’, which would result in persons not reading the information about the consent and clicking routinely without any thorough thinking. So, the controllers would have to make, by their technical design, such form of a consent, that would make the person read and understand his or her consent. It could be a combination of yes and no questions, changing of place of ticking boxes, visually appealing text accompanying consent, etc.

Consent must be unambiguous, or clearly given. There must not be space for interpretation whether consent is given for certain purpose or not. As to the form of the consent, it may be by ticking a box, choosing technical settings and similar (Recital 32 GDPR).

Data subject gives his consent for the processing of his personal data. However, companies have to bear in mind that data concept in the EU is broadly understood, and that it includes all personally identifiable information (PII), ranging from obvious data such as name and postal address, to less obvious data, but still PII covered by GDPR, such as IP address [2]. On the other hand the IP address is not that clearly considered as PII in the US. In that regard, the protection in the US must be stricter, obliging US based companies to also apply broader EU standards.

Privacy by design implemented

Privacy by design is a concept which brings together the legal requirements and technical measures. It is a nice and smooth way of incorporating law into technical structure of business. Privacy by design, if applied properly at the outset, shall ensure the compliance with the GDPR requirements. It should point out to principles of data minimisation, where only data which is necesssary should be processed, storage limitation, which would provide for a periodic overview of storage and automatic erasure of data no longer necessary.

One of the ways of showing compliance through the privacy by design is ‘pseudonymisation’. Pseudonymization is, according to GDPR, referred to as the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. Such additional information must be kept separately, so that it cannot be connected to identified or identifiable natural person.Pseudonymisation is not anonymisation and should not be mixed with it. Anonymisation is a technique which results in irreversible deidentification, and since it completely disables identification it is not subject of data protection under GDPR. Pseudonymisation only reduces the likability of a dataset with the original identity of a data subject, and is accordingly a useful security measure [3].

Binding corporate rules

Binding corporate rules (‘BCR’) include set of principles, procedures andpersonal data protection policies as well as a binding clause adopted by the company and approved by competent supervisory authority. Adopting binding corporate rules is not a simple process but means being on a safe track. It is one of the safeguards envisaged by the GDPR. BCR should include according to Article 47 of the GDPR, the structure and contact details of company, categories of personal data, the type of processing and its purposes, application of general data protection principles (such as purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for processing, processing of special categories of personal data, ..), rights of data subjects, the tasks of data protection officer, complaint procedures, mechanisms for reporting to the competent supervisory authority, appropriate data protection training to personnel, indication that BCR are legally binding. BCR should additionally be accompanied with privacy policies, guidelines for employees, data protection audit plan, examples of the training program, description of the internal complaint system, security policy, certification process to make sure that all new IT applications processing data are compliant with BCR, job description of data protection officers or other persons in charge of data protection in the company.

Make your compliance visible

Well, if your company has performed all of the above, it has to make it visible. Companies, that are covered with the GDPR, not only do they have to comply, they have to show that they comply. GDPR puts an obligation on controllers to demonstrate their compliance.

From the first contact with the controller, the website must give the impression of compliance. BCR, privacy policies,DPO contact details must be visible in order that data subject may address him in case of data risk or breach. EU representative’s name and contact must be put forward in order to be accessible by the supervisory authority in the EU. Contact form for data subjects with options for access, right to object, erasure, rectification, restriction, should be there.Organisational chart of the company, flow of data transfer demonstrated by data flow mapp.These are only some of the most imporant features that have to be followed.

Non-compliance is a very costly adventure. The adventure that businesses will try to avoid. With systematic planning and duly analysing the necessity of compliance with GDPR, and with clearly defined processes, US companies can put many benefits for the business and attract and encourage data subjects in the EU to freely entrust their datato them. This is a thorough process, but worth accomplishing.

[1] Article 29 Working Party Guidelines on consent,p. 17

[2] According to judgment of the Court of Justice of the EU of 19 October 2016,in case C 582/14,

[3] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques adopted on 10 April 2014 p. 3

Continue Reading
Comments

Science & Technology

Competition in 5G Communication Network and the Future of Warfare

Published

on

The present era is experiencing a shift from 4G (4th Generation) to 5G (5th Generation) networked communication. This shift will radically change all civil and defence communications. In future warfare, it is expected to develop an atmosphere of information or ‘infosphere’ for sharing real-time intelligence characterised by high-speed, low latency and increased bandwidth networks. This potential of 5G is believed to significantly impact the character and future of war. It will enable an agile and fast data communication service that will support the entire battlefield network in integrated and all-domain warfare. This support will allow the speedy transfer of all types of visual and textual data and information from one domain to another, increasing the speed of war. 5G would not only connect all domains of the battleground, but it would also link disconnected networks through network slicing. This will enable remote operations with more private, secure, and restricted access. Due to the super-fast speed of the 5G network, it can afford to carry out multiple isolated functions side-by-side. 

