Abstract
The use of Artificial Intelligence (AI) systems in the health domain requires developers of these systems to consider a wider view of requirements beyond traditional data security requirements. Data controllers of these systems should also include requirements that consider legal, privacy, fundamental rights, social, and ethical values. However, harmonized guidelines around AI principles and requirements are not agreed and divergent. This requires a creative approach with the development of these requirements for AI projects. Furthermore, many of the guidelines fail to establish a link between principles and actionable requirements. In this paper we present the methodology used to develop the legal, privacy, social and ethical requirements for an AI based medical imaging project entitled Medical Imaging Ireland (Med-I). Furthermore, we provide an overview of an assessment of these requirements implementation within the Med-I project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Solove, D.J.: Understanding Privacy. The George Washington University Law School Public Law And Legal Theory Working Paper No. 420 Legal Studies Research Paper, No. 420, pp. 1–25. Harvard University Press, Cambridge, Massachusetts, (2008)
Nissenbaum, H.: Privacy in context: technology, policy, and the integrity of social life. In: Privacy in Context. Stanford University Press, Redwood City (2009)
EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. EU, pp. 1–88 (2016)
Ayling, J., Chapman, A.: Putting AI ethics to work: are the tools fit for purpose? AI Ethics, 1–25 (2021).https://doi.org/10.1007/s43681-021-00084-x
Schiff, D., Borenstein, J., Biddle, J., Laas, K.: AI Ethics in the public, private, and NGO sectors: a review of a global document collection. IEEE Trans. Technol. Soc. 2(1), 31–42 (2021)
Ryan, M.L., O’Donovan, T., McNulty, J.P.: Artificial intelligence: the opinions of radiographers and radiation therapists in Ireland. Radiography 27, S74–S82 (2021)
Muller, H., Mayrhofer, M.T., Ben Van Veen, E., Holzinger, A.: The ten commandments of ethical medical AI. Computer (Long. Beach. Calif). 54(7), 119–123 (2021)
Geis, J.R., et al.: Ethics of artificial intelligence in radiology: summary of the joint European and North American multisociety statement. Radiology 293(2), 436–440 (2019)
Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: Proceedings of the 2018 International Conference on Software and System Process, pp. 123–127. Gothenburg, Sweden (2018)
Razzak, M.I., Naz, S., Zaib, A.: Deep learning for medical image processing: overview, challenges and the future. Lect. Notes Comput. Vis. Biomech. 26, 323–350 (2018)
Vanclay, F., Baines, J.T., Taylor, C.N., Vanclay, F.J., Baines, T., Taylor, C.N.: Principles for ethical research involving humans : ethical professional practice in impact assessment part I. Impact Assess. Proj. Appraisal 31(4), 243–253 (2013)
Mantelero, A.: AI and big data: a blueprint for a human rights, social and ethical impact assessment. Comput. Law Secur. Rev. 34(4), 754–772 (2018)
Floridi, L., Cowls, J.: A unified framework of five principles for AI in society. Harv. Data Sci. Rev. Summer (1.1), 1–17 (2019)
Fjeld, J., Achten, N., Hilligoss, H., Nagy, A., Srikumar, M.: Principled artificial intelligence: mapping consensus in ethical and rights-based approaches to principles for AI. Berkman Klein Center Research Publication, (2020)
Falabiba, N.E.: Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions. Fostering a European approach to Artificial Intelligence, Brussels (2021)
AI HLEG, Ethics Guidelines for Trustworthy AI, 32, 1–41 (2019)
AI HLEG, Policy and Investment Recommendations for Trustworthy AI. European Commission, Brussels, 1–52 (2019). https://www.europarl.europa.eu/italy/resource/static/files/import/intelligenza_artificiale_30_aprile/ai-hleg_policy-and-investment-recommendations.pdf. Accessed 17 June 2022
AI HLEG, The Assessment List for Trustworthy Artificial Intelligencer (ALTAI) for self assessment. EU Publications Office, Brussels, pp. 1–38 (2020). https://digital-strategy.ec.europa.eu/en/library/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment. Accessed 17 June 2022
Government of Ireland, Data Protection Act 2018 (Section 36(2)) (Health Research) Regulations 2018 (S.I. No. 314/2018). Ireland (2018)
Mee, B., et al.: What GDPR and the health research regulations (HRRs ) mean for Ireland : a research perspective. Irish J. Med. Sci. 190(2), 505–514 (2021)
Elshekeil, S.A., Laoyookhong, S.: GDPR Privacy by Design. Stockholm (2017)
Data Protection Commission Ireland, Guide to Data Protection Impact Assessments (DPIAs). October. Data Protection Commissioner, Ireland (2019)
Bieker, F.: Privacy technologies and policy, In: Proceedings of the 4th Annual Privacy Forum, (APF 2016), 10518 (October), pp. 21–37. Springer, Frankfurt/Main, Germany (2017)
ICO, What is a DPIA?, Data Protection Impact Assessments (DPIAs) (2020). https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/what-is-a-dpia/. Accessed 17 June 2022
Glinz, M.: On non-functional requirements. In: 15th IEEE International Requirements Engineering Conference, pp. 21–26. IEEE, Delhi, India (2007)
Eckhardt, J., Vogelsang, A., Fernández, D.M.: Are non-functional requirements really non-functional? an investigation of non-functional requirements in practice. In: Proceedings of the 38th International Conference on Software Engineering, pp. 832–842 NY, United States (2016)
ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment. BSI Standards Publication (2017)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 1(16), 3–32 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Treacy, C., Regan, G., Shahid, A., Maguire, B. (2022). Legal, Privacy, Social and Ethical Requirements and Impact Assessment for an Artificial Intelligence Based Medical Imaging Project. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-15559-8_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15558-1
Online ISBN: 978-3-031-15559-8
eBook Packages: Computer ScienceComputer Science (R0)