The National Data Protection Authority (ANPD)’s call for proposals on Artificial Intelligence (AI) and Personal Data Protection aims to gather contributions from different segments of society, including experts, for the development of specific regulations. With my theoretical and practical experience in privacy and data protection programs and a strong interest in the AI agenda since my master’s and doctoral academic research, I felt personally called to participate. So, I started reading the document, and I set out to learn and participate in all that these intersections provide.
Well, I come across question 13
From block 4, regarding good practices and governance, which is, “How can privacy governance programs as a phone number library to promote compliance with the LGPD in the development and use of AI systems? What requirements, specifically related to the development and use of AI systems, should be observed in these cases?”. And from this point my honest reflections begin.
It is possible to state that discussions
On the topic have been with little technological involvement. And this point caught my attention, since it highlights the gap between the regulatory proposal and the development of systems, and on paper, everything fits. We are watching the chicken and the egg hatch simultaneously.
I have a habit of informally talking to an expert or someone involved in the subject at hand. This time, I was told that a certain scope that was active campaign integration with salesforce to to AI was of “a lot of sensitive data”. To my surprise, there was not a single item on the LGPD’s exhaustive list or a set of data elements that, when combined, would have a discriminatory capacity in such a context.
I have experienced privacy and security
By design and questionable situations have arisen. I have also had the opportunity to experience the opposite, when the issues did not meet. And even then, when they did not exist. I am not a lawyer or an information technology professional and there is no doubt that a privacy and data protection program has a lot to contribute precisely because of its interdisciplinary perspective.
It is worth remembering that there was a time. When business matters were departmentaliz. Not anymore. In addition to physically b2c fax spaces. Process risks are from different perspectives that support the business in which they are inserte. It is inconceivable, nowadays, to hear statements from IT professionals or similar professionals that disregard issues of privacy, image and others.