3.2.2  Privacy preserving

            Artificial intelligence, where a sufficiently large and reliable set of information is available for the
            purposes of use in a specific city, could offer a significant contribution to the understanding and
            rapid resolution of urban problems. However, any use of information sets must necessarily comply
            with existing privacy regulations and laws set at the state or supranational level. For example: (i)
            the United States has various federal and state laws that cover different aspects of data privacy,
            like health data, financial information or data collected from children; (ii) the European Union (EU)
            has regulated similar matters with Regulation (EU) 2016/679 of the European Parliament and of
            the Council on the protection of natural persons with regard to the processing of personal data
            and on the free movement of such data.


            Therefore, it is necessary to affirm the essential principle that AI can only be used in full
            compliance with the data privacy regulatory framework in force at national or supranational
            level.


            AI systems operate in delicate contexts that may be exposed to, and even utilize, personal data,
            personal artefacts and personal property. In such contexts, it is very important for AI systems to
            duly uphold privacy.


            Privacy is a fundamental human right and is incorporated in various international and national
            legislations (e.g., international human rights, national constitutions, data protection laws).

            Hence, this principle allows cities to respect, protect and preserve privacy in developing, deploying
            and using AI systems.


            Implementation Considerations: Cities should identify and comply with all the laws and regulations
            pertaining specifically to privacy (e.g., data protection laws, consumer protection laws, intellectual
            property rights laws). Many jurisdictions have enacted data protection legislations (e.g., General
            Data Protection Regulation in European Union), which may significantly influence and impact
            privacy related data management and processing.


            Either existing laws and regulations and/or city stakeholder considerations may guide cities to
            implement privacy protection mechanisms in their AI systems. These privacy protection mechanisms
            include:


            •  Anonymization of data;

            •  Pseudonymization (or data masking) of data (e.g., encryption, shuffling, suppression);
            •  Data generalization (e.g., calculation of an aggregated value from sensitive data, using a value
                range);

            •  Creation of synthetic data;







              6