Buffl
Buffl
Project Scoping

PS 4th week

LI
by Luca I.

Responsible AI:

  • set of principles that help guide the design, development, deployment and use of AI

    -> building trust in AI solutions

  • involves the consideration of a broader societal impact of AI

  • required to align thsese technologies with Stakehodler values and legal standards and ethical principles

  • resp AI embeds this etical principals in AI applications and workflows to mitigate risks and negative outcomes while maximizing positive outcomes


OECD AI principles:

  • inclusive growth, ssustainable develoopment and well being

  • transparency and explainability (factors determining unemployment rate)

  • accountability

  • Human rights and democratic values, including fairness and privacy

  • robustness, security and safety


From Bias to Trustworthy AI – Quick-wins

“Fairness is not automatic — it’s intentional”

  • Diverse training datasets

  • Bias audits (e.g., aequitas)

  • Human-in-the-loop review

  • Transparent documentation of

    model logic (e.g., Model Cards)


AI act & General Data Protection Regulation

-> must knows

AI act (regulation)

  • The first EU legal framework to adress the risks on AI. It sets clear requirements and obligations for AI developers and users, and positions Europe as a global leader. It also aims to reduce administrative and financial burdens, especially for SMEs.


GDPR (Regulation)

  • The General Data Protection Regulation (GDPR) is an EU law governing the collection, processing, and storage of personal data. It protects individuals’ rights to privacy while allowing free data flow within the EU. Organizations must follow strict rules on transparency, consent, accountability, and security, with heavy penalties for non-compliance.


Data Governance Act (DGA), Data Act & Open Data Directive

-> good to know

AI act in detail:

  • The AI Act aims to provide AI developers and deployers with clear requirements and

    obligations regarding specific uses of AI.

prohibited AI practives:

  • manipulative or deceptive techniques

  • exploits any vulnerability of a natural person

  • untargeted scraping of facial images for facial recognition databases

  • infer emotions at workplace

Example:

AI systems intended to be used for the recruitment or selection of natural persons, (…) to analyse and filter job applications, and to evaluate candidates;


AI act, High risk AI systems

  1. Bioentrics

  2. Critical infrastructure

  3. Education and vocational training

  4. Employment, workers’ management and

    access to self-employment

  5. Access to and enjoyment of essential private

    services and essential public services and benefits

  6. Law enforcement

  7. Migration, asylum and border control management

  8. Administration of justice and democratic processes


Requierements for high-risk AI systems

AI act

  1. risk management System

  2. Data and Data governance

  3. technical dodumentation

  4. record keeping

  5. transparency and provision of information to deployers

  6. human oversight

  7. accuracy, robustness and cybersecurity

  8. fundamental rights impact assesement for high risk AI systems


Which rules to follow in the EU?

GDPR + AI Act + other data/ AI/ digital legislation + industry specific legilation

Main legal documents in a data project

  • Legal Agreement between Service Provider & Partner/ Client

  • Individual NDA

  • Data Processing Agreements/ Joint Controller Agreements (GDPR)


GDPR deepdive:

What?

  • It is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

  • To give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

  • California Consumer Privacy Act (CCPA) has many similarities


GDPR

What data can we process and under which conditions

  • processed in a lawful and transparent manner

  • specific purpose for processing or new purpose compatible with original one

  • only necessary data -> data minimisation

  • keep data up-to-date

  • only user for initial purpose -> purpose limitation principle

  • storage no langer than necessary -> storage limitation

  • technical and organisational safeguards


GDPR

What information must be given toi ndividuals whose

data is collected?

  • who

  • why

  • legal justification

  • how long

  • transfered outside the EU?

  • copy of the data

  • right to lodge a complaint

  • right to withdraw consent

  • existence of automated decision-making


GDPR 10 key ingredients


Does a company needs to have a data Protection officer?

  • if core acticity is processing data on a large scale

  • large scale, regular and systematic monitoring of individuals

  • public administration



Measuring impact of a data and AI project

  1. How can I measure the impact of the data and AI tool created on my original problem/ opportunity?

  2. What key indicators can be connected to my tool?

  3. How does performance compare before and after implementing the model?

  4. Are there secondary indicators (cost, time, quality, customer satisfaction) that also reflect impact?


Measuring impact of a data and AI project

(project: develop a recommender system to match demand and supply in the job market)


About adoption and End Users:

1. How are end-users (internal teams or customers)

experiencing the AI tool?

2. Does it enhance decision-making quality or

improve the customer experience?

3. Are there any complaints, trust issues, or ethical

concerns arising from its use?

4. Are employees actually using the AI tool in their

workflows?

5. What are the barriers to adoption across teams?

6. Is the model reducing manual effort or decision

time? If so, by how much?

Join Course
Preview

Author

Luca I.

Information

Last changed

Report course
© 2023 Buffl GmbH