5G would also enhance the operational capacity of autonomous military systems such as drones and Unmanned Aerial Vehicles (UAVs). Presently, the capabilities of autonomous military systems are restricted due to their limited onboard processing and data storage capacity; however, with 5G-enabled autonomous military systems, large sets of data, such as terrain maps stored on the cloud, can be downloaded in milliseconds. It is also expected that 5G might initiate the move towards fully autonomous systems due to accelerated networked response and action time. The improved real-time data, collected by the independent system in an autonomous military system through various networked sources and sensors, would be infused with AI and machine learning algorithms to identify, locate, and engage the target without human supervision. Due to such capability of 5G, many countries have shown progress in this arena.

The United States (US) and China have been competing to take the lead in 5G technologies. The major 5G telecoms in the US have deployed their initial nationwide networks. On the other hand, all cities in China and 87% of its rural areas have a 5G network. The Chinese defence forces are now focused on benefitting from 6G communication technologies to adapt to the demands of future warfare. 

The US is expected to deploy 5G on its Forward Operating Bases (FOBs) as these are crucial points for collecting intelligence for launching and defending attacks.  US troops also have access to 5G-enabled Android Team Awareness Kits that display data on a tablet or smartphone.  Similarly, Chinese troops have also been provided with gadgets that will allow tracking of troops, terrain and intelligence on battlegrounds. China has also deployed 5G on the China-India border to monitor Indian military activities.

India has launched an initiative called 5G India (5Gi). Under this initiative, India has given the responsibility to establish end-to-end 5G test beds to research centres such as the Centre of Excellence in Wireless Technology (CEWiT) and the Society for Applied Microwave Electronics Engineering & Research (SAMEER), technical universities such as Indian Institute of Technology Madras, Delhi, Hyderabad, Kanpur and Bombay and Indian Institute of Science, Bangalore.  The country is proactive in developing indigenous 5G communication networks. For this, it has provided competitive grants and has created a 5G Alliance Fund that would provide necessary financial assistance for 5G evolution. The Indian Army is also working to develop and deploy 5G networks to improve communication for its frontline forces, which could have implications for Pakistan.

The Ministry of Information Technology and Telecommunication has laid a roadmap for 5G in Pakistan. The Pakistani telecom operators, including PTCL, Telenor, Zong and Jazz, have successfully tested 5G in Pakistan. 5G was expected to be launched in 2023; however, progress were delayed due to political instability in the country. According to a study by the Pakistan Institute of Development Economics (PIDE), the exorbitant tax on phones and lack of availability of 5G enabled phones in Pakistan might hinder the evolution of 5G. Pakistan has also collaborated with China to facilitate the launch of 5G technology. China’s technological support and the efforts of the telecom industry has been the key force behind 5G success in Pakistan. A similar roadmap can be adapted for other emerging technologies such as AI, cyber and space.

5G is a leap forward in complex communication networks. Although it will significantly enhance communication speed, it will neither diminish nor eliminate the importance of 4G and 3G networks. Instead, 5G will support other emerging technologies such as Cloud, Quantum Computing, the Internet of Things, etc. Each decade, the world will upgrade its generation of networks such as 6G and 7G. The deployment of 5G networks is the need of the hour, given the growing demand for connectivity. Therefore, this is a step in the right direction, and Pakistan must also get on board to quickly set up 5G network towers in the country.

Continue Reading

Science & Technology

The Development of Artificial Intelligence in China: Talent creation and comparison with U.S.

Avatar photo

Published

on

In the process of developing and implementing AI technology, we need to be pragmatic and orderly. AI education intensifies the driving force for developing the related technology and industry, and it is also the fundamental guarantee for nurturing and cultivating high-quality AI talents and for the sustainable development of related technology and industry. China’s AI education initially created a subject teaching system, and curricula and courses at different levels were offered in universities such as computer science, intelligent science and technology, electronic information and automation. The existing problems of AI development in China and the basic construction of AI are inseparable from the education and training of AI experts. Only by nurturing and cultivating a sufficient number of high-quality AI talents can the smooth development of AI in China be ensured, so that it can climb to the top of international AI.

In terms of AI talent training, the State, Commissions, Ministries, and Departments have made and are making the following noteworthy suggestions:

1) increase AI talent training as a national educational priority.

Not long ago, AI-related playful and recreational activities promoted a wave of AI technology to promote economic and social intelligence in China. AI talents are the top priority in the construction activity to do a good job in planning development, mastering key technologies and promotion. Implementing all this requires high-quality talents. With a view to meeting this social demand, we need to comprehensively plan the training of high-quality AI talents and provide a guarantee for China’s AI to enter a new period of opportunities for sustainable development.

