FPF at Singapore PDP Week 2023: Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific
Authors: Cheng Kit Pang, Elena Guañuna, Alistair Simmons, and Matthew Rostick
Cheng Kit Pang, Elena Guañuna, Alistair Simmons, and Matthew Rostick are FPF Global Privacy Interns.
From July 18 to July 21, 2023, the Personal Data Protection Commission (PDPC) of Singapore held its annual Personal Data Protection Week (PDP Week), which overlapped with the IAPP’s Asia Privacy Forum 2023.
The Future of Privacy Forum (FPF)’s flagship event during PDP Week was a roundtable on the governance implications of generative AI systems in the Asia-Pacific (APAC) region. In organizing this event together with the PDPC, FPF brought together over 80 participants from industry, academia, the legal sector, and international organizations, as well as regulators from across the APAC region, Africa, and the Middle East.
FPF Roundtable on Governance of Generative AI Systems in APAC
On July 21, FPF organized a high-level closed-door roundtable, titled “Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific.” The roundtable explored the issues raised by applications of existing and emerging AI governance frameworks in APAC to generative AI systems.
Dominic Paulger (Policy Manager, FPF APAC) kicked off the roundtable with a presentation on the existing governance and regulatory frameworks that apply to generative AI systems in the APAC region. The presentation highlighted that to date, most major APAC jurisdictions have opted for “soft law” approaches to AI governance, such as developing ethical frameworks and voluntary governance frameworks, rather than “hard law” approaches, such as enacting binding regulations. However, the presentation also explained that China is an exception to this rule and has been active in enacting regulations targeting specific AI technologies, such as deep synthesis technologies and most recently, generative AI. In addition, even if they do not specifically target Generative AI, the comprehensive data protection laws enacted in most jurisdictions in the region are also applicable to how these types of computer programs are trained and generally process personal data.
The presentation was followed by three hours of discussion, facilitated by Josh Lee Kok Thong (Managing Director, FPF APAC). The discussions were first initiated by firestarters from industry, regulators, and academia:
- Denise Wong (Deputy Commissioner, PDPC);
- Jeth Lee (Chief Legal Officer, Microsoft Singapore);
- Angela Xu (Senior Privacy Counsel, APAC Head, Google);
- Leandro Angelo Y. Aguirre (Deputy Commissioner, National Privacy Commission, Philippines);
- Vincenzo Tiani (Partner, Panetta & Associati, Brussels);
- Arianne Jimenez (Head of Privacy and Data Policy, Engagement, Meta); ; and
- Jason Allen Grant (Director, Centre for AI & Data Governance, and Associate Professor of Law at Singapore Management University Yong Pung How School of Law).
Turning to the wider roundtable discussion, participants highlighted the fast pace of developments in generative AI technology and hence, the importance of adopting an agile and future-proof approach to governance. Participants also identified that compared with other forms of AI technology, generative AI systems were more likely to raise challenges in addressing unseen bias in very large, unstructured data sets and “hallucinations” (generated output that is grammatically accurate but nonsensical or factually inaccurate).
To address these issues, participants highlighted the importance of developing standards and metrics for evaluating the safety of generative AI systems and for measuring the effectiveness of achieving desired outcomes. Participants also called for efforts to educate users on generative AI systems, including the capabilities, limits, and risks of these technologies.
Regarding regulation of generative AI, participants were generally in favor of an incremental approach to the development of governance principles for generative AI systems in the region – allowing actors in the AI value chain to explore ways to operationalize existing AI principles and apply existing governance frameworks to the technology – rather than enacting “hard law” regulations.
Participants also agreed on the need for AI governance principles to account for the three basic layers of the AI technology stack as different policy considerations apply at each of these levels, namely:
- The infrastructure layer, which includes the computing hardware, such as central processing units (CPUs) and graphics processing units (GPUs), that is used to train models and the data centers where this hardware is housed;
- The model layer, which includes the training and operation of generative AI models like Bard, GPT, LLaMa, Stable Diffusion, and so on; and
- The application layer, which includes software applications built on top of generative AI models and the different use cases in which these applications are deployed.
Several participants also raised that at the ecosystem level, it would be important for stakeholders to develop a common or standardized set of terminologies or taxonomies for key concepts in generative AI technology, such as “foundation models” or “large language models” (LLMs).
Some participants also called for greater collaboration between stakeholders, and a multidisciplinary approach to governance of generative AI systems and global alignment when developing best practices.
Photos: Participants from FPF Roundtable on Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific, 7/21/2023. Photos courtesy of the PDPC.
Other FPF Activities during PDP Week
IAPP Asia Privacy Forum 2023
On July 20, FPF organized an IAPP panel discussion titled “Unlocking Legal Bases for Processing Personal Data in APAC: A Practical Guide,” which built on FPF’s year-long research project on consent and other legal bases for processing personal data in the APAC region – the final report of which was released in November 2022.
Moderator Josh Lee Kok Thong led the discussion, in which panelists Deputy Commissioner Denise Wong, Deputy Commissioner Leandro Y. Aguirre, Arianne Jimenez, and David N. Alfred (Co-Head, Data Protection, Privacy & Cybersecurity Practice, Drew & Napier) explained the challenges faced by practitioners and regulators in addressing differing data requirements for consent and alternatives like “legitimate interests” in APAC data protection laws.
Photo: FPF Panel on Unlocking Legal Bases for Processing Personal Data in APAC, July 20, 2023.
FPF’s APAC office was also represented at two further panels during IAPP Asia Privacy Forum 2023:
- Josh moderated a panel titled “Privacy-First Future: Partnering with Industry and Regulators for an Open Internet” focusing on the PDPC’s newly launched PETs x Privacy Sandbox initiative to reduce cross-site and cross-app tracking.
- Josh also spoke on another panel titled “From DPO to Data Ethics Officer, Don’t Fall Behind!” which explored whether data protection officers (DPOs) are suited to fulfill the emerging role of a “data ethics officer” and how DPOs can raise data ethics issues to their company boards.
FPF Training on EU AI Act
On the sidelines of PDP Week, FPF held its inaugural in-person FPF Training session in the APAC region. The closed-door training session, which focused on the forthcoming EU AI Act and its impact on the APAC region, was held on July 20 and was conducted by Katerina Demetzou (Senior Counsel for Global Privacy, FPF) with interventions from Vincenzo Tiani from his experience of advising Members of the European Parliament (MEPs) on drafting the EU AI Act. The training provided a detailed analysis of the draft AI Act and explained the lifecycle of AI systems and the law-making process in the EU. The training drew close to 20 attendees comprising regulators and representatives from industry and the legal sector.
Photo: FPF Training on the EU AI Act, 7/20/2023
This was the second time that FPF organized events around PDP Week since the launch of FPF’s APAC office in 2021. The week’s events enabled FPF APAC to foster collaborative dialogues among regulators, industry, academia, and civil society from the APAC region and draw links with the EU, and the US. FPF is grateful for the support of the PDPC and IAPP in organizing these activities.
Edited by Dominic Paulger and Josh Lee Kok Thong