This book gives a comprehensive overview of the state of Artificial Intelligence (AI), especially machine learning (ML) applications in public service delivery in Estonia, discussing the manifold ethical and legal issues that arise under both European and Estonian law. Final conclusions and recommendations set out and analyze various policy options for the public sector, taking into account recent developments at the European level – such as the AIA proposal – as well as the experience of countries that have issued principles and guidelines or even laws for the use of ML in the public sector.
“For two reasons, this study is relevant not only for an audience which is interested in Estonian administrative law. First, the authors base their legal analysis primarily on EU law and provide a state of the art-analysis of the relevant secondary legislation. This makes the book a reference text for the European debate on public sector AI governance. Second, this study is part of a larger research project in which four specific use cases of public sector AI have been developed and tested. The practical insights gained in these projects have provided the authors with an excellent understanding of the opportunities and risks of the technology, which distinguishes this legal analysis from similar enterprises.” Excerpt from the foreword by Professor Thomas Wischmeyer (University of Bielefeld)
Author(s): Martin Ebers, Paloma Krõõt Tupay
Series: Data Science, Machine Intelligence, and Law, 2
Publisher: Springer
Year: 2023
Language: English
Pages: 252
City: Cham
Foreword
Acknowledgements
Contents
Abbreviations and Table of Legislation
Chapter 1: Introduction
1.1 Estonia, the Digital State
1.2 The Use of AI Systems in Estonia
1.3 AI in Public Administration: Regulatory Issues
1.4 The Book´s Background: The RITA `Machine Learning in Public Service Delivery´ Study
1.5 An Overview of This Book
Reference
Chapter 2: The Promise and Perils of AI and ML in Public Administration
2.1 Defining AI and ML
2.2 Advantages and Opportunities
2.3 Functions and Purposes of Using AI/ML in Public Administration
2.3.1 AI for Gathering and Investigating Facts, Finding Patterns, and Making Predictions and Decisions
2.3.2 AI for Applying, Interpreting, and Drafting Laws
2.3.3 AI as a Source for Automating Other Administrative Tasks
2.3.4 Evaluation
2.4 Deployment of AI and ML Systems in Public Service Delivery
2.4.1 Worldwide Application
2.4.2 Estonia
2.5 Risks
2.5.1 Dehumanization-Loss of Autonomy
2.5.2 Privacy and Data Protection
2.5.3 Transparency, Explainability, and Rule of Law
2.5.4 Effective Remedy, Due Process, and Fair Trial
2.5.5 Fairness and Equal Treatment
2.5.6 Safety and Security
2.5.7 Accountability and Liability
2.5.8 Over-Enforcement and Other Risks
2.6 Summary
References
Chapter 3: The Regulatory Framework in Overview
3.1 International Law
3.1.1 The European Convention on Human Rights
3.1.2 Convention 108, on Data Protection
3.2 EU Law
3.2.1 EU Hard Law
3.2.2 EU Soft Law
3.2.3 The European Commission´s Proposal for an AI Act
3.2.3.1 Overview
3.2.3.2 Estonia´s Position
3.3 Estonia
3.3.1 Estonian AI Taskforce: The Report 2019
3.3.2 Estonian Ministry of Justice: The 2020 Project for a Regulatory Framework
3.3.3 Current Legal Regulations
3.4 Standardization Activities at International and European Level
References
Chapter 4: Privacy and Data Protection: Processing Personal Data, Monitoring, and Profiling Citizens