We need to further improve the understanding of AI staff training, establish a comprehensive planning system to create experts and raise the level of preparation as a national educational priority.

2) Establish and standardise AI education at all levels.

According to market demand, we need to comprehensively standardise AI education at all levels and open various schools of a certain scale and proportion, including universities, vocational and technical colleges, AI institutes, technical schools. In China, the Ministry of Education comprehensively expands the current intelligent science and technology, as well as the professional environment, which supports its management. The same holds true for other major universities which are taking action to strengthen the academic teaching of AI, also through the establishment of post-graduate education in some related institutes, as well as spreading basic technologies to primary and secondary schools. The same applies to popular science courses, which provide various forms of extracurricular activities, as well as helping to nurture and cultivate the interest of students of all ages and schools. This is because the level of teachers, who standardise and organise the preparation of various teaching materials, has improved.

3) Multimodal and multi-channel training of high-quality AI talents.

Efforts are made in China to explore and search for various types of high-quality AI talents through multimodal and multi-channel ways, carrying out activities aimed at enhancing and perfecting market-oriented products, and having the experience to promote them. The competent government Departments provide relevant policy support, and State and private research institutes primarily carry out AI product innovation, so that AI science and technology staff perform their tasks comprehensively. Besides participating in research and development of AI products, the main task of schools and colleges is to provide high-quality knowledge resources at all levels Companies strive for excellence in the production of AI products, so that skilled technicians and workers can fully perform their roles. An incentive mechanism for AI experts is established to encourage a higher-level elite to stand out. University students, graduates and science and technology practitioners engaged in AI learning and development are encouraged to pursue AI technological innovation and entrepreneurship and provide the business fund support for their innovative ideas and prototype results.

4) Make full use of the Internet to nurture and cultivate AI talents.

Full use is made of the Internet technology to lend effective technical support to provide effective means for nurturing and cultivating AI talents. The high-level AI platform is used, in line with international standards, to create and improve the domestic AI network teaching platform, provide network education services for AI teaching at all levels, and offer auxiliary teaching tools for other courses.

Some scholars or entrepreneurs believe that China’s AI technology level is already comparable to that of the United States of America. We need to scientifically and objectively evaluate the existing results. We also need to fully reaffirm the achievements and fully understand the shortcomings. Overestimating the existing AI achievements in China is neither realistic nor conducive to the healthy development of this industry.

The United States of America is now the country with the highest overall level of AI technology. Analysing the gap in AI between China and the United States of America helps to maintain a clear understanding. Many experts in the field of AI have pointed out that following the US theory in AI has meant that such applications and innovations are making the industry catch up quickly and regain ground. However, there is still a big gap with the United States of America in terms of basic theoretical research.

There are very few people carrying out basic theoretical research on AI in China. For example, the United States of America places brain science and other neurosciences at the top of research, while China’s independent research and development capabilities in this area are relatively weak and there are gaps in discoveries and innovations. Furthermore, many articles on deep learning have been published in China, but little research is truly innovative in theory or has significant application value.

The Americans are already figuring out what the next AI will be, while such a study has not yet begun at full speed in China. This is the biggest challenge facing the country: it is a difficult problem, involving a wide range of aspects, which cannot be solved by one or two teams. This gap is largely due to the national academic evaluation system and the orientation of practical application. There is room for improving the university analysis criterion: it may take 5-15 years to fully catch up with the United States in the field of AI.

US companies invest a lot of money to train a group of pure high-level technical staff who, from the moment they obtain a PhD, will be recruited by companies and employed in research and development of pure AI technology. Not surprisingly, such an elite team, driven by scientific and technological interests and beliefs, is far ahead at world level in AI research. Few companies in China are willing to spend a lot of money to train a purely technical AI research team and there is also a lack of incentive mechanism within companies. The level of AI research in national universities is also far below the world-leading level. (11. continued)

Continue Reading

Science & Technology

The Development of Artificial Intelligence in China: Development points and projects

Avatar photo

Published

on

Making machines mimic or even surpass human intellectual behaviour and thinking methods has always been a scientific field full of rich imagination and great challenges. The recent great advances in Artificial Intelligence technology represented by driverless cars and the AlphaGo game have led to enthusiasm and a great deal of funding for the AI field. Considering the development bases, existing problems and opportunities of Chinese AI, strategic thinking on the progress of this industry is continuously proposed for discussion and decision-making reference.

The Internet+ action guidance opinions issued by the State Council have clearly stated that AI is one of the key development areas for the creation of new industrial models. Four Departments, in addition to the National Development and Reform Commission and the Ministry of Science and Technology, have jointly issued implementation plans for Internet+.

The development plan has been promoted in three main aspects and nine minor items. Smart homes, smart wearable devices and smart robots will all become key development support projects. The implementation plan clarifies the development priorities and support projects specific to the Artificial Intelligence industry, thus showing that this field has been raised to a national strategic level.

