Definitions

Ownership: Paolo Volpe

A scientific approach presupposes axiomatic foundations and rigorous definitions. This ensures the quality of the content and its correct assimilation by constructing a basic reference for understanding terms used in the fields of data, information, algorithms, autonomous systems and artificial intelligence. The work on this glossary was carried out according to a methodology consisting of the following main stages.
Collection of terms: from a variety of sources, taking into account the reliability and diversity of enriching points of view. Academic and institutional references, specialised international standards are included.
Integration of terms: where diversity is important. Other and different formulations of definitions of the same term identifying the common thread. Multiple definitions are sought from multiple sources for confirmation and completeness. Adding is done by trying to standardise translations.
Technical and linguistic revision. This phase ensures scientific accuracy and the integrity and completeness of the technical concept.
Continuous updating. New documents and new knowledge always bring updates. Keeping up to date is important. We welcome your comments and suggestions.

 List of Definitions
TitleContent
#A
AAA systems listA list, either by name or other identifier that tracks all distinct AI, algorithmic or Autonomous Systems.
Access PolicyPolicy that informs employees, contractors, partners and other interested parties of requirements to ensure that all necessary physical access security measures are in place to prevent unauthorised access, damage and interference (malicious or otherwise) to the entity's assets;
#Accountability
Adult VisualsViolence, Language, Substances, Nudity or Sex as idenitified by the body of work established by the MPAA , or as specified by Ofcom broadcasting rules.
Adverse impactWhen the selection rate of a Protected Category is below 4/5th or 80% of the highest selection rate
Affirmative ActionPolicies positively supporting members of disadvantaged or underrepresented groups (aka Protected Classes) that have previously suffered discrimination in areas such as education, employment and housing
Age-AppropriateEnsuring that where Online Services and Connected Toys and Devices are accessed by Child or a CWCC, The services and content shall be appropriate for the use by Child or CWCC according to the Age Appropriate Policy and meet their development needs according to their age, developmental stage, capacity, and skills
Age-Appropriate PolicyA public document outlining the organization’s commitment to Age-Appropriate content and disclosure include the identification of target age ranges per the ICO’s breakdown
Algorithm EthicsA sub field of Ethics focused on instances of Ethical Choice emerging from AI, algorithmic and autonomous systems. Training and expertise include areas such as Necessity, Proportionality, Benchmark setting, Validity, reliability, Concept Drift and thresholds for Bias mitigation. #EU_AI_ACT
Algorithm ListList, either by name or by algorithm itself, of all algorithms used to compile a system, if the algorithm or the data set contain even a single variable of a Protected Category/Class/Variable
Algorithmic Risk AnalysisAnalysis and hierarchical comparison, prepared by a diverse team of assessors, designed to analyse the likelihood and severity of consequences to stakeholders and to the market for your algorithmic system incorporating feedback as appropriate. When severity and likelihood remain high, resulting in the overall risk of data processing remaining high, then the data processor shall consult directly with the data protection authority prior to beginning any data processing.
Algorithmic Risk AssessmentAn analysis of all risks associated with the comprehensive lifecycle of an AI, algorithmic or autonomous system, not covered by the TEC AT-Risk report, the Ethical Risk Analysis, the AI Governance Assessment and the Systemic Societal Impact Analysis
Algorithmic Risk Committee (ARC)Group of employees (or outsourced expert group) tasked with assuring that all algorithms and autonomous systems have taken the necessary steps to identify, remediate, explain and disclose all instances of Algorithmic Risk
Algorithmic Risk(s)Risks and associated definition listed in Appendix B.2
Anti-passbackFunction that stops a single token being used to enable more than one person to enter a facility or to enter multiple facilities. To prevent ‘passback’ the entry system must not let a token be used to gain access more than once without the token then being registered as having left the area. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction.
Anti-tailgatingFunction of an entry system that enforces ‘one transaction one entry’. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction.
