Conceptualization and design of public policy
Project conceptualization and design
1.Name or number of the
Project
X
PROJECT
Object of ethical evaluation
2.What is the issue you are trying to solve through this Project?
3.Have cases been explored in which AI or similar technologies have been used for the purposes established in your particular case?
4.What are the categories of affected people by the Project and the groups that it will seek to protect?
People or
vulnerable groups
X
VULNERABLE GROUPS
Vulnerable groups or fundamental protected groups are defined by the membership of people who share one or more of the following protected attributes: Children and the elderly (age), possession of a disability or physical or mental illness, gender (female), or gender reassignment, sexual orientation (LGTBIQ+), ethnic or racial origin, skin color, ancestry, national or immigrant status or other data related to the origin of the person (racial status), pregnant women, political, religious or philosophical beliefs or opinions, trade union membership, genetic, biometric or health information, property or material resources, socioeconomic status and social class (socioeconomic status), information about criminal convictions and infractions. This is not an exhaustive classification and must be adapted or modified, depending on each context.
.
Other group(s) that have the potential to be discriminated against by the Project (women, etc.).
Other.
5.Please complete the following sentence with one of the options given below: The issue for which the Project we are talking about has been designed
6.What type of AI technology will be used in this Project (choose from the list of options)?
Accountability
Responsibility and transparency
7.Which interested parties are NOT aware of the processing of personal data as part of the Project?
8.Does the Project have administrative channels for information and consultation on personal data to communicate with interested parties?
9.Which person or department assumes the
responsibility for results
X
RESPONSIBILITY FOR RESULTS
Decision-making/support systems, including those that use algorithmic and AI techniques, are not autonomous entities, but rather lack intentionality and will, and cannot be held responsible concerning social, ethical, or legal norms. Responsibility for these mechanisms falls, therefore, on that person or groups of people or organizations directly involved in the design, development, and implementation of the system and the Project that have carried out actions with specific intentions and significant consequences, especially when these consequences have negative effects on the life of other people. Algorithmic responsibility defines the relationship between the party responsible for the system and the party affected by it. Accountability refers to the assumption of this responsibility by a person, group, or organization. It refers to the obligation to recognize and accept the consequences of the operation of a system, as well as to repair and satisfy the affected people by it. It also refers to the responsibility to prevent and avoid possible undesirable consequences in the future.
of the decision-making/support system?
Explainability
10.Is it contemplated in the development process of your Project with AI to have a public explanation process on the automatic processing of personal data (module of
explainability
X
EXPLAINABILITY
The explainability of a decision-making system refers to the possibility that other people can understand it, through the information accessible about it, as well as its reproducibility. The European Parliamentary Research Service definite it as the availability of explanations about algorithmic decision systems.
)?
Consent and protection of personal data
11.Has compliance with national and international regulations on privacy, data protection, transparency, and intellectual property been confirmed, as well as specific sectoral regulations of the country where your decision-making/support system will be applied?
12.What personal data will be processed during the Project?
Personal data
X
PERSONAL DATA
); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
.
Social circumstances (such as property, hobbies, memberships in clubs or associations, etc.).
Other.
13.What is the source from which the
personal data
X
PERSONAL DATA
); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
of the Project's data subjects is obtained?
14.Has it been verified whether the institution that collects the personal data of the affected people and/or develops the Project has the legal powers to use, store and/or analyze the personal data?
15.Will affected people provide informed consent for their data to be used?
