Skip to main content

Month: February 2023

Five key data privacy trends for 2023

Written by Brendan Walsh on . Posted in Machine Learning. No Comments on Five key data privacy trends for 2023

By Alex Wackett, Director of Data Ethics and Privacy at Calligo.

With growing volumes of personal data being collected, analyzed, shared and stored, there is more expectation than ever on businesses to ensure privacy for their employees, clients and wider supply chain. The digital age has streamlined ways of working, improved the targeting and personalization of services and communications and made detailed information available at the touch of a screen. But personal data is exactly that – personal. It falls to everybody to ensure that the privacy and safety of our employees, suppliers and customers are never compromised.

As we head into 2023 and beyond, our industry will continue to be shaped by developing trends in data privacy. Here are our predictions for the top five likely to dominate this year:

1. Increased regulation

Recent years have seen a wealth of new laws enacted across the globe, both at a state and federal level. The European Union’s General Data Protection Regulation (GDPR) was put on the statute books in May 2018, imposing strict rules on how personal data can be collected, used, stored and shared across the 27 member states. Despite numerous attempts, the United States does not currently have a comprehensive federal data protection law, but in late 2022 introduced the American Data Privacy Protection Act (ADPPA).

In the absence of a federal law, a number of states have implemented their own (or are in the process of doing so). California’s Consumer Privacy Act (CCPA), which passed into law in January 2020, is one such powerful example, followed by an amended statute called the California Privacy Rights Act (CPRA) which became law on January 1st 2023.

The trend for new regulation and legislation only looks set to continue, with The Data Protection and Digital Information Bill currently moving through the UK Parliament.

2. Improved transparency

Individuals everywhere rightly expect their personal data to be tightly controlled and kept out of the wrong hands. In a global study by Deloitte in 2021, 66% of respondents said they were concerned about how companies use their data. Yet there are signs that the social restrictions imposed on us as a result of the pandemic have softened the public’s worries about sharing health data with organizations if it is perceived to be beneficial. Around two thirds of respondents in that same survey were comfortable sharing their vaccination status to make travel and entertainment bookings.

Improved transparency will be increasingly important for consumer confidence, with any data breaches punished by severe fines. The largest levied to date was on Chinese ride-hailing service Didi Global, with a whopping $1.2 billion penalty imposed in July 2022.

Practical steps organizations can take to improve transparency include the provision of clear data policies and giving consumers control over data sharing and removal tools.

3. Advances in intellectual technology

Artificial Intelligence (AI) and Machine Learning (ML) are revolutionizing the way we work, but they necessarily require vast amounts of personal data. Anonymizing data will help ensure that companies stay within privacy laws (anonymized records are not classified as personal data and are therefore exempt from GDPR regulations). AI and ML algorithms make decisions based on data input and so recognizably personal data is not required. Organizations can take steps to ensure that data is used in secure and private ways, using third-party data where possible and blocking potential for reverse engineering by bad actors.

4. Greater personal ownership

Organizations and individuals alike are more aware of the value of personal data and as such require ever greater control over how this information is gathered, stored and used. In the corporate world, marketing, sales and HR data brings competitive advantage and so is always closely guarded.  

81% of consumers say they are more concerned about how their data is used online, yet most allow cookies with a pre-ticked box for consent and agree to terms and conditions without reading them. The benefits of having information and services at our fingertips outweigh concerns about privacy it seems. Responsible data management begins by asking users for consent – there is more businesses can do to ensure that they give it with full understanding.

5. Tighter Environment, Social and Governance (ESG) reporting

In today’s business landscape, environmental responsibility has become a critical concern for companies worldwide. With the ongoing efforts to achieve Net Zero, companies are required to demonstrate their commitment to reducing carbon emissions and minimizing their environmental impact. This commitment involves a range of activities, including the processing of employees’ personal data. As such, companies need to ensure that their data processing practices align with the highest standards of data protection and privacy to safeguard the sensitive information of their employees. Failure to do so could result in significant financial and reputational damage, as well as legal sanctions.

