Unit 4

Privacy
Information System Ethics
Hempal Shrestha
Tech-Know-Legal & Knowledge Management Specialist
Visiting Faculty - Kathmandu University 2023
Objectives
1. What is the right of privacy, and what is the basis
for protecting personal privacy under the law?
2. What are some of the laws that provide protection
for the privacy of personal data, and what are
some of the associated ethical issues?
3. What is identity theft, and what techniques do
identity thieves use?
Objectives…
5. What are the various strategies for consumer profiling,
and what are the associated ethical issues?
6. What must organizations do to treat consumer data
responsibly?
7. Why and how are employers increasingly using
workplace monitoring?
8. What are the capabilities of advanced surveillance
technologies, and what ethical issues do they raise?
Unit -04 - Outline
4.1. Privacy, Protection and the Law
4.2. Information Privacy
4.3. Privacy, Laws, Applications, and Court
Rulings
4.4. General Data Protection Regulation (GDPR)
4.5. Nepal Cyber Security Policy
Unit -04 - Outline…
4.6. Key Privacy and Anonymity Issues
4.7. Privacy and biases in Artificial Intelligence/Machine Learning
4.8. Differential Privacy
4.9. Data Breaches
4.10. Electronic Discovery
4.11. Consumer Profiling
4.12 Workplace Monitoring
4.13. Advanced Surveillance Technology
 Privacy,
Protection and the
Law
Questions - Privacy Protection and the Law
● Why do we need Privacy?
● Why do we need to Protect Privacy?
● Who do you think is responsible for Protecting
the Privacy?
● What are the laws and what is their
relationship for Privacy Protection?
Privacy Protection and the Law
● “Privacy is the claim of individuals, groups or
institutions to determine for themselves when,
how, and to what extent information about
them is communicated to others”
● Privacy is not an absolute
Privacy as a Process
● “Each individual is continually engaged in a
personal adjustment process in which he
balances the desire for privacy with the desire
for disclosure and communication….”

- Alan Westin, 1967

Westin’s four states of privacy
Solitude
individual separated from the group and freed from the observation of other persons
Intimacy
individual is part of a small unit
Anonymity
individual in public but still seeks and finds freedom from identification and
surveillance
Reserve
the creation of a psychological barrier against unwanted intrusion - holding back
communication
Privacy Protection and the Law
● Because the Systems collect and store key data from
every interaction with customers to make better
decisions
● Many object to data collection policies of government
and business
● Privacy
○ Key concern of Internet users
○ Top reason why nonusers still avoid the Internet
Privacy Protection and the Law
Thus, Reasonable limits must be set from the Legal
aspects:
1. Protection from unreasonable intrusion upon one’s
isolation
2. Protection from appropriation of one’s name or
likeness
3. Protection from unreasonable publicity given to one’s
private life
4. Protection from publicity that unreasonably places one
in a false light before the public.
Information
Privacy
Information Paradox
● The information we have is not what
we want,
● The information we want is not the
information we need,
● The information we need is not
available.
Questions - Information Privacy
● What do you think Information Privacy Means?
● What are the foundational understanding of
Privacy and what is their relationship for
Information Privacy laws?
Information Privacy
● Right to Privacy
○ “The right to be left alone—the most
comprehensive of rights, and the right most
valued by a free people”
Information Privacy is a Combination of:
● Communications privacy
○ Ability to communicate with others without those
communications being monitored by other persons
or organizations
● Data privacy
○ Ability to limit access to one’s personal data by
other individuals and organizations in order to
exercise a substantial degree of control over that
data and its use
 Privacy, Laws,
Applications, and
Court Rulings
(Nepal)
Nepal - Privacy Laws, Applications, & Court Rulings

0. Key acts, regulations, directives, bills:

1. Currently, Nepal does not have unified data
protection legislation.
2. Data protection and privacy matters in Nepal
are governed by a number of different laws.
Nepal - Privacy Laws, Applications, & Court Rulings

The following are the prevailing laws in Nepal regulating

privacy-related issues:
1. The Constitution on Nepal;
2. The Privacy Act 2075 ;
3. The Privacy Regulation 2077 ;
4. The Data Act 2079 ;
5. The Civil Code 2074 ;
6. The Criminal Code 2074 ; and
7. ….some case laws…
Nepal - Privacy Laws, Applications, & Court Rulings

