Technology

Array ( [0] => WP_Post Object ( [ID] => 21598 [post_author] => 14 [post_date] => 2022-07-19 11:35:11 [post_date_gmt] => 2022-07-19 11:35:11 [post_content] => From wearable heart monitors to a live-in robot that answers your medical questions, AI is transforming healthcare, before our eyes. The health technology industry has witnessed enormous growth over the past five years - in the United States, the industry was worth about $8 billion in 2016 but has grown to an estimated $44 billion in 2022. A rise in chronic illnesses, an ageing population, and a shortage in medical personnel is the perfect storm that AI is helping to manage. This rapid growth has inevitably been followed by regulation leaving regulators grappling with complex issues to ensure that AI-enabled devices, apps, and other digital tools used in healthcare (as well as all other industries) are safe, effective, and get the job done. Medical AI is already subject to stringent controls, including the General Data Protection Regulation (GDPR) and the Medical Devices Regulation (MDR). Any personal data processed by an AI system must be processed in a manner consistent with the GDPR, with health information classified as a “special category of data” requiring higher levels of protection. In addition to this, the recently proposed European Health Data Space Regulation (EHDS) strengthens these protections by establishing requirements for data storage with electronic health record systems and setting guidelines for third-party use of health data. Providers of AI will also have to contend with proposed new legislation, the Artificial Intelligence Act (AIA). Recognising the risks AI may pose, the AIA requires heightened cybersecurity, recordkeeping, and risk management for what is classified as “high-risk” systems with a safety component. When drafting the AIA, the European Commission adopted a risk-based approach to ensure that their definition of AI would have the necessary flexibility. Currently, the AIA defines an ‘artificial intelligence system’ as “software that is developed with one or more techniques and approaches listed in Annex I and can, for a given set of human-define objectives, generate outputs, such as content, predictions, recommendations, or decisions influencing the environments they interact with”. Annex I prescribes three methods of processing that could result in a piece of software being classified as artificial intelligence:

• Machine learning approaches, including supervised, unsupervised and reinforcement learning, using a wide variety of methods including deep learning;
• Logic and knowledge-based approaches, including knowledge representation, inductive (logic) programming, knowledge bases, inference and deductive engines, (symbolic) reasoning and expert systems; and
• Statistical approaches, Bayesian estimation, search and optimization methods.

This definition of AI is extremely broad, which is understandable in the light of the rapidly evolving ecosystem. While complying with the relevant legislation, products are frequently marketed as wellness products rather than medical devices (which fulfil a specific medical purpose) in order to avoid the strictures of the MDR. However, applying the above broad definition of AI, could a high-end smartwatch, for example, or some other home healthcare products, fall within the scope of the AIA? It is important to bear in mind that the AIA’s impact is not limited to manufacturers within the EU and the current proposal would subject all those who sell AI systems within the EU to the legislation. Failing to follow these regulations could result in a fine of up to €30 million or 6 percent of the company’s turnover (whichever is higher) – it is worth noting that this fine exceeds the highest penalties imposable under GDPR. The legislation in the area remains in a state of flux and the current draft of the AIA will change – the current text has amassed thousands of potential amendments from each political group within the European Parliament. Members of the European Parliament are expected to debate amendments to the AIA in the coming months.  However, it is certain that changes are coming in this arena and although still some way off, businesses would be wise to stay abreast of developments in the area – as with GDPR, it is possible that the proposed legislative regime may have a ripple-effect across the Atlantic. For further information in relation to this article please contact partner Sean McElligott or partner Anne Bateman. [post_title] => The AI will see you now [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => the-ai-will-see-you-now [to_ping] => [pinged] => [post_modified] => 2022-07-19 12:43:09 [post_modified_gmt] => 2022-07-19 12:43:09 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.philiplee.ie/?p=21598 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) )

