The Office of the Privacy Commissioner for Personal Data (Privacy Commissioner) of Hong Kong released the “Artificial Intelligence (AI): Model Framework for Personal Data Protection” on the 11th, providing recommendations for organizations in the procurement, implementation, and use of artificial intelligence systems in handling personal data.
With the rapid development of AI technology, the application of AI is becoming increasingly prevalent. In response to the challenges that AI poses to personal data privacy, the Privacy Commissioner has formulated the “Model Framework”.
The “Model Framework” is based on general business processes, providing organizations with recommendations and best practices for AI governance in safeguarding personal data privacy. It aims to assist relevant organizations in complying with the provisions of the “Personal Data (Privacy) Ordinance” and adhering to the three data management values and seven AI ethical principles advocated by the Privacy Commissioner in the “Guidelines on the Development and Use of AI Ethics” published in 2021.
The “Model Framework” covers four key areas. Firstly, “Developing AI Strategy and Governance Framework” where organizations should establish internal AI governance strategies, including AI strategies, governance considerations for procuring AI solutions, setting up AI governance committees, and providing relevant training for employees.
Secondly, “Conducting Risk Assessment and Human Oversight” requires organizations to conduct comprehensive risk assessments, establish risk management mechanisms, and adopt a risk-based management approach depending on the level of AI risk, implementing corresponding risk mitigation measures.
Thirdly, “Implementing and Managing Customized AI Models and Preparing and Managing Models” involves preparing and managing data for customizing and/or using AI models, including personal data, testing and validating AI models during the customization and implementation of AI systems to ensure system and data security.
Lastly, “Promoting Stakeholder Communication and Exchange” emphasizes regular and effective communication and interaction with stakeholders, especially internal employees, AI suppliers, individual consumers, and regulatory authorities to enhance transparency and build trust.
The Privacy Commissioner stated that the “Model Framework” has received support from the Hong Kong Government Chief Information Officers’ Office and the Hong Kong Applied Science and Technology Research Institute. During the formulation of the “Model Framework”, the authorities also consulted with various experts and relevant stakeholders, including members of the Commission on Technology Development, public institutions, the technology industry, universities, and AI suppliers. Tsang Hiu Ming hopes that organizations will effectively implement the processes outlined in the “Model Framework” when using AI, rather than treating it as a one-time effort.