0. Key acts, regulations, directives, bills:

3. In the absence of a specific data protection
legislation, the Privacy Act, Privacy
Regulation, and the Data Act will govern all
aspects of data protection and privacy in
Nepal.
1. The Constitution of Nepal
Article 28 of the Constitution of Nepal ensures right to privacy
and protection of personal information as a matter of
fundamental right. It attempts to ensure;
a) the constitutional right to privacy of the matter relating
to body, residence, property, document, data,
correspondence and character of every person,
b) manage the safe use and protection of personal
information remained in any public body or institution
and
1. The Constitution of Nepal
Article 28 of the Constitution of Nepal …. It attempts
to;
c) to prevent encroachment on the privacy of
every person,
i) the Individual Privacy Act, 2075 (“The
Act”) and
ii) the Individual Privacy Regulation, 2077
(“The Regulation”) were enacted.
2. Privacy Act
The Individual Privacy Act 2075 (2018) ('the
Privacy Act') enacted to implement and
safeguard the fundamental right to privacy
guaranteed by the Constitution of Nepal.
2. Privacy Act
The Privacy Act 2075 is applicable during collection,
storage, processing, use, analysis and preservation of
personal information of any individual residing in Nepal or
individuals located in Nepal.
● However, the Act is silent on extraterritorial
applicability and is unclear on whether it is applicable
on foreign entities not having physical presence in
Nepal.
3. Privacy Regulation
The Individual Privacy Regulation 2077 (2020)
('Privacy Regulation'), framed there under along
with the Data Act are regarded as the primary
data protection legislation.
4. Data Act
● On 13 September 2022, the Data Act 2079 (2022)
('the Data Act'), which came into force on 13
October 2022 was promulgated with an aim to
consolidate laws relating to data collection as
well as to make the task of production,
processing, storage, publication, and
distribution of data more reliable, systematic,
and in a timely fashion.
4. Data Act
● The Data Act fell short of expectations to
provide clarity on data protection related
matters and to include comprehensive
provisions relating to data collection,
processing, storage, and publication thereof
as well as privacy related issues.
5. National Civil Code 2074 (2017)
The National Civil Code 2074 (2017) ('the Civil Code')
contain general provisions relating to privacy and data
protection.
● Section 20. Guarantee of freedoms and rights: (2)
Every citizen shall, subject to law, have the following
freedoms and rights: (k) To protect or maintain privacy
of his or her body, residence, property, document,
correspondence or information.
5. National Civil Code 2074 (2017)
● Section 21. Right to privacy deemed to be violated: (1) If any
person commits, save in accordance with law, any of the following
acts without obtaining consent of the concerned person, he or
she shall be deemed to have violated the right to privacy:
a) Entry into any person’s residence,
b) Opening a person's correspondence or using it, taping or
recording or listening the discourse, speech, sound through
the medium of telephone or other technology,
c) Watching, publishing, broadcasting or disseminating
activities, behaviors of personal life of a person,
5. National Civil Code 2074 (2017)
● Section 21. Right to privacy deemed to be violated: …
d) Taking figure or photograph of a person,
e) Imitating other's name, figure, photograph, sound
and making the same public.
2. Notwithstanding anything contained in clause (d) or (e)
of sub-section (1), if a person commits any act referred to
in the said clauses for literary or artistic purpose or
public interest, the right to privacy shall not be deemed
to have been violated.
6. National Criminal Code 2074 (2017)
The provisions (Part-3 - Offences against Individual Privacy and
Prestige Chapter-1) related to privacy and data protection are
incorporated in the Muluki Criminal Code, 2074. The Act (Muluki Ain)
prohibits various conducts such as
○ listening to or recording other’s conversation (Section 293),
○ divulging confidential matter (Section 294),
○ taking photograph of any person without his/her consent
(Section 295),
○ giving or selling one’s photograph to another without consent
(Section 296),
6. National Criminal Code 2074 (2017)
○ opening letters or tapping conversation (Section 297),
○ breaching privacy through electronic means (Section 298),
○ deceitfully making telephone calls or transmitting messages
(Section 299),
○ writing letters with dishonest intention of causing annoyance
(Section 300),
○ unauthorized search of bodies or belongings of person
(Section 301), and
○ unauthorized entry into other's residence (Section 302).
7. IT Bill
The Government of Nepal has tabled a Bill relating to
information technology, Information Technology
Bill 2075 (2019) ('IT Bill'). The IT Bill currently under
the discussion contains provisions relating to
privacy, confidentiality, and security of information
or data maintained in electronic form. Provisions of
the IT Bill, however, are subject to revision before its
enforcement as a law.
Case law
Sapana Pradhan Malla v. Office of the Prime Minister
and Council of Ministers et. al. [N.K.P. 2064, 1208]:
The Supreme Court held that the right to privacy
guaranteed by the Constitution must be protected. An
exception to this general principle is that information
relating to a person may be shared with third parties only
in cases where prior consent from the concerned
person has been obtained.
Case law
Baburam Aryal v. The Government of Nepal [N.K.P. 2074, 25]:
The Supreme Court laid down that the right to privacy guaranteed by the
Constitution is a fundamental right that may not be violated by the State or third
parties. The Supreme Court further ruled that under the right to privacy, matters
relating to a person's body, residence, property, documentation, data,
communications, and character are inviolable, except as permitted by the
law. An organisation or department that collects information and has
undertaken the responsibility of such information must not use such
information at its discretion. Instead, such an organisation or department
must protect such a 'data bank' of information at any cost. The Supreme Court
further laid down that such an organisation or department must not allow
unauthorised access to such a data bank, even as an exception in the absence
of a clear legal basis.
Case law
Roshani Poudel et. al. v. Office of the Prime Minister and Council
of Ministers et. al. [N.K.P. 2077, 1232]:
It is imperative to ensure the right to privacy to protect people from
discrimination and condemnation. Disclosure of personal
information of a person or a citizen, except for the specific and legal
purpose, violates the right against exploitation of the person or
citizen, the right against violence, the right to privacy, the right to live
with dignity and the established jurisprudence that govern the right to
non-discrimination on the basis of health as well as international laws,
the Constitution, the Preamble and Section 3 and 7 of the Privacy Act.
 Nepal Cyber
Security Policies
in Nepal
Nepal Cyber Security Policy
1. A cybersecurity policy defines and documents
an organization's statement of intent,
principles and approaches to ensure
effective management of cybersecurity risks in
pursuit of its strategic objectives.
Nepal Cyber Security Policies.
Some of the old-school (popular cyber related) laws in Nepal are/were:

1. Jashoosi Ain 2018 B.S. (Detective Act)

2. Patent, design ra trademark Ain 2022 B.S. (Patent, Design and Trademark Act)
3. Chalchitra Act 2026 B.S. (Film Act)
4. Likhathauko Gopayiyata Sambandhi Ain 2039 B.S. (Document Privacy Act)
5. Chaphakhanna tatha Prakashan Sambhandhi Ain 2048 B.S. (Press and Publication
Act)
6. Nepal Press Council Ain 2048 B.S. (Nepal Press Council Act)
7. Rastriya Prasaran Ain 2049 B.S. (National Transmission Act)
8. Sharamjibhi Patrakar Ain 2051 B.S. (Journalists Act)
9. Pratilipi Aadhikar Ain 2059 B.S. (Copyright Act)
Nepal Cyber Security Policies…
1. The modern ICT started with the Telecommunications act of 1997
and the telecommunication Regulation of 1997.
2. Information Technology Policy, 2057 (2000) · Vision. "To place
Nepal on the global map of information technology within the next
five years."
3. Before 2004: Public Offense Act (cybercrimes were dealt with
minimal success)
4. 2004: Electronic Transaction Ordinance (also known as Cyber
Law)
5. 2006: Electronic Transaction Act (2063 BS)
6. 2008: Electronic Transaction Act (2065 BS with amendment)
 Nepal Cyber Security Policies…
7. Revised - IT Policy 2010 (tool for social and financial
development)
8. Draft - Broadband Policy (2014) - NTA
9. 2015: Information and Communication Technology
Policy, 2015
10. Draft - National Cybersecurity Policy, (2016) - NTA
(https://nta.gov.np/wp-content/uploads/2018/05/Nepal-Cybersecurity-Policy-Draft.pdf )