Array ( [0] => WP_Post Object ( [ID] => 21461 [post_author] => 14 [post_date] => 2022-06-13 15:19:41 [post_date_gmt] => 2022-06-13 15:19:41 [post_content] => On 25 May 2022, Minister for Justice, Helen McEntee announced a proposal that would allow Gardaí to use facial recognition technology (FRT) when investigating criminal offences. The provision would operate as an amendment to the proposed Garda Síochána (Digital Recording) Bill, an act that the Minister hopes to introduce at the end of the month. So far, the General Scheme of the Digital Recording Bill aims to provide a legal basis for law enforcement use of body cameras, along with other recording devices such as mobile phones. The proposal would also expand the use of Closed-Circuit Television (CCTV) footage and automatic plate recognition technology. Emphasizing the role of technology in enhancing law enforcement practices, Minister McEntee noted that employing FRT could revolutionize how Gardaí manage child exploitation, missing persons, and murder cases. The technology would also help exonerate innocent parties by revealing their whereabouts at the time of the crime. Once enacted, the Bill would allow Gardaí to input an image of a perpetrator into a system that would then provide instant access to images of the suspect, or those that resemble the suspect, taken in public places. This process would enhance the speed and facility with which Gardaí could locate and identify suspects. The Scheme has already been the subject of significant criticism from data protection and human rights perspectives, notwithstanding the fact that it will include a number of safeguards.  For example, rigorous human rights and data protection impact assessments must be completed before the legislation can be finalised and the Bill would need to comply with the General Data Protection Regulation & Data Protection Act (GPDR). While the current Scheme does not include the addition of FRT, it is likely that its use would be limited to cases where there is a risk to national security or an immediate threat to life. However, what about the proposed EU AI Act (AIA) and its possible impact on the Scheme?  You will recall that the AIA will create a uniform legal framework for artificial intelligence among Member States. The AIA seeks to encourage innovation while providing safeguards against potential infringements of fundamental rights. While biometric identification systems are considered “high-risk” under the Act, Member States could authorise law enforcement use of FRT if they adhere to certain stipulations. Under the AIA, law enforcement can employ FRT if its use is “strictly necessary” for finding missing persons, preventing threats to life, physical safety, thwarting terrorist attacks, or identifying or prosecuting those suspected of certain offences  The AIA also requires law enforcement officials to weigh the consequences of each use of FRT against the probability its use would prevent future harm. Lastly, individual use of the technology would require the consent of a judiciary or supervisory authority unless circumstances necessitated urgency. As such, national legislation would have to provide a legal process through which law enforcement officials could receive consent for each individual use of this technology. If European Parliament passes the AIA, then the Digital Recording Bill would be required to comply with this framework. However, the whole issue remains in a state of flux and the current draft of the AIA will change – the current text has amassed thousands of potential amendments from each political group within the European Parliament. Members of the European Parliament are expected to debate amendments to the AIA in the coming months, and criticism from other governing bodies could influence these changes. Responding to the draft of the AIA, the EDPB and EDPS called for a total ban on FRT in publicly accessible spaces “in any context”.  The agencies also argued that data protection authorities should be given a more prominent role in enforcing the provisions since data protection and artificial intelligence are so closely intertwined. If amendments to the AIA take on board these concerns, then the EU AI Act could enact stricter prohibitions on the use of FRT and how it is supervised. Since the proposal for the Digital Recording Bill will not be published until the end of the month, the extent to which Gardaí will be able to use FRT is unclear but will likely be limited to serious offences. However, given the AIA, the circumstances and facility with which this technology can be used under the Digital Recording Bill may be subject to stricter limitations.   For further information in relation to this article please contact partner Sean McElligott and partner Anne Bateman. [post_title] => Artificial intelligence and the proposal for the use of facial recognition technology by the Gardaí? [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => artificial-intelligence-and-the-proposal-for-the-use-of-facial-recognition-technology-by-the-gardai [to_ping] => [pinged] => [post_modified] => 2022-06-13 15:23:45 [post_modified_gmt] => 2022-06-13 15:23:45 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.philiplee.ie/?p=21461 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) )

