The legal implications of using artificial intelligence

Guest comment by Anya Topley, solicitor at asb law

By its very nature the industry is a rich source of data, so the myriad ways that technology offers to maximise business efficiency, while improving customer experience, is too good an opportunity to miss.

For example, Hilton Hotels, in collaboration with IBM, is piloting a robot concierge called Connie. Aimed at personalising the guest experience, assisting with queries and providing guests with information to help plan trips, Connie learns from its interactions with guests.

The collection of such vast amounts of data has serious data protection implications, particularly with the implementation of the General Data Protection Regulations (GDPR) only a few months away

Amadeus uses artificial intelligence (AI) to offer specifically tailored travel offers based on a customer’s preferences and needs; while KLM is using Facebook’s Messenger app to allow passengers to request their boarding pass.

Finally, Axa is trialling Fizzy, a smart contract-based flight delay insurance that automatically pays out if a flight is delayed by more than two hours.

So far so good for business, but what are the legal implications that this technology brings? All these technologies rely on data, or big data to be specific – huge amounts of real-time information obtained from different sources. However, its varying nature makes it difficult to analyse using conventional methods, which is where AI comes in. AI analyses big data to create models from which inferences and predictions can be made, but it also learns and adapts accordingly.

Data Protection
The collection of such vast amounts of data has serious data protection implications, particularly with the implementation of the General Data Protection Regulations (GDPR) only a few months away. Some of the key points to consider are:

• Is the processing fair and transparent? Fairness includes the effect of processing and individuals’ expectations on the use of their data. Depending on its use, profiling in particular can have an intrusive effect on individuals.
• On what basis is data being processed? If relying on consent, it must be freely given, specific and informed. Under GDPR, consent must also be unambiguous and obtained through affirmative action, such as ticking a website box or choosing particular technical settings on an app.
• Where automated decisions are being made, is there a mechanism in place for human intervention? The GDPR also includes a right for people not to be subject to automated processing where it significantly affects them.

Intellectual Property
The use of these technologies raises a number of issues over intellectual property rights. These include:

• Who owns the data collected;
• Who owns the data and results generated by the system;
• Are any rights to the data acquired by the technology supplier;
• Is use of the results restricted to the parties involved or can it be used to benefit others?
• It also raises the question of whether copyright in machine creations arises, and if so, who owns it?

Therefore, it is important to ensure that contracts with technology suppliers address these points.

Liability

If something goes wrong with the technology being used, who is responsible? Historically, the party who caused the loss would be held responsible. However, when using technology such as AI, the cause of defects may be inexplicable or not due to human error. Again, ensure contracts clearly set out:

• What the intended objective of using such technology is;
• What constitutes product failure;
• What happens if the desired objectives are not achieved; and
• Who is responsible for any loss or damage caused.

Until the law “catches up” with the developments taking place, if you are using these types of technology, then you should be aware of the legal implications, assess the benefits of using the technology against the legal risks, and take steps to mitigate those risks wherever possible.

Anya Topley is a solicitor at asb law LLP