11. Digital Nepal Framework 2019

12. Draft - राि ष्ट्रिय साइबर सरुक्षा नी त, २०७८ - Nepal
Cybersecurity Policy 2021
Nepal’s Position in Cyber Security Policy
1. Nepal ranks 94th in the Global Cyber Security
Index which uses five pillars for the ranking of
security, namely, legal, organizational, capacity
development, and cooperation.
○ 105thNational Cyber Security Index
○ 94th Global Cybersecurity Index
○ 140thICT Development Index
○ 115th Networked Readiness Index
Institutions for Nepal Cyber Security Policy
1. Ministry of Communication and Information
Technology (2049 BS, but MoSTE 2017AD)
2. DoIT (Department of Information Technology) (2069
BS)
3. OCC (Office of Controller of Certification) (2063 BS)
4. NITC (National Information Technology Center) (2001
AD)
5. Nepal Telecommunication Authority (Feb 1998)
Nepal Cyber Security Policy
1. Hmmm….
2. There was a meeting in the ministry last week as
well to draft the findings and outcome of the
Cybersecurity issue of DDoS attack. … It is
expected that some new draft will be circulated in
the communication media soon.
3. Also, MoCIT has called for open consultation for
the Revised IT Bill (2018/2023)
Comparative US-
Privacy, Laws,
Applications, and
Court Rulings
(USA)
US Privacy Laws, Applications, & Court Rulings
● US Legislative acts passed over the past 40 years
○ Most address invasion of privacy by the government
○ No protection of data privacy abuses by corporations
○ No single, overarching national data privacy policy
■ Communications Act of 1934
■ Freedom of Information Act (FOIA)
■ Fair Credit Reporting Act of 1970
■ Privacy Act of 1974
■ Children’s Online Protection Act (COPA)
■ European Community Directive 95/46/EC of 1998
■ Gramm-Leach-Bliley Act
US Privacy Laws, Applications, & Court Rulings…
● Electronic Surveillance
○ Communications Act of 1934
■ Established the Federal Communications Commission
■ Regulates all non-federal-government use of radio and
television
○ Title III of the Omnibus Crime Control and Safe Streets Act
(Wiretap Act)
■ Regulates the interception of wire (telephone) and oral
communications
○ Foreign Intelligence Surveillance Act (FISA) of 1978
■ Monitors communications between foreign powers
Privacy Laws, Applications, & Court Rulings…
● Access to Government Records
○ Freedom of Information Act (FOIA) (1966 amended 1974)
■ Grants citizens the right to access certain information
and records of the federal government upon request
■ Exemptions bar disclosure of information that could:
● Compromise national security
● Interfere with active law enforcement investigation
○ The Privacy Act of 1974
■ Prohibits government agencies from concealing the
existence of personal data record-keeping system
US Privacy Laws, Applications, & Court Rulings
● Financial data
○ Fair Credit Reporting Act of 1970
■ Regulates operations of credit-reporting
bureaus
○ Gramm-Leach-Bliley Act (GLBA)
■ Bank deregulation that allowed banks to
merge
■ Three key rules affecting personal privacy
US Privacy Laws, Applications, & Court Rulings…
● Export of personal data
○ Organisation for Economic Co-operation and
Development Fair Information Practices (1980)
■ Fair Information Practices
● Set of eight principles
● Model of ethical treatment of consumer data
○ European Union Data Protection Directive
■ Requires implementing set of privacy directives on
the fair and appropriate use of information
● Set of seven principles for data privacy
US Privacy Laws, Applications, & Court Rulings…
● Foreign Intelligence Surveillance Amendments Act
○ Implemented legal protections for electronic
communications service providers
● Electronic Communications Privacy Act of 1986 (ECPA)
○ Protects communications in transfer from sender to
receiver
○ Protects communications held in electronic storage
○ Prohibits recording dialing, routing, addressing, and
signaling information without a search warrant
US Privacy Laws, Applications, & Court Rulings…
● Communications Assistance for Law Enforcement Act
(CALEA) 1994
○ Amended both the Wiretap Act and ECPA
○ Required the telecommunications industry to build tools
into its products so federal investigators could:
■ Eavesdrop and intercept electronic communications
○ Covered emerging technologies, such as:
■ Wireless modems
■ Radio-based electronic mail
■ Cellular data networks
US Privacy Laws, Applications, & Court Rulings…
● Health Information
○ Health Insurance Portability and Accountability Act of
1996 (HIPAA)
■ Improves the portability and continuity of health insurance
coverage
■ Reduces fraud, waste, and abuse
■ Simplifies the administration of health insurance
● Children’s Personal Data
○ Children’s Online Privacy Protection Act (1998)
■ Must notify parents or guardians about its data-collection
practices and receive parental consent
US Privacy Laws, Applications, & Court Rulings…
● USA PATRIOT Act (Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct
Terrorism) 2001
○ Increased ability of law enforcement agencies to search
telephone, e-mail, medical, financial, and other records
○ Eased restrictions on foreign intelligence gathering in the
United States
○ Relaxed requirements for National Security Letters (NSLs)
○ “Sunset” provisions designated by Congress
 General Data
Protection
Regulation (GDPR)
General Data Protection Regulation (GDPR)
● The GDPR was adopted on 14 April 2016 and
became enforceable beginning 25 May 2018.
● As the GDPR is a regulation, not a directive, it is
directly binding and applicable, and provides
flexibility for certain aspects of the regulation to be
adjusted by individual member states.
General Data Protection Regulation (GDPR)
● The General Data Protection Regulation
(2016/679, "GDPR") is a Regulation in EU law on
data protection and privacy in the EU and the
