In a significant move to address the challenges posed by artificial intelligence (AI) to personal data privacy, the Office of the Privacy Commissioner for Personal Data (PCPD) has published the “Artificial Intelligence: Model Personal Data Protection Framework.” This new framework aims to provide comprehensive guidance and best practices for organizations in Hong Kong to procure, implement, and use AI technologies, including generative AI, in compliance with the Personal Data (Privacy) Ordinance (PDPO).
As AI technology continues to advance rapidly and its application becomes more widespread, concerns about AI’s impact on personal data privacy have intensified. To support the “Global AI Governance Initiative” of China, the PCPD’s Model Framework offers internationally recognized recommendations designed to ensure AI’s benefits are harnessed while safeguarding personal data.
Privacy Commissioner Ada CHUNG Lai-ling emphasized the importance of AI security as a component of national security. “The PCPD published the ‘Artificial Intelligence: Model Personal Data Protection Framework’ to provide practical recommendations and best practices to assist organizations in procuring, implementing, and using AI systems responsibly. I believe this framework will nurture the healthy development of AI in Hong Kong, facilitate its growth as an innovation and technology hub, and propel the expansion of the digital economy in the Greater Bay Area,” she said.
Prof. Hon William WONG Kam-fai, a member of the PCPD’s Standing Committee on Technological Developments and the Legislative Council, highlighted the timeliness of the framework. He noted that it aligns with China’s “Artificial Intelligence +” initiative aimed at fostering industrial development through technological innovation. “The framework serves as useful guidance for enterprises to utilize AI technology, promoting industrial innovation and upgrading, and strengthening Hong Kong’s status as a global technology and innovation hub,” he stated.
The Model Framework received support from the Office of the Government Chief Information Officer of the Hong Kong Government and the Hong Kong Applied Science and Technology Research Institute. The PCPD also consulted various experts and stakeholders, including public organizations, the technology industry, universities, and AI suppliers, during the drafting process.
The Model Framework offers a comprehensive set of recommendations and best practices for organizations to govern AI systems responsibly while safeguarding personal data privacy. It aims to ensure compliance with the Personal Data (Privacy) Ordinance (PDPO) and adherence to the three Data Stewardship Values and seven Ethical Principles for AI outlined in the PCPD’s 2021 guidance. The framework is structured around four key areas.
Firstly, it encourages organizations to establish an AI strategy and governance framework that includes considerations for procuring AI solutions, setting up an AI governance committee, and providing relevant training to employees. This involves setting clear policies and procedures to ensure ethical and responsible AI use. Secondly, it emphasizes the importance of conducting comprehensive risk assessments and adopting a risk-based management approach, with proportionate risk mitigation measures and human oversight based on the AI’s risk levels.
Additionally, the framework advises organizations to prepare and manage data, including personal data, for the customization and use of AI systems. This includes thorough testing and validation of AI models, ensuring system security, and continuous monitoring of AI systems to maintain their effectiveness and security. Finally, effective communication and engagement with stakeholders, such as internal staff, AI suppliers, customers, and regulators, are crucial. The framework advocates for regular and clear communication to ensure all relevant parties are informed about AI practices and policies, thereby enhancing transparency and building trust in AI systems.
The Model Framework is designed to assist organizations in navigating the complexities of AI technology while prioritizing personal data protection. By adopting these best practices, organizations can ensure the responsible and ethical use of AI, ultimately fostering public trust and supporting the sustainable growth of AI in Hong Kong and beyond.
Privacy Commissioner Ada Chung expressed gratitude to the experts and stakeholders who contributed to the framework. “Their support and valuable comments were instrumental in the development of this comprehensive guide, which will significantly enhance AI governance and personal data privacy protection in Hong Kong,” she said.
Need Help?
If you’re wondering how PCPD, or any other regulatory body, could impact you and your business, don’t hesitate to reach out to BABL AI. Their Audit Experts can address your concerns and questions while offering valuable insights.