Taking place March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk. 

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Michael Whitbread is Senior Legal Counsel covering AI brands Affinda and Draftable. He has advised on privacy issues since before the commencement of the GDPR, holding progressively more expansive and global roles.

Michael will be at PrivSec & GRC Connect London to discuss ethics in AI, with focus on the balance between innovation and protecting human rights. Below, he answers questions on his professional journey and introduces the key issues of his PrivSec & GRC Connect London session.

Could you briefly outline your career pathway so far?

My journey began in Australia, where I trained and was admitted as a solicitor in 2007. Over the next ten years, I specialized in employment and discrimination law, working in various roles across Australia and the UK, in trade unions, law firms, and in-house.

In 2017, while working for an offshore Magic Circle firm, the GDPR was released and was something of a pivotal moment for me. Unlike the Australian privacy regime, the GDPR provides no exemption from privacy requirements for employment-related personal data. That set me off on a course of advising a wide range of clients, beyond solely HR teams.

Subsequently, I became Head of Data Privacy and Data Protection Officer at HSBC, responsible for privacy compliance for the business in Jersey, Guernsey, and the Isle of Man. In 2020, I moved to JTC as global head of data protection, providing legal guidance across 16 countries.

As I aspired to move beyond being a specialised privacy / employment lawyer, my current role at the Vesparum Group allows me to offer advisory services on other areas including intellectual property, and various commercial matters.

Is there a danger that the issue of human rights takes a back seat amid the rush to leverage the power of AI technologies?

There’s always a risk with the adoption of new technologies that safety issues may be deprioritised. Look back to the introduction of internal combustion engine: at first, cars were the ‘toys’ of the rich, manufactured without seat belts, air bags and in some cases brakes. 

Over time and frankly through bitter experience, safety standards and road rules developed which, while unable entirely to eliminate the risks associated with motor vehicles, significantly reduced those risks. We are at such an inflection point in the adoption of AI technologies.

What measures should organisations be putting in place to ensure human rights, ethics privacy and security always come first?

There’s no one-size-fits-all approach for ensuring ethical corporate behaviour. But companies could do worse than taking an audit of the AI technologies they are using / developing, and ensuring proportionate governance measures are in place.

These could be as simple as setting up a regular rhythm of consultation forums between key players in the organisation, including Product, Sales, Information Security, Legal and HR, right through to establishing a data governance committee with formalised terms of reference and accountabilities, documented data governance frameworks, public statements of AI ethics, and active campaigns promoting the safety measures of the organisation.

It’s an art not a science, but what is universal is the need to give customers and other stakeholders trust and confidence in the organisation’s ethical stance.