Please vote:
Some legal and tech experts in the country have called for caution in the deployment of Artificial Intelligence (AI) by businesses to avoid contravening data protection laws, which may lead to litigations and sanctions.
The experts stated this at the Investigations, Compliance, and Ethics(I.C.E) Summit organized by a law firm, Udo Udoma & Bello-Osagie in Lagos with the theme: ‘Responsible Business Practices for Accelerating the Development of Fair Markets’.
While noting that AI requires data to function, they added that training an AI with data acquired illegally would create problems for the business that is using it.
Specifically, the Head of the Legal Team at Branch, a digital lending company, Tolu Osindero, said a lot of businesses have been using data acquired illegally to train their AI models.
Emphasising that several legal issues may arise as a result of AI, she noted that OpenAI, the promoters of ChatGPT are currently facing two class actions relating to how they got access to data that was used to train the ChatGPT.
With advancements coming into AI by the day, several organisations including banks and fintechs are now deploying the technology to enhance customer service experience and marketing.
However, the experts say this could come with some risks as the customers are also becoming more aware of their data rights under the Nigeria Data Protection Act.
Getting data legally
While noting that the first hurdle a business seeking to deploy AI must cross is to get data legally, Osindero said:
“As a business that wants to deploy AI, the first question you ask is how to get access to data legally. A lot of us have had our data used without our consent, even without our knowledge just by using some search services and accepting the terms of use. And then when they train or improve their AI models, they use the data, which shouldn’t be.
“So, as a responsible company, the question is, yes, I want to deploy this AI system, where do I get access to data legally? Am I getting it from individuals, am I getting it from research companies or Am I getting it from a public database? And even if you’re getting from a public database, do they have the consent of the subjects to share this data with you or for you to use? These are very important questions to ask.”
Data protection laws and jurisdictions
Also speaking, a Partner at Udo Udoma & Bello-Osagie, Amina Ibrahim, said for businesses, especially, multinationals, knowing that data protection laws exist is not enough, they must look at the minute differences between the laws that exist in different jurisdictions.
“For example, in South Africa, personal information relating to the marital status of an individual is considered sensitive, but that is completely different in Nigeria. Another difference is the definition of a data subject being a corporate entity, while in Nigeria data subject is a natural person.
“So, when you when it comes to having a centralised data compliance governance structure, you have to not only have the knowledge of what the laws are, you have to look at the peculiarities and differences that exist from jurisdiction to jurisdiction so multinationals have to take that into consideration,” she said.
Expressing a similar view, the Lead, Programmes, Partnerships, and Policies at the National Information Technology Development Agency (NITDA), Bashira Hassan, said while it could quite challenging, it is important for businesses to keep abreast of the various laws in different jurisdictions where they operate and up with a compliance plan accordingly.
Other compliance issues
Outside data protection, other panellists at the session also discussed the need for Nigerian businesses, especially, financial institutions to be transparent regarding the issue of beneficial ownership in companies, by filing the right details with the Corporate Affairs Commission (CAC).
According to them, this would boost investor confidence and encourage foreigners to come and invest in Nigerian businesses.
Speaking on the objectives of the Summit, Partner at Udo Udoma & Bello-Osagie, Adeola Sunmola, said the annual Investigations, Compliance, and Ethics Summit is the firm’s way of giving back to the community in terms of capacity building and knowledge sharing.
Through the annual gathering, Sunmola said the message to the businesses has been that compliance should not be something on paper.
“It shouldn’t be a box-ticking exercise for institutions. compliance needs to be entrenched in the culture of every organisation so that it becomes part of their culture, and that their practices, processes and procedures are reflective of the importance of compliance to their day-to-day activities, she said.
According to her, the 2023 edition of the summit held for five years, was special because it coincided with the 40th Anniversary of the law firm.