Considering the great attention paid by the State, increased investment in scientific research and an injection of dividends for talents are expected to accelerate industrial transformation, as facial recognition, language recognition, intelligent robots and other application segments will continue to expand and further promote their marketing.

AI has reached the peak of China’s national strategy, and has shown the need to learn from the advanced Western countries’ research practices to discuss, launch and implement the national plan.

In recent years, the United States of America, the European Union and Japan have successively launched numerous programmes and huge investment, covering future information technology, as well as medicine and neuroscience.

Faced with fierce international competition, China is learning from the experience of the above stated and other countries across disciplines and sectors. The agenda includes the implementation of a project that not only involves AI, but is also inseparable from life sciences, particularly neuroscience. This is so that greater resources can be concentrated on solving the most pressing social needs, such as the development of diagnostic and therapeutic methods for the prevention and treatment of brain diseases, in particular neurodevelopmental diseases, mental illnesses, early diagnosis and intervention in neurodegenerative diseases. The main research focus is on the principle of brain functioning and frontier fields relating to the prevention and treatment of major brain diseases.

As already seen, the foundation of AI involves mathematics, physics, economics, neuroscience, psychology, philosophy, computer engineering, cybernetics, linguistics, biology, cognitive science, bionics and other disciplines and their intersections. The subject of AI has a very broad and extremely rich research content, including cognitive modelling; representation, reasoning and knowledge engineering; machine perception; machine thinking and learning; machine behaviour; etc.

Various AI researchers study such content from different angles. For example, from the ones based on brain function simulation; on the application field and application system; on the system structure and supporting environment; on the distributed artificial intelligence system; on machine theorem demonstration; on uncertainty reasoning, etc. Chinese scholars have made some important achievements in machine theorem proving, hierarchical knowledge representation and reasoning, automatic planning, iris and speech recognition, extension, evolutionary optimisation, data mining (the process of extracting and discovering patterns in large datasets involving methods ranging from machine learning intersection to statistics and database systems), etc. In AI basic research, Chinese experts have great international influence. In general terms, however, the results are not sufficient, the scope is not broad and the overall influence needs to be further improved.

AI basic research is the cornerstone of sustainable development of the related technology, and only by laying sound foundations in it can we provide the driving force for the vigorous development and comprehensive upgrading in the field of its applications. AI basic research needs to be comprehensively strengthened. Innovative multidisciplinarity needs to be encouraged, and importance needs to be attached to it on a forward-looking basis.

The demand for software is an inexhaustible source of technological innovation. AI is considered the fourth industrial revolution. Its theme is three intelligences: factory, production and logistics. The main content of the Made in China 2025 plan is to establish a production line, adopt a management and operation model and start with the following five aspects: design, technology, production, service guarantee and management. The key role of AI technology in smart manufacturing can only be seen from the progress of these aspects.  

The implementation of AI technology can be extended to all investment classes and subjects. For example, the intelligent development of technology applied to industrial and mining enterprises includes five points:

1) using intelligent machines (including smart robots) to replace work in hazardous, toxic, radioactive and other harmful environments and in heavy, arduous, repetitive, monotonous, high-altitude, dusty and other difficult conditions, to reduce the intensity of physical and mental work and protect workers (the health issue);

2) using AI technology to design factories and mines, production workshops, sections and equipment, as well as quickly optimise the design scheme and achieve the design intelligence of production;

3) implementing AI technology to fully achieve the production process;

4) developing an intelligent consultation and decision-making system: providing scientific advice, decision-making and management of the production process, and moving towards intelligent production and staff management;

5) researching and developing various expert systems for production planning: monitoring and control of the production process; intelligent fault diagnosis of production systems and equipment; and improvement of labour productivity and product quality.

AI developers combine the characteristics of various enterprises and promote Made in China 2025 and Internet + plans as an opportunity. They seize the historic opportunity of the second machine revolution, achieve AI and vigorously develop these fields. Smart technology and industry inject ideas into the “new” normal of the economy. There is a need to improve the research, development and innovation capabilities of AI technology in the industrial field; to develop high-level products and avoid low-result repetition and haphazard competition. We need to deepen the promotion and implementation of these technologies and make the smart industry bigger and stronger.

As a high-tech segment, AI needs to innovate policy mechanisms, management systems, market mechanisms, and performance transformation to provide an excellent environment for its and its industries’ development and to accompany the healthy progress of initiatives.

Policies need to be introduced to encourage the implementation of AI in the promotion and market development of technology and to broaden the support of national policies, so that new funds and applications will be obtained and new technologies from the laboratory to the field be accelerated as soon as possible. (10. continued).

Continue Reading

Publications

Latest

Trending