SHARE >>>  

In Privacy We Trust - Can Europe Lead in AI?

By Antti Tulonen

30 September 2019

In Privacy We Trust – Why the EU Should Lean to Its Fundamental Values to Overtake China (and US) in AI Development by 2030 

The Artificial Intelligence (AI) industry in Europe is worried that the General Data Protection Regulation (GDPR) could be undermining the EU’s plan to overtake China (and the US) in AI Development by 2030. However, the EU should not emulate the lax regulatory approach of China or the US to compete, but to leverage its pioneering privacy rules as a competitive advantage.

In December 2018, the European Commission laid out its visionto become the world leader in the development of AI. Considering that the global AI market is predictedto grow to 190 billion USD already by 2025 and its applications to add 15,7 trillion USDto the global economy by 2030, the need to secure a share for Europe is palpable. To gain number one status the EU will have to overhaul China and the US. 

According to a OECD study, the private equity investment into Chinese AI start-ups increased eight-fold from 2016 to 2017. The Chinese government as well as the states and citieshave also unveiled several  multi-billion fundsto support AI projects, startups and academic research. According to Chinese estimates as much as 60 per centof the all global investment into AI from 2013 to 2018 has been Chinese. 

This boomin investment has given China the lead in absolute amounts of capital investment, but the EU has more cited patents, companies and start-ups than China. The new European Commission has proposed a planto pour 100 billion euro investment into AI – not far off from the Chinese figures. 

Investment, however, is far from the only resource on which AI research depends. The foundation of AI development is massive data sets ton which machine learning algorithms are trained. The larger the data sets, the more impressive the results. Consequently, without access to sufficient data no abundance of investment and technical talent can bear fruit. Access to data is also the aspect in which Chinese and European starting points are furthest apart – and where China has so far secured its lead over the EU in AI development.

Beijing has granted the Chinese tech giants exclusive access to its 700 million domestic users and, crucially, set next to no privacy rules to limit the use of their data. Moreover, China has chosen to closely linkthe private sector, public institutions and military AI development efforts to encourage further pooling of data and development of stronger cross-purpose applications. 

European firms, meanwhile, have to contend with much stricter regulations (GDPR) on collection and use of personal data. GDPR requires enterprises to minimize the amount of personal data they collect by design, and to only collect personal data for a specific purpose. In other words, as small data sets as possible and no experimenting with the already collected data for novel purposes – both anathemas to AI research. Moreover, GDPR also requires data processors to explain exactly how personal data is used in automated decision making, which is causing further trouble to European AI developers. Machine learning has been compared to a black box due to the complexity of its self-learned process to reach the solutions it offers. Consequently, AI engineers are often hard-pressedif at all able to explain exactly how their AI reaches its results, leaving them often unable to fully comply with GDPR. 

But there are signs that the rights-based approach could be EU’s greatest assets going forward. The key change is the arrival of a technical solution that allows robust AI development under a European style privacy regime. So-called federated AI learningranks on the top of such solutions. Unlike the traditional big data approach to AI development federated AI learning takes place on the user devices, so that only itsresultsare sent encrypted to the developer’s server. Personal data itself never leaves the personal device – avoiding the intrusion of privacy altogether. In 2019 this method allowed a French company Owkin to use highly sensitive health datain medical AI research in compliance with GDPR. 

With a solution for the privacy compliant AI development in fold, the advantages of strong data protection and commitment to privacy for the EU’s AI strategy can come to fore. The first advantage is in the reputation they attach to the European tech companies attempting to attract new users (and their data) in comparison to their Chinese competitors. The Chinese tech sector is currently hampered by a lack of trust by both consumers as well as foreign governments. Huawei is under pressurefor the alleged back doors left open for Chinese espionage in its 5G technology. African capitals were alarmed by the discovery of Chinese provided servers in African Union headquarters secretly diverting data to Shanghai. The Dutch discovery of 364 million Chinese social media records gathered by domestic Chinese surveillance available onlinerevealed flaws in the Chinese cybersecurity. Altogether, China’s track record is failing to convince the world of its intentions and capability to respect the privacy of people using their technology. Moreover, China is not exempt from the growing global distrustwith tech companies in general. 