Yes, they will give their
informed consent
X
INFORMED CONSENT
Informed consent is the process by which participants voluntarily confirm their willingness to participate in a particular project, after being informed of all aspects of the project that are relevant to their decision to participate. For the consent to be informed, the interested party must know at least the identity of the data controller and the purposes of the processing for which the personal data is intended (Recital 42, GDPR). Conditions for consent: 1. When the processing is based on the consent of the data subject, the controller must be able to demonstrate that the data subject has given consent to the processing of personal data. 2. If the consent of the data subject is given in the context of a written statement that also refers to other matters, the request for consent shall be presented in such a way that it is clearly distinguished from the other matters, in an intelligible and easily accessible form and using clear and plain language. Any part of the declaration that constitutes an infringement of these Regulations will not be binding. 3. The data subject shall be entitled to withdraw their consent at any time. The withdrawal of consent will not affect the legality of the processing based on the consent before its withdrawal. Before giving their consent, the data subject will be informed of it. It will be as easy to withdraw consent as it is to give it. 4. When assessing whether consent has been freely given, account shall be taken to the greatest extent possible of whether, among other things, the execution of a contract, including the provision of a service, is made conditional on consent to the processing of personal data that is not necessary for the execution of said contract. (Article 7, GDPR).
(through duly documented means, whether written or verbal).
No, but there is another legal basis for processing this data in the applicable regulations: indicate which one (optional).
No.
Governance and security
Cybersecurity
16.Are any of these security standard measures not being considered?
Governance
17.Is the establishment of a specific governance structure or process for personal data management and Project results foreseen?
18.Has the Department/Institution/National Office in charge of the Project clearly defined the purpose of processing the personal data involved in the Project?
19.Which person/entity will be responsible for the use and processing of the data?
20.Have the necessary legal agreements (MOU, Contracts, etc.) been reached to fulfill the responsibilities for transferring/sharing information?
21.Are there mechanisms used by the Project coordinator to respond promptly to
ARCO requests
X
ARCO REQUESTS
ARCO rights can be defined as a series of rights of personal data subjects contemplated in the European General Data Protection Regulation (GDPR) and in various national regulations worldwide. They include the Right of Access, which implies the guarantee of the data subject to access their personal information in various circumstances, the Right to Rectification, which includes the potential modification of the data held by the controller or data processor at the request of the data subject in various circumstances (for example, the inaccuracy of the same), the Right to Cancellation (or Deletion), which allows the owner to request and obtain the blocking or deletion of personal data that is in the possession of the controller in various circumstances, and the Right to Oppose, which allows the owner to request and obtain from the file controller the cessation of the processing of their personal data in various scenarios.
from data subjects?
22.Has a change management plan been established to facilitate the successful implementation of technological transformation processes?
23.Are there third parties, such as cloud storage services or communication services, involved in the processing of personal data corresponding to the Project? If yes, are they national or international third parties?
AI life cycle
Data management
24.How will the possible bias of data collection be verified (related to problems such as representativeness of the sample and historical discrimination)?
Model development
25.Is the generation of
documentation
X
DOCUMENTATION
Algorithmic model documentation systems are used to clearly establish the intended use cases of machine learning models and minimize their use in contexts for which they are not appropriate. To this end, it is recommended to keep a structured record of the model variables indicated in the recommendation (primary and secondary objectives, training data, algorithm versions, etc.) together with documentation detailing their performance characteristics.
on the following elements of the algorithmic systems used being considered?: 1. system objectives, 2. data, 3. methodological approach, 4. description of the algorithm and 5. its performance evaluation parameters and errors.
Use and decision-making
26.How will possible bias or discrimination problems caused by the algorithm be checked?
27.Are there plans in the Project that monitor important performance metrics of the algorithm?
Social impact (Human-AI interaction)
Interaction with operators
28.Will the proposed system be a decision-making system or a decision support system?
29.Are the members of your Department/Institution/National Office that will adopt said technology aware of the risks arising from its use?
30.Have officials worked before with this type of decision-making/support system technology (AI or ICT)?
31.Will the use of the decision-making/support system have a significant impact on the daily tasks of the officials?
32.Have the officials and affected people who use the technology (AI or ICT) and/or the decision-making/support system received specific training (whether one-off or ongoing) for this purpose?
Interaction with affected people
33.Will communication campaigns be carried out that explain the use, scope, and risk mitigation measures for the decision-making/support systems (AI or ICT) aimed at the affected people by the Project and/or the general public?