The Astana International Financial Centre (the “AIFC”) prepared the Guidance on Data Protection and Artificial Intelligence (“AI”) in the AIFC (the “Guidance”) based on the AIFC's Data Protection Regulations No. 10 of 2017 (the “Data Protection Regulations”) and Data Protection Rules No. 1 of 2018 (the “Data Protection Rules”). The Guidance is applied for providing information on the Provisions and the Data Protection Rules as well as considering the issues of the AI use in the AIFC. Please note that the Guidance is not legally binding.
This review is intended for presenting the key provisions of the Guidance and their importance for the companies operating within the AIFC. The Guidance defines the key aspects to be accepted to guarantee the maximally safe data use in the AI context.
Personal data and sensitive personal data
The Guidance focuses on the need to protect personal data defined as “any data referring to an identifiable natural person”. Sensitive personal data include information about racial and ethnic origin, political and religious creed, health, biometry and other categories requiring special protection.
AI strategy
According to the provisions of the Guidance, entities are required to develop the AI strategy to demonstrate the commitment of the top management of companies to ethical and responsible use of AI. The strategy may:
- Define AI functions in the entity;
- Establish ethical principles for acquiring, implementing and using AI-based solutions;
- Define unacceptable uses of AI;
- Develop AI tools to facilitate implementation of management measures;
- Set up internal policies and procedures for AI;
- Secure technical infrastructure for legal, responsible and high-quality implementation and use of AI;
- Communicate the issues of the AI strategy, policies and procedures to the employees and stakeholders on a regular basis;
- Consider new legal and regulatory developments applicable to AI.
Download our Law Alert to learn more.