Organizations must therefore be proactive in their approach to data protection and privacy, developing comprehensive policies and procedures that promote responsible data management. They should also invest in the necessary technology and tools to ensure the secure handling of sensitive data, such as employee records, and provide regular training to employees on data protection best practices. By adopting a holistic approach to data protection and privacy, companies can demonstrate their commitment to environmental responsibility while safeguarding the privacy and security of their employees’ personal data.

If you’d like to explore how to future-proof your organization in line with these data protection trends, please get in touch

The benefits of outsourced Data Protection Officer as a Service

Written by Brendan Walsh on . Posted in Data Privacy, Data Protection, Glossary. No Comments on The benefits of outsourced Data Protection Officer as a Service

As the world becomes increasingly digital and cloud based, the importance of data protection and privacy has become paramount for all organizations. One key aspect of ensuring compliance with data protection laws and regulations is the appointment of a Data Protection Officer (DPO).

However, appointing a DPO internally can present several challenges, including conflicts of interest and a lack of specialized skills. That is where Data Protection Officer as a Service (DPOaaS) comes in.

Sidestep potential conflict of interest

One of the main reasons organizations appoint external DPOs is to sidestep the potential conflict of interest that arises when a DPO is appointed internally. Supervisory Authorities are becoming increasingly strict about this issue, and a conflict of interest can be seen as a punishable breach. For example, CIOs and CISOs are responsible for the collection, storage, and protection of data, which can prevent them from objectively scrutinizing their own processes.

Similarly, Heads of Legal and In-House Counsel are tasked with defending the organization’s interests, while a DPO is required to represent the data subject. Heads of Compliance, who are responsible for determining how data is processed, may also be unable to impartially assess its adherence to legal obligations.

By outsourcing your DPO to a specialized service provider, such as Calligo, you can sidestep these conflicts of interest and ensure your organization’s compliance and data safety. Outsourcing your DPO is also faster and more cost-effective than hiring one internally.

10x as many DPO vacancies as there are qualified individuals

There are currently 10x as many DPO vacancies as there are qualified individuals, making hiring processes long and expensive. Outsourcing your DPO allows for flexible resourcing, as the role is often not a full-time position. Additionally, outsourcing your DPO gives you access to a wider set of skills, including technical, legal, and information security expertise, all at a far lower cost than recruiting each of these individuals individually.

The Calligo Privacy Team is a specialized team of experienced and qualified professionals with deliberately diverse career backgrounds and deep subject matter knowledge. They are committed to ensuring adherence to global data protection laws without compromising the ambitions and goals of your clients. The team is highly qualified, holding certifications such as the IAPP, which are the world’s most trusted and respected certifications in data privacy. These cover privacy laws and regulations and the practical operations to apply and deploy them successfully.

The Calligo Privacy Team also brings diversity in terms of industry experience. By operating in varied domains, the team’s expertise is sector-transferable, keeping your knowledge as relevant as possible. In an increasingly complex landscape, the team is uniquely placed to support you in the nuances of different data protection and privacy regulations, across any sector and jurisdiction. The team has supported industries such as global manufacturing, global franchise fast food brands, financial, software as a service platform providers, energy, government, charities, and service providers.

In summary, Data protection and privacy is crucial for all organizations in the digital age. However, appointing an internal Data Protection Officer (DPO) can be challenging, due to potential conflicts of interest and lack of expertise. DPO as a Service (DPOaaS) provides a solution by outsourcing the role to a specialized service provider, avoiding conflicts of interest and providing access to a wider set of skills at a lower cost. The Calligo Privacy Team is a highly qualified team of experienced professionals with diverse backgrounds and certifications in data privacy, who are committed to ensuring global data protection compliance. The team has a proven track record of supporting various industries, keeping knowledge relevant and up-to-date.

Let the team help you fulfill your legal obligation to appoint a suitable Data Protection Officer, while also serving as an internal advisor, representative, and liaison for your organization.

Learn more about Calligo’s Data Protection Officer as a Service

ai and natural learning

Unlocking the power of AI and Natural Learning

Written by Cynthia Hoza on . Posted in Beyond Data Podcast, Glossary, Machine Learning, Machine Learning. No Comments on Unlocking the power of AI and Natural Learning

Listen on Spotify

In Calligo’s latest Beyond Data podcast, co-hosts Sophie Chase Borthwick and Tessa Jones are joined by Alexander Visheratin, Artificial Intelligence Engineer at Beehive AI. Here we explore some of the episode’s highlights; the importance of Natural Learning Processing (NLP) and the pros and cons of output produced by examples like OpenAI’s ChatGPT-3.