4.1 AI and Personal Data
4.2 The Legal Framework
4.2.1 Fundamental Rights
4.2.2 EU Law
4.2.2.1 The GDPR
4.2.2.2 The Law Enforcement Directive 2016/680 (LED)
4.2.3 Estonian Law: The Once-Only Principle
4.3 AI, Data-Processing, and General Data-Protection Principles
4.3.1 The Seven Principles of Art. 5 GDPR
4.3.1.1 Lawfulness, Fairness, and Transparency
4.3.1.2 Purpose Limitation
4.3.1.3 Data Minimization
4.3.1.4 Accuracy
4.3.1.5 Storage Limitation
4.3.1.6 Integrity and Confidentiality (Security)
4.3.1.7 Accountability
4.3.2 Problems
4.3.2.1 The Purpose-Limitation Principle
4.3.2.2 The Data-Minimization Principle
4.4 Lawfulness of Data-Processing
4.4.1 Consent as a Legal Basis for the Processing of Personal Data
4.4.2 Legitimate or Public Interest
4.4.3 Transparency Requirements
4.4.4 Data-Protection Impact Assessments (DPIA)
4.5 Special Categories of Personal Data
4.6 Accountability: Who Is the Data Controller?
4.7 Rights of the Data Subject
4.7.1 The Right to Explanation
4.7.2 The Right to Access
4.7.3 The Right to Rectification
4.7.4 The Right to Erasure
4.7.5 The Right to Data Portability
4.7.6 Decision-Making Based on Automated Processing
4.8 Summary
References
Chapter 5: Delegation of Administrative Powers to AI Systems
5.1 Regulatory Capacity of AI
5.2 The Legislator´s Right to Delegate Administrative Duties to AI
5.2.1 The Constitutional Boundaries of Delegating Administrative Tasks to AI
5.2.1.1 Compliance with the Principles of Democracy and the Rule of Law
5.2.1.2 Respecting Individuals´ Fundamental Rights and Freedoms
5.2.1.3 The State´s Ability To Control the Performance of Public Functions
5.2.2 Necessary Scope of Legal Regulation for Using AI in Administrative Tasks
5.2.2.1 Why Using AI in Administrative Procedure Might Require Separate Delegation by the Legislator
5.2.2.2 AI Use Cases That Might Not Require Delegation
5.3 Emerging Legal Approaches to Delegating Administrative Tasks to AI or Automated Systems
5.3.1 The German Provision on Automated Administrative Decision-making
5.3.2 The Estonian Bill on Automated Administrative Decision-making
5.3.3 Critical Evaluation of the German and Estonian Legal Approaches
5.4 Summary
References
Chapter 6: Due Process, Fair Trial, Transparency, and Explainability
6.1 The Opaque Nature of AI Systems
6.2 Transparency as a Cornerstone of the Rule of Law
6.2.1 Transparency as a Fundamental Safeguard in Administrative and Judicial Proceedings
6.2.2 Transparency and Data-Protection Law
6.2.3 The European Commission´s Proposal for an AI Act
6.3 Requirements for Transparency of AI Systems Employed in Rendering Administrative Acts
6.3.1 The Estonian Administrative Procedure Act (APA)
6.3.2 Applying the APA to Automated Decision-Making Systems
6.4 Transparency Requirements for AI Systems in Other Administrative Tasks
6.4.1 AI Systems as Support Tools and in Non-Intrusive Public Services
6.4.2 Transparency Requirements
6.4.3 Limits to the Principle of Transparency
6.5 Transparency and Judicial Review
6.6 The Role of Transparency in the Context of Policymaking
6.7 Pursuit of Transparent and Explainable AI Systems
6.7.1 Ways of Achieving Transparency
6.7.2 Intrinsic Approaches
6.7.3 Extrinsic Solutions
6.7.4 Interests Conflicting with Explainability
6.7.5 Analysis
6.8 Summary
References
Chapter 7: Fairness and Equal Treatment
7.1 Application of International Non-discrimination Law in Estonia
7.1.1 An Overview
7.1.2 Application of the ECHR in the Context of Non-discrimination in Estonia
7.2 EU Non-discrimination Law
7.2.1 The Charter of Fundamental Rights
7.2.2 The Treaty on the Functioning of the European Union
7.2.3 EU Directives
7.3 Estonian Non-discrimination Law
7.4 The Relationship of the GDPR to Non-discrimination Law
7.5 Challenges to Equal Treatment That Arise Through Application of AI
7.5.1 Forms of Discrimination in the Use of AI
7.5.2 Applicability of Non-discrimination Law to AI Solutions
7.5.3 Procedural Hurdles to Enforcement of Non-discrimination Law with Regard to AI
7.5.4 Solutions Aimed at Effective Non-discrimination in the Application of AI
7.6 Summary
References
Chapter 8: Safety and Security
8.1 Safety Standards
8.2 The EU Legal Framework for Safety
8.3 Security Standards
8.4 The EU Cybersecurity Framework
8.5 The Estonian Cybersecurity Act
8.6 Risk Management
8.7 Safeguards for Preventing Malicious Use
8.8 Summary
References
Chapter 9: Accountability and Liability
9.1 Accountability and AI Systems
9.2 Challenges to (State) Liability Regimes
9.3 Liability Regimes in Estonia
9.4 Summary
References
Chapter 10: Intellectual Property Rights and Data Ownership
10.1 Protection of the Models Developed
10.1.1 Copyright Protection for Computer Programs and Databases
10.1.1.1 Computer Programs´ Protection
10.1.1.2 Database Protection
10.1.2 Protection Through Patents
10.2 Protection of Datasets
10.2.1 Sui Generis Database Protection
10.2.2 Data Ownership
10.3 Trade Secrets´ Protection
10.4 Summary
References
Chapter 11: Final Conclusions and Recommendations
11.1 Overview
11.2 Principles and Guidelines for Public Administration
11.2.1 Policy Goals
11.2.2 Comparative Analysis
11.2.3 Recommendations for Estonia
11.3 Prohibitions
11.3.1 Policy Goals
11.3.2 Comparative Overview
11.3.3 Recommendations for Estonia
11.4 Rules for High-Risk AI Systems
11.4.1 Policy Goals
11.4.2 Comparative Analysis
11.4.3 Recommendations for Estonia
11.5 Rules for Delegation of Powers
11.5.1 Policy Goals
11.5.2 Comparative Analysis
11.5.3 Recommendations for Estonia
11.6 Transparency Mechanisms
11.6.1 Policy Goals
11.6.2 Comparative Analysis
11.6.3 Recommendations for Estonia
11.7 Clarification to Anti-Discrimination Legislation
11.7.1 Policy Goals
11.7.2 Comparative Analysis
11.7.3 Recommendations for Estonia
11.8 Algorithmic Impact Assessments
11.8.1 Policy Goals
11.8.2 Comparative Overview
11.8.3 Recommendations for Estonia
11.9 Audits and Regulatory Inspections
11.9.1 Policy Goals
11.9.2 Comparative Analysis
11.9.3 Recommendations for Estonia
References
Chapter 12: Outlook
References
Annex: Juriidiline hinnang masinõppe ja tehisintellekti abil osutatavatele avalikele teenustele
Sissejuhatus
Avaliku halduse põhimõtted ja suunised
Keelud
Nõuded kõrge riskiga tehisintellekti süsteemidele
Volituste delegeerimise reeglid
Läbipaistvusmehhanismid
Diskrimineerimisvastaste õigusaktide selgitamine
Mõju hindamine
Auditid, regulatiivsed kontrollid ja välised, sõltumatud järelevalveasutused
Lõplikud soovitused individuaalsete MVPde kohta
MVP Tööturg
MVP Tulekahjud
MVP E-tervis
MVP Küberjulgeolek
Index