Appropriate Policy DocumentDocument outlining your compliance measures and retention policies for Special Category Data, including procedures for complying with each principle, retention and Deletion / Destruction policies and the intended retention period https://ico.org.uk/media/for-organisations/documents/2616286/appropriate-policy-document.docx
AR/VR Identity DataSubset of Personal Data and Sensitive Personal Data, this refers to unique capture of identity such as retinal scans, eye movements/reactions, fingerprints, voiceprints, hand and face geometry, electrical muscle activity, heart-rate, skin response, and head position (similar to Biometric Data)
Artificial IntelligenceAutonomous machine or software that replaces a function or task of the human brain. #FH
Artificial IntelligenceThe science and engineering of making intelligent machines #John_McCarthy_1955
Artificial Intelligence (AI system)An AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy. #OECD (OECD-Recommendation of the Council on Artificial Intelligence, 2019) #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
At-Risk Protected CategoryAny Protected Category or intersection of Protected Categories that is explicitly identified by law, identified during an Algorithm Risk Assessment or anticipated by an Ethics Committee to exhibit Disparate Impact, bias or restriction on rights and freedoms. #EU_AI_ACT
#Auditor
Augmented Reality (AR)Technology that superimposes a computer-generated image on a user's view of the real world, thus providing a composite view
Authentic/ AuthenticityWorthy of acceptance or belief as conforming to or based on fact
Automatic Threat Recognition (ATR)ATR software interprets physical items or human body scan data, to identify areas where items may be concealed. These areas are flagged on a standardised display, to indicate to a security officer areas to perform a manual search.
AutomationRobotics, cybernetics, machine or software that replaces a task previously performed by a human, generally for the purpose of increased efficiency, quality, or reduced cost.
Automation Bias CurriculumA body of learning designed to raise awareness of the Human-in-Command and other employees associated with the AAA System in regards to a general over-reliance of AAA Systems. The curriculum is designed to establish a healthy scepticism in regards to AAA Systems and to educate users when AAA Systems can be relied upon and when they should be overridden, stopped, or paused. The curriculum further encourages users to acquire knowledge and understanding of underlying assumptions, data inputs, risk mitigations, and Residual Risk associated with the AAA System.
Autonomous SystemSelf-governing system, which operates without the need for human intervention from start to finish, except for pre-start inputs and design plus maintenance, recalibration, retasking and repair
Autonomous SystemCan independently plan and decide sequences of steps to achieve a specified goal without micro-management. A hospital delivery robot must autonomously navigate busy corridors to succeed in its task. In AI, autonomy doesn’t have the sense of being self-governing common in politics or biology #Stanford_University_Human_Centered_Artificial_Intelligence
#B
Baseline Population Norm
Statistical expectations made by a reasonable person for the appropriate representation of the Protected Variables in a data training set with the defined Population Parameters
B-Corp(In the United States), a benefit corporation (or in several jurisdictions including Delaware, a public-benefit corporation or PBC) is a type of for-profit corporate entity, that includes positive impact on society, workers, the community and the environment in addition to profit as its legally defined goals, in that the definition of "best interest of the corporation" is specified to include those impacts.
Bias
Systematic and repeatable errors in a computer system that create unfair outcomes, applied specifically to Protected Categories, Classes or Variable
Bias Remediation Policy
A policy formed in accordance with Relevant Legal Frameworks, equality and anti-discrimination law that considers the scope, nature, context and purpose of the AI, algorithmic and autonomous system. Encompassing processes such as data inputs, architectural inputs and outcomes and taking note of the Data Quality, Information Quality and Pipeline Quality to identify:
a) Metrics, thresholds and procedures designed to consider data prior to processing
b) Metrics, threshold and procedures to examine architectural inputs for Bias
c) Metrics, thresholds and procedure to examine outputs for fairness and compliance with Relevant Legal Framework
d) Procedures for evaluation of Pipeline Quality, Human-in/on-the-Loop interfaces
e) Procedure for evaluation of Cognitive and Non-Response Bias
f) Frequency of review (a) thru (e)
Biometric Data
Personal data resulting from specific technical processing relating to the physical, physio- logical or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Bullying
An intentional act that causes harm to others, and may involve verbal harassment, verbal or non-verbal threats, physical assault, stalking, or other methods of coercion such as manipulation, blackmail, or extortion.
