Emerging tech privacy

AI

Artificial intelligence has the potential to affect every aspect of the workplace and could inject $15.7 trillion into the global economy by 2030. AI encompasses “smart” technologies that are aware of and can learn from their environments, enabling them to subsequently take autonomous action and helps organizations solve problems and amplify efficiencies.

Applications today and in the future

• HR: AI helps companies determine top job applicants.
• Healthcare: AI-powered diagnostics use a patient’s unique history as a baseline against which small deviations flag a possible health condition.
• Transportation: Autonomous vehicles use AI for vision and pattern recognition, to respond to data captured by vehicle sensors.

Privacy challenges

Making AI responsible encompasses understanding how data is being collected and used, providing transparency about how it works, avoiding data uses that unintentionally discriminate against individuals and ensuring that AI systems are not built on biased algorithms and are protected from intrusions.

For example, AI used by a financial services company may draw inferences from activity at an ATM near a cancer center, concluding that a customer engaged in such transactions is not a good financial risk because he or she is more likely to be terminally ill. AI algorithms should be devised to exclude such personal characteristics as race, gender, religious orientation and sexual preferences. Companies must be prepared to defend their decisions around which personal information is used to make inferences about customers.

Many businesses aiming to use big data analytics, deep learning and machine learning to achieve competitive advantage must navigate the transparency requirements of the EU’s General Data Protection Regulation (GDPR), which, among other things, gives individuals the right to avoid being subject to solely automated decision-making. These restrictions are expected to limit the potential of AI in Europe.

Addressing the privacy concerns around AI

The great potential of AI also brings great risk. Many organizations recognize the need for responsible AI and are taking the following steps:

• Boosting AI security with validation, monitoring and verification
• Creating transparent, expandable, provable AI models
• Creating systems that are ethical, understandable and legal
• Improving governance with AI operating models and processes
• Testing for bias in data, models and human use of algorithms

Take PwC’s Responsible AI Diagnostic.

Blockchain

A blockchain is a distributed digital ledger that leverages software algorithms to record and confirm transactions without relying on a central authority, opening the door to autonomous digital commerce. The technology potentially will usher in an era of autonomous digital commerce. Eighty-four percent of respondents to PwC’s survey of 600 executives from 15 countries said their organizations are actively engaged with blockchain. By 2030, blockchain will generate an annual business value of more than $3 trillion, according to Gartner.

Applications today and in the future

A fast-food company currently uses blockchain to let customers exchange virtual coins for burgers. In the future, medical professionals could use blockchain records to store and share healthcare information more effectively without risking privacy breaches. Governments could use blockchain to provide access to a single information source for property records. In digital advertising, blockchain could close the trust gap by letting buyers verify how ads are performing, and confirming the authenticity of digital outlets.

Elsewhere, by providing a more accurate view of a plane’s configuration and maintenance history, blockchain could boost power and efficiency for the aerospace industry. Blockchain could also help transform the tax function by minimizing issues related to the use of different accounting systems, lack of standardization and difficulty producing proper documentation for audits.

Privacy challenges

Blockchain presents significant privacy challenges, despite its benefits. There’s no established risk and control framework, because each enterprise environment is different. Key priorities are data minimization and true data anonymization—ensuring that any of the myriad personal identifiers in a blockchain can’t be tracked back to an individual. Operational safeguards must be established to cover situations in which technology alone can’t prevent exploitation of blockchain vulnerabilities.

Companies with control over any personal data stored on their Distributed Ledger Technology (DLT)-based systems are likely to be subject to the strict standards under the GDPR, CCPA and other regulations. Simply declaring the data to be permanent when the organization uses the DLT for internal handling of data won’t comply with applicable regulations.

Addressing the privacy concerns around blockchain

Blockchain was created to enable trustworthy transactions, but there have already been breaches. To safeguard their blockchains, companies need to:

• Ensure that all new entrants to a public blockchain are verified
• Carefully evaluate the pros and cons of private vs. hybrid or public blockchains in regard to privacy
• Safeguard against criminal activity that includes hacking cryptocurrency wallets and stealing funds
• Educate customers and employees on the importance of keeping their private keys safe
• Make sure the blockchain adheres to GDPR privacy guidelines and does not include any personal data (known as blockchain privacy poisoning). EU residents can request their information to be deleted, but, once a block is verified, this is no longer possible.