Meanwhile, the continued commitment to user rights and privacy has provided the EU with a powerful counter narrative as as a safe and trustworthy destination for data. It is likely that the new domestic and foreign users choosing EU based services bring their data to the reach of European AI developers and help to catch up the lead China currently enjoys by the virtue of its vast domestic pool of data. 

The second advantage is the legal reforms that have followed across the globe in the EU’s example. Specifically, they have potential to counter Chinese infrastructure expansion in third-countries from redirecting more of the global data flows to and through China. While the Digital Silk Road component of China’s Belt and Road Initiative is bringing welcomed development and access to Chinese cloud computing and data storage services to the cash strapped states eager to connect faster to the digital world, at the same time they bring in ever more data to the reach of Chinese AI developers.  The array of projects is impressive. Huawei Marinehas already completed over eighty undersea cable projects in developing regions reaching from Africa to Southeast Asia and has dozens more under construction. Chinese data centers are being builtwith speed in North Africa. And while under pressure in the EU and US, Chinese 5G technology is being soldwith haste to Pakistan, India and countries in Southeast Asia. This puts China on a path of becoming the central transfer country of ever larger data flows and storage – further enhancing its edge in raw data available for its machine learning algorithms.

The counter-effect to this development could emerge from the legal reforms across the globe that have followed in the wake of the adoption of GDPR. In Asia-Pacific alone, nine countries have either completed or started data protection reformwith the European legislative model at their core. The reforms are motivated by the same privacy concerns as in Europe and GDPR is simply seen as the most sophisticated example of a solution. However, crucially, they are also motivated by access to the European digital market. GDPR sets restrictions on transfers of personal data to countries with lower data protection standards – restrictions which can be by-passed with alignment with the GDPR standards. The legal reforms have therefore potential to bring many digital economies closer to the EU’s, while raising fences towards China and others with no matching data protection and privacy laws. The reciprocal access to third countries would bring vast amounts of personal data from third countries to the reach of European developers – bridging the lead enjoyed by the Chinese developers. 

Finally, the success in building a trust based digital economy could lend the EU credibility in the expected international deliberationsfor the global governance for AI. As the success of any future governance framework hinges on the cooperation of China – the second largest economy and the second largest developer of AI –  finding common grounds is essential. European input and values that have proven their worth could appeal to China struggling with its trust deficit. As demonstrated by the recent plansby Huawei to sell-off all its lucrative 5G technology to a Western company in a bid to alleviate security and privacy concerns, Chinese companies recognize the need to drastically change their approach, or at least their image. 

The Chinese government has already given signs that it might be willing to adjust its privacy rules. In May 2019, the scientists and engineers of the state-backed Beijing Academy of Artificial Intelligence (BAAI) published Bejing AI Principles, which among other things called for “human privacy and freedom” to be respected in the development of AI. Over the summer the policy makers in Beijing have also reportedly been deliberatingChina’sfirst privacylaw – though its content still remains ambiguous. The time could be ripe for close cooperation with the EU’s approach. 

Defying the early predictions, the European choice to prioritize the privacy concerns of its citizens could prove to be the very key to its success in AI development. Moving forward, the EU should continue to leverage its values that are winning it a global reputation as the champion of the digizens home and abroad and be mindful to invest in technologies, such as federated AI learning, that play to its advantages. The EU should also bring data protection standards and privacy more into the free trade and cooperation agreements it negotiates as well as use its soft-power to support civil society organizations that advocate privacy around the world.

Ultimately, it could take its leading market share in AI through applications that fit the emerging global governance framework with privacy and data protection in its core. After all, it would not be the first time break-through applications in user distributed technologies, such as federated AI, would be developed in the EU. For example, the peer-to-peer technology underlying Skype and many other modern video call platforms was developed in Estonia. Perhaps, with steadfast commitment to advocating privacy and data protection and a bold investment plan, the EU can create an environment to reproduce many further successes.

Antti Tulonen is a LL.M. laureate from Maastricht University in International and European Law.