European Economic Area (EEA).
● The GDPR is an important component of EU
privacy law and of human rights law, in particular
Article 8(1) of the Charter of Fundamental Rights
of the European Union.
General Data Protection Regulation (GDPR)
● It also addresses the transfer of personal
data outside the EU and EEA areas.
● The GDPR's primary aim is to enhance
individuals' control and rights over their
personal data and to simplify the regulatory
environment for international business.
General Data Protection Regulation (GDPR)
● The regulation contains provisions and
requirements related to the processing of
personal data of individuals, formally called "data
subjects", who are located in the EEA, and
applies to any enterprise—regardless of its
location and the data subjects' citizenship or
residence—that is processing the personal
information of individuals inside the EEA.
General Data Protection Regulation (GDPR)
1. The GDPR 2016 has eleven chapters,
1.1. concerning general provisions,
1.2. principles,
1.3. rights of the data subject,
1.4. duties of data controllers or processors,
1.5. transfers of personal data to third countries,
1.6. supervisory authorities,
1.7. cooperation among member states,
1.8. remedies, liability or penalties for breach of rights, and
1.9. miscellaneous final provisions.
For Detailed Stude: https://gdpr-info.eu/
General Data Protection Regulation (GDPR)
● For severe violations, listed in Art. 83(5)
GDPR, the fine framework can be up to 20
million euros, or in the case of an
undertaking, up to 4 % of their total global
turnover of the preceding fiscal year,
whichever is higher.
 Key Privacy and
Anonymity Issues
Key Privacy and Anonymity Issues
● Identity theft = Data Breach
● Consumer profiling
● Treating customer data responsibly
● Workplace monitoring
● Advanced surveillance technology
● Government electronic surveillance
 1.
Identity Theft
=
Data Breach
Identity Theft
● Theft of key pieces of personal information to impersonate a
person
● Information includes:
○ Name
○ Address
○ Date of birth
○ Social Security number
○ Passport number
○ Driver’s license number
○ Mother’s maiden name
Identity Theft…
● Fastest growing form of fraud across the world.
● Consumers and organizations are becoming more
vigilant and proactive in fighting identity theft
● Four approaches used by identity thieves
○ Create a data breach
○ Purchase personal data from criminals
○ Use phishing to entice users to give up data
○ Install spyware to capture keystrokes of victims
Identity Theft…
● Data breaches of large databases
○ To gain personal identity information
○ May be caused by:
■ Hackers
■ Failure to follow proper security procedures
● Purchase of personal data
○ Black market for:
■ Credit card numbers in bulk—$.40 each
■ Logon name and PIN for bank account—$10
■ Identity information—including DOB, address, SSN, and
telephone number—$15
Identity Theft…
● Phishing
○ Stealing personal identity data by tricking users into entering
information on a counterfeit Website
● Spyware
○ Keystroke-logging software
○ Enables the capture of:
■ Account usernames
■ Passwords
■ Credit card numbers
■ Other sensitive information
○ Operates even if infected computer is not online
Identity Theft…
● In 2020, a hacker named Narapichas leaked more
than 1,70,000 users’ data including customers’
emails, phone numbers, and addresses by
hacking into Vianet Communication. Similarly,
earlier that year, a hacker named Mr. Mugger
hacked FoodMandu and made public the name,
email addresses, and phone numbers of 50,000
users.
 2.
Consumer
Profiling
Consumer Profiling
● Companies openly collect personal information about
Internet users
● Cookies
○ Text files that a Web site can download to visitors’
hard drives so that it can identify visitors later
● Tracking software analyzes browsing habits
● Similar controversial methods are used outside the
Web environment
Consumer Profiling…
● Aggregating consumer data
○ Databases contain a huge amount of consumer behavioral
data
○ Affiliated Websites are served by a single advertising network
● Collecting data from Web site visits
○ Customized service for each consumer
○ Types of data collected
■ GET data
■ POST data
■ Click-stream data
Consumer Profiling…
● Four ways to limit or stop the deposit of cookies
on hard drives
○ Set the browser to limit or stop cookies
○ Manually delete them from the hard drive
○ Download and install a cookie-management
program
○ Use anonymous browsing programs that don’t
accept cookies
Consumer Profiling…
● Personalization software
○ Used by marketers to optimize the number, frequency, and
mixture of their ad placements
■ Rules-based
■ Collaborative filtering
■ Demographic filtering
■ Contextual commerce
● Consumer data privacy
○ Platform for Privacy Preferences (P3P)
■ Shields users from sites that don’t provide the level of
privacy protection desired
 3.
Treating customer
data responsibly
Treating Consumer Data Responsibly
Treating Consumer Data Responsibly
● Strong measures are required to avoid customer
relationship problems
● Companies should adopt:
○ Fair Information Practices
○ 1980 OECD privacy guidelines
● Chief privacy officer (CPO)
○ Executive to oversee data privacy policies and
initiatives
Fair Information Practices
Chief privacy officers
● Companies are increasingly appointing CPOs to have a central
point of contact for privacy concerns
● Role of CPO varies in each company
○ Draft privacy policy
○ Respond to customer concerns
○ Educate employees about company privacy policy
○ Review new products and services for compliance with privacy
policy
○ Develop new initiatives to keep company out front on privacy
issue
○ Monitor pending privacy legislation
Other initiatives (Seal programs)