“It can do anything, because it was trained on everything”

NLP models like ChatGPT are changing the way we search for data online. But if you average everything, the output will necessarily be average. And we have questions:

  • How ethical is the learning data that feeds these models, and how ethical was the process of collecting it?
  • How can global models be policed and regulated within individual countries?
  • What is the potential for small and specific training datasets to be manipulated by humans in a way that will limit and create biases in the algorithms?
  • Is it a ‘bug’ when a prompt doesn’t give us what we wanted? What we ask for is rarely what we actually get.

Confidence or competence?

One major drawback of the NLP process is that many models stopped learning at the turn of the decade, which as Alexander highlights, can easily lead to incorrect information being generated. “I asked one of the large models, ‘who is the president of the United States?’ and it answered very confidently, Barack Obama.” That confidence is interesting, because as humans we are predisposed to trust information that is given to us clearly and directly, with no hint of doubt.

Also, NLP models are built to prove or agree with the task given to them, and they sound so plausible. Alexander shares a specific example of Chat-GPT providing convincing output that could easily persuade someone unfamiliar with the facts.

“Andrew Ng, who is an Adjunct Professor at Stamford University, asked Chat-GPT to prove that CPU is better than GPU for deep learning. It was very confident and created a long paragraph of text proving it. Then he asked it to prove that some more primitive way of calculating is better than CPU, and it again provided very confident paragraph of text. He ended up basically ‘proving’ that an abacus is better than GPU for deep learning.”

In this age of misinformation, there is huge potential for NLP to spread misleading (or downright false) information very quickly to large audiences. ‘Facts’ which then become accepted, magnified and transmitted further.

Taking liberties with artistic license

There are obvious intellectual property issues when it comes to NLP and art generation. Asking an AI tool to create a piece in the style of a named artist will generate convincingly similar work. But if this output contravenes the artist’s morals or political views for example, it is easy to see how discomfort (and possibly even legal challenges) could follow. Conversely, when original artwork is produced that has been generated from hundreds of command iterations to finesse exactly the output required, can it still be seen as ‘art’? Is it the work of the individual using the AI tool, or the tool itself? But is this any different to the great works credited to Michelangelo that we know were produced in part by his students? Is the value of NLP in art actually more as an idea generator, a source of inspiration for the artist rather than the end point?

Alexander believes that creatives shouldn’t be afraid of natural learning. “I think NLP is more of a supplement, a good supplement, because it allows us to be more creative, pushing forward, advancing. It’s not like a replacement at all, it’s more like a co-worker or a supplemental ghost writer almost.”

Guard rails contain or keep out discriminatory language?

OpenAI were very upfront when ChatGPT first launched about the fact that the model would not allow misogynistic or racist material to be produced. Yet the very nature of the learning process saw AI models scraping huge amounts of learning data from the internet, much of which would inherently be of questionable bias and tone. Thus, what these models are drawing from as ‘normal’ is very much not.

“What Chat-GPT doesn’t allow, it feels like it doesn’t allow not because of how it was trained, but because of the huge amounts of guard rails that OpenAI built around it. So, they basically caged this model into all these sorts of limitations about stuff that it shouldn’t allow. But if you can get past these guard rails and into the model itself, it still has all these biases, like race, gender, all this stuff. It still has it, but they just try their very best to limit the way it can show it. Chat-GPT is essentially a celestial bureaucrat!”

NLPs provide assistance, not autonomy

Going forward, combining NLP output with factual SEO-sourced content feels like best practice when using AI tools. Alexander points out that this is quicker than finding the information yourself too and gives us the opportunity to validate what the models generate. Ultimately, he believes that directed and federated learning have fantastic potential, as long as we remain mindful of the risk of reverse engineering and privacy breaches. Using NLP as part of the solution, not the source of the only answer.

If you’d like to discuss the benefits of using Natural Learning Processing in your organization, please contact Tessa Jones to find out more.

You can also watch the fascinating podcast in full below.

<< PREVIOUS EPISODE
NEXT EPISODE >>