Array ( [0] => WP_Post Object ( [ID] => 21568 [post_author] => 14 [post_date] => 2022-07-11 08:35:53 [post_date_gmt] => 2022-07-11 08:35:53 [post_content] => On Tuesday, the European Parliament passed the Digital Services Act (DSA) and Digital Marketing Act (DMA) in what European Commissioner, Thierry Breton referred to as a “landslide vote”. Guided by the principle of making whatever is illegal offline, illegal online, the DSA sets out multiple standards related to corporate accountability and transparency while the DMA is concerned with market dominance. The legislation increases third-party access to large platforms and threatens to sanction those that fail to comply with these measures. The DSA and DMA aim to regulate online platforms, which is why they are often discussed together, although they regulate different aspects - together, their aim is to promote safer and more transparent internet use. The DSA aims to preserve fundamental rights by imposing more stringent regulations on tech companies. The requirements of the DSA include:

• responding quickly to any illegal content on the site;
• increasing traceability and checks on traders to ensure that items and services sold are legal by nature;
• allowing users to challenge a site’s protocol for recommending content;
• providing even stricter measures for large platforms, which it defines as sites with over forty-five million users. Accordingly, these companies must be subject to independent audits and take additional measures to avoid systemic risks; and
• allowing users of large corporations to opt of any targeted advertising.

To promote fair competition among tech companies, the DMA regulates large platforms, which it defines as businesses with an annual turnover of over 7.5 billion euros. The rationale behind the bill is described by Andreas Schwab, the rapporteur for the DMA, “We no longer accept the ‘survival of the financially strongest’. The purpose of the digital single market is that Europe gets the best companies and not just the biggest”. As such, the DMA classifies large tech corporations as “gatekeepers” whose prominence on the market makes it difficult for consumers to avoid.  Thus, the act sets forth requirements that promote third-party involvement within the platforms:

• third parties must be allowed to request access to operate within the gatekeeper’s platforms;
• gatekeepers must provide businesses with the data they produce to promote their own products; and
• gatekeepers are prohibited from favouring their products over others, impeding users’ ability to download third-party applications, and processing user data for targeted advertisements without consent to do so. The DMA seeks to limit gatekeepers’ hold over the vast amounts of data it generates and increase outside access to popular platforms.

The DSA and DMA were passed quickly, showing the strong political support behind the new laws. The DSA and DMA are expected to enter into force this autumn twenty days after they are adopted by the European Council. The DSA will apply fifteen months after it enters into force or on 1 January 2024 (whichever date comes later). However, large corporations will be expected to adhere to the DSA within only four months after entry into force. Large platforms must then comply with the DMA six months after it enters into force. Enforcement of the DMA is a key issue. To fund enforcement of the DSA, the European Commission will be able to charge companies up to 1% of their annual turnover for a supervisory fee. In contrast, there is no such levy to enforce the DMA. The Directorate-General for Communications Networks, Content and Technology (DG CNECT) plans to dedicate one-hundred staff members to enforce both regulations and expects to enhance this support by consulting experts and outside contractors. Enforcement of the DMA will be shared with the Department for Competition Policy. There has been significant criticism of the high fining cap provided by the DMA. The GDPR provides a legal maximum of 4% of a company’s annual turnover, but the DMA more than doubles this value, allowing for fines of up to 10% of the company’s turnover. Tech companies will almost inevitably have to make changes to comply with the DSA and DMA. Christel Schaldemose, rapporteur for the DSA, is on the record as saying that, “For too long tech giants have benefited from an absence of rules. The digital world has developed into a Wild West, with the biggest and strongest setting the rules.” The DSA and DMA complement each other, arguably setting higher standards for online platforms and reducing the dominance major corporations have over the market. The clear message is that if you are not already doing so, you need to get ready - does the DSA impact on your business model, do you need to do things differently, will your existing contracts need to be amended?  By analogy with the transformative impact of GDPR, it is possible that the new laws may have a ripple-effect across the Atlantic. For further information in relation to this article please contact partner Sean McElligott or partner Anne Bateman. [post_title] => The DSA and DMA – Big changes are on the way [post_excerpt] => [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => the-dsa-and-dma-big-changes-are-on-the-way [to_ping] => [pinged] => [post_modified] => 2022-07-12 13:52:56 [post_modified_gmt] => 2022-07-12 13:52:56 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.philiplee.ie/?p=21568 [menu_order] => 0 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) )