● TRUSTe – http://www.truste.org
● BBBOnline – http://www.bbbonline.org
● CPA WebTrust – http://www.cpawebtrust.org/
● Japanese Privacy Mark http://privacymark.org/
US Privacy Laws, Applications, & Court Rulings…
● BBBOnLine and TRUSTe
○ Independent initiatives that favor an
industry-regulated approach to data privacy
○ Provide BBBOnLine reliability seal or a TRUSTe
data privacy seal
○ Seals
■ Increase consumer confidence in site
■ Help users make more informed decisions
about whether to release personal information
Opt-Out Vs Opt-In Policy:
● Opt-out policy
○ Assumes that consumers approve of companies
collecting and storing their personal information
○ Requires consumers to actively opt out
○ Favored by data collectors
● Opt-in policy
○ Must obtain specific permission from consumers
before collecting any data
○ Favored by consumers
 4.
Workplace
Monitoring
Workplace Monitoring
● Employers monitor workers
○ Ensure that corporate IT usage policy is followed
● Fourth Amendment cannot be used to limit how a
private employer treats its employees
○ Public-sector employees have far greater privacy
rights than in the private industry
● Privacy advocates want federal legislation
○ To keep employers from infringing upon privacy
rights of employees
 5.
Advanced
Surveillance
Technology
Advanced Surveillance Technology
● Camera surveillance
○ U.S. cities plan to expand surveillance systems
○ “Smart surveillance system”
● Facial recognition software
○ Identifies criminal suspects and other undesirable
characters
○ Yields mixed results
● Global positioning system (GPS) chips
○ Placed in many devices
○ Precisely locate users
 6.
Privacy and biases
in Artificial
Intelligence/
Machine Learning
Privacy and biases in Artificial Intelligence/
Machine Learning

Privacy and biases are two important ethical

considerations when it comes to the development
and use of Artificial Intelligence (AI) and Machine
Learning (ML) systems.
Privacy in AI/ ML
1. Privacy: AI and ML systems often process large amounts of
personal data. It is essential to ensure that this data is
protected and used ethically, in compliance with relevant
privacy regulations.
2. Data Privacy: AI and ML systems often rely on personal
data to train and improve their algorithms. This data can
include sensitive information such as health data, financial
information, and biometric data. Privacy concerns arise
when this data is collected, stored, and used without the
knowledge or consent of the individuals involved.
Privacy in AI/ ML
3. Surveillance: AI and ML systems can be used for
surveillance purposes, such as facial recognition,
tracking, and monitoring. These systems can
potentially infringe on individual privacy and civil
liberties, leading to concerns about the balance
between security and privacy.
4. Data Breaches: AI and ML systems are vulnerable to
data breaches and cyber attacks, which can result in
the exposure of sensitive personal data.
Biases in AI/ ML
1. Data Bias: AI and ML systems are only as good as the data
they are trained on. If the data is biased or incomplete, the
system will produce biased or incomplete results, which can
lead to unfair or discriminatory outcomes.
2. Algorithmic Bias: Bias can be introduced into AI and ML
systems through the algorithms themselves. This can
happen if the algorithms are based on assumptions or
stereotypes that are biased, or if they are not designed to
account for certain factors that may be relevant to the
decision-making process.
Biases in AI/ ML

3. Human Bias: AI and ML systems can also

reflect human biases, which may be
introduced by the individuals who design,
implement, and use the systems. These
biases can be conscious or unconscious, and
can lead to discriminatory outcomes.
Ethical Issues in AI/ML
There are several practices and issues to consider when
it comes to ethical dilemmas for using AI and ML. Some of
these include:
1. Transparency: It is important that the decision-making
process of AI and ML systems is transparent and
explainable. Users should be able to understand how
the system reached its conclusions and why certain
decisions were made.
Ethical Issues in AI/ML

2. Accountability: AI and ML systems must be

accountable for their actions. This means that
they should be held responsible for any harm
caused by their decisions or actions, and there
should be a clear framework for resolving
disputes or complaints.
Ethical Issues in AI/ML

3. Human oversight: It is essential to have

human oversight in the development,
deployment, and use of AI and ML systems.
This can help to ensure that the system is
used ethically and that its outcomes are fair
and just.
Ethical Issues in AI/ML

4. Fairness: AI and ML systems must be

designed and trained to be fair and unbiased,
and to avoid creating or perpetuating
discrimination or inequalities.
Ethical Issues in AI/ML
5. Security: AI and ML systems must be designed
with security in mind, to protect against
cyber-attacks or other forms of malicious activity
that could compromise the integrity of the system.
Thus, it is essential to approach the development and
use of AI and ML systems with a strong ethical
framework, taking into account the potential risks and
implications of these powerful technologies.
 7.
Differential
Privacy
“Differential privacy is a formal mathematical
definition of Privacy.”
Differential Privacy

1. Differential privacy is a mathematical

framework for ensuring the privacy of
individuals in datasets. It can provide a strong
guarantee of privacy by allowing data to be
analyzed without revealing sensitive
information about any individual in the dataset.
Differential Privacy

1. Differential privacy is a modernized approach

of cybersecurity where proponents claim to
protect personal data far better than traditional
methods.
Differential Privacy
Differential Privacy
 8.
Electronic
Discovery
Electronic Discovery
1. Discovery is part of the pretrial phase of a lawsuit
in which each party can obtain evidence from the
other party by various means, including requests
for the production of documents.
2. Electronic discovery (e-discovery) is the
collection, preparation, review, and production of
electronically stored information for use in
criminal and civil actions and proceedings.
Electronic Discovery
1. The purpose of discovery is to ensure that all
parties will go to trial with as much knowledge
as possible.
2. Through the e-discovery process, it is quite
likely that various forms of ESI of a private or
personal nature (e.g., personal emails) will be
disclosed.
Electronic Discovery
1. E-discovery raises many ethical issues:
Should an organization ever attempt to
destroy or conceal incriminating evidence that
could otherwise be revealed during discovery?
 So the

Summary
Summary
● Laws, technical solutions, and privacy policies are required
to balance needs of business against rights of consumers
● A number of laws have been enacted in Nepal and over the
past 40 years inUS that affect a person’s privacy
● Identity theft is fastest-growing form of fraud
● Websites collect personal data about visitors
● Consumer data privacy has become a major marketing
issue
Summary…
● Code of Fair Information Practices and 1980
OECD privacy guidelines
● Advances in information technology
○ Surveillance cameras
○ Facial recognition software
○ GPS systems