Business Continuity Plan (BCP)
Scheme that describes a system of prevention and recovery from potential threats to a company, ensuring that personnel and assets are protected and are able to function quickly in the event of a discontinuity, threat or disaster. The BCP is integrated with a Contingency plan and restoration prioritisation plan
#C
cAIRE reportComprehensive Artificial Intelligence Risk Evaluation report, comprising all risk inputs, risk mitigations and Residual Risks gathered from any of the following reports: Algorithm Risk Assessment, Systemic Societal Impact analysis, T&E At-Risk Report, Ethical Risk Assessment, and an AI Governance Assessment
#Carer
Child-Friendly
To present information using diagrams, cartoons, graphics, video and audio content, and gamified or interactive content that will attract and interest Children, rather than relying solely on written communications
Children's Core Interests
From the UNCRC (United Nation's Convention on the Rights of the Child) provisions, the Best Interests of the Child include but are not limited to safety, health, wellbeing, family relationships, physical, psychological and emotional development, identity, freedom of expression, privacy, and agency to form their own views
Child's Data Oversight Committee (CDOC)
Group of employees (or outsourced expert group) tasked with reviewing all aspects of data collection, risk and procedures associated with data related to Children or Minors for the jurisdiction
Chief Data Officer
Individual responsible for all data policies and compliance with data and privacy laws
Child(ren)
Person, individual under the age of 13, Children is the plural (Source:COPPA) [Children, Minor #EU_AI_ACT]
Code of Data Ethics
Set of guidelines, principles and procedures by which data is acquired, analyzed, processed, adjusted, compiled or otherwise sold, traded or shared with other entities
Code of Ethics
A set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group
Cognitive Bias
The way a particular person understands events, facts, and other people, which is based on their own particular set of beliefs and experiences and may not be reasonable or accurate
Commissioning DocumentationDrawings and manuals covering the installation, operation and maintenance of a system that are provided to the person responsible for maintenance and operation of the system on the site
Commissioning Tests
Tests to assess the functionality and performance of a system to ensure it is installed correctly and performs to the required specification
Component Risk
Elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors
Concept Drift
The observation that the correlation between the inputs and the outputs of an AI system may change over time, including situations where training data labels change over time.
Conditioning
Process of changing behavior by rewarding or punishing a subject each time an action is performed until the subject associates the action with pleasure or distress
Connected Toys and Devices
Which are connected to the internet. They are physical products that are supported by the functionality provided through internet or network connection
Consent
Consent to processing personal data is only lawful and  effective if provided by a Child Who Cannot Consent/Child of the age of 13 years and above
Consent Risk
Failure to assure a chain of custody or appropriate consent for the data processing being conducted
Consent UK GDPR
Used as a lawful basis specified in Article 6(1)a of the UK GDPR. Meeting all requirements in that regulation, including enhanced requirements for Consent for Children in Article 8 UK GDPR and Consent for use of Special Category Data, supplemented by requirements in Article 9
(A Primary) Consideration
Something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child
ContextThe circumstances in which an event occurs; including jurisdiction and/or location, behaviour and functional inputs to an AAA System that are appropriate #EU_ACT
Contingency Plan
A plan to make the system inaccessible and unavailable, or to continue processing, in the context of a security related event
Controller
Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (but see section 6 of the 2018 Act);
#D
Data Class/(Data Classification)
Group of data with common principles (to group data with common principles)
Data Control Committee (DCC)
Group of three or more people, who are entrusted with the same responsibilities as the Chief Data Officer, in support of the Chief Data Officer or Data Protection Officer (DPO)
Data Control Policy
Document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, plans for amendments, procedures for change and amendments
Data Entry Point Attacks
Vulnerabilities and attacks associated with the data used for training and processing data, where the adversary manipulates the data in order to attack, alter or otherwise corrupt the intended purpose, scope and nature of the algorithmic system (e.g., data poisoning, model inversion, model evasion)
Data Ethics
See Ethics section of the CDO/DPO/DCC
Data Flow Diagram
Cartoon or graphic which visually represents all inputs for data collection and locations where data is captured in a database or may leave the system with export interfaces, including notation where processing effects individuals and consent has been granted. The Data Flow Diagram shall include a systematic description of the processing activity, including data flows and stages when AI process any automated decision that may produce effects on individuals. The Data Flow Diagram should also track the jurisdictional location of data and when those data flows move between entities and their relevant jurisdictions, including internal data flows. The Data Flow Diagram should be reviewed and maintained throughout the lifespan of the algorithmic system.
Data Input Calibration
Process of examining training and processing data with respect to Population Parameters, Population Baseline Norms, cognitive bias, accessibility bias, Data Entry Point Attacks
Data Minimisation
Limiting data collection to only what is required to fullfill a specific purpose.
D&O
Directors and Officers insurance, liability insurance payable to the directors and officers of a company, or to the organization itself, as indemnification for losses or advancement of defense costs in the event an insured suffers such a loss as a result of a legal action brought for alleged wrongful acts in their capacity as directors and officers
Data Poisoning
An adversarial attack targeted at training, testing/validation, Data Quality, Information Quality, Pipeline Data in an attempt to render the data useless or alter/damage the model’s ability to achieve its scope, nature, context and purpose potentially altering outputs in favour of the adversary. Intentional subversion of Data Quality
Data Portability
Ability to move, copy or transfer data easily from one database, storage or IT environment to another. These same data copy/transfer rules apply between companies and/or services
Data Protection Impact Assessment
Consistent with GDPR, it is a tool for examining the purpose of an algorithm, kinds of data required and collected, who has access to the data in your organization and any Service Providers who might have access
Data Protection Officer (DPO)
Ensures, in an independent manner, that an organisation applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organisation are described in Articles 37, 38 and 39 of the European Union (EU) General Data Protection Regulation (GDPR).
Data Protection Policy
Document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, procedures for change, amendments, security and records management, retention policies, integrated with the Business Continuity Plan, Data Security Plan and Security Plan specific scope, nature, context and purpose while limiting accessibility and storage to only necessary persons for processing, including the regular Deletion and Destruction of unnecessary data, all integrated with the Business Continuity Plan, Data Security Plan and Security Plan
Data Quality
The quality of data that makes it representative and aligned to the scope, nature, context and purpose of the intended use as applicable to an algorithm. Quality of data refers to data that is reasonably and sufficiently relevant, complete and free from errors in aggregation, annotation, maintenance, enrichment, ground truth constructive (inference or proxy or causative), correct syntax, sampling and training-test split as appropriate to the specific domain and/or industry context from reasonably calibrated sources
Data Security Policy
Process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources.
Data Subject
Means an identifiable natural person who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Data Subject Access Requests (DSAR)
A process that is transparent, concise, intelligible and easily accessed using clear and plain language in written or where appropriate in electronic form, to handle requests to exercise one or more of the Data Subject rights detailed in UK GDPR articles 15 to 22, including the right of access, right to rectification, right to erasure, right to restriction of processing, the notification obligation, right to portability and right to object.
Data Transparency Document
A public report created by the Algorithm Risk Committee designed to collect and document Publicly all relevant steps taken by the Ethics Committee and the Algorithm Risk Committee to mitigate risk of Bias, Data Quality, Information Quality and Pipeline Quality in data sets both prior to processing
De-Anonymization
The practice of willfully processing aggregate anonymized data for the purposes of re-identifying individual persons specifically regardless of the rationale or merit. De-Anonymizations does not include security tests which are designed with the knowledge of the owner and anonymizer of the aggregate data to verify the quality and security of the anonymization process
Deletion
(Delete) In the context of data, is when data is removed and is no longer available in plain sight or can easily be recovered
Destruction
(Destroy) In the context of data, is when data is removed from your device and can never be restored, even be professional data recovery experts
Digital
characterized by electronic and especially computerized technology
Disability Inclusion and Accessibility Awareness CurriculumA body of learning designed for all employees associated with AAA Systems to raise their awareness of the value of inclusion and accessibility, especially in regards to Persons with Disabilities, The learning objectives are meant to be tailored to the organisations preferred method for handling accommodations and for employees to raise concerns or ask questions about ways to improve inclusion and accessibility.
Disabled Person
Person who has an impairment that substantially limits one or more major life activites
Disabled Person(s)/ People with Disabilities (EU)Include those who have long-term physical, mental, intellectual or sensory impairments which in interaction with various barriers may hinder their full and effective participation in society on an equal basis with others
#Disaster Recovery
Disparate Impact
A legal doctrine which declares that a policy can be considered discriminatory if it “adversely impacts” a group based on that group’s traits, such as its race, color, religion, or sex.
DistributorAny natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market without affecting its properties
Diverse Inputs and Multi Stakeholder Feedback
As accepted by the Ethics Committee in compliance with the Code of Ethics and/or a diversity policy, it is a collection of individuals noteworthy by their myriad representation of lived experience, background, and culture, diversity of thought process, skills and expertise, and representation of protected categories and intersection thereof. This group is used for risk inputs, risk evaluation, assessment of foreseen misuse and this evaluation occurs throughout the algorithmic lifecycle from design to decommissioning (captured in an Algorithm Risk Assessment)
#E
Emotional AIOne of the more recently emerging domains of artificial intelligence (AI), which is also referred to as emotion AI or affective computing. It largely covers the ability of computational systems and machines to study, analyze, and interpret humans via mostly nonverbal features such as gestures, facial expressions, body language, as well as other factors including human voice to establish and determine humans’ emotional states. Naturally, this is one of the more controversial areas of AI and consequently subject to greater scrutiny by AI Ethicists. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
Employment Impact Assessment
Analysis, prepared by a reputable third party, which examines the projected job losses from an increase in automation
Entry Breach Protocol
Procedure detailing the required physical human response to entry breach events, malicious and otherwise
Escorted
Act of an employee or group of employees accompanying a visitor for guidance and protection of valuable or sensitive assets
Ethical Choice
Awareness of a set of options to be made In the context of automated and intelligent systems, using a set of principles and rules concerning moral obligations and regards for the rights of humans and for nature, which may be specified by a given profession or group. The result, outcome or judgment is made using a shared moral framework. or set of moral principles based upon the entity’s Code of Ethics
Ethical Choice CurriculumBody of learning designed to raise awareness of instances of Ethical Choice for designers, developers, governance and oversight teams involved in the creation of AI, algorithmic and autonomous systems. The curriculum raises awareness of instances of Ethical Choice as well as the organisation’s preferred procedure for handling the instance of Ethical Choice.
Ethical Risk AssessmentThe documentation of the analyses and subsequent conclusions of all instances of Ethical Choice, softlaw, application of Code of Ethics and Code of Data Ethics principles and shared moral frameworks across the lifecycle of the AAA Systems (e.g., Necessity Assessment, Proportionality Study, representativeness, Key Performance Indicators) shared Publicly. #EU_AI_ACT
Ethics Committee
A group of persons trained in Algorithm Ethics and Ethical Choice, guided by the Code of Ethics and Code of Data Ethics, which they create and maintain on behalf of the organisation. The Ethics Committee is responsible for all instance of Ethical Choice related to AI, algorithmic and autonomous systems and producing the Ethical Risk Analysis
Ethics Curriculum
Body of work highlighted for teaching the nuance and process for including ethics and ethical thinking into the design and implementation of autonomous systems - SEE CURRICULUM TAB
#Explainability
Explainability plus
A human-centric process by which a Data Subject or user is helped to understand the decision making process and educated on how they could have earned a favourable result from the system, in order to improve their interaction, their outcome or their satisfaction
External Contacts
Person or organization that is not an employee or retained contractor of the entity
#F
Fail Safe
Locking device that unlocks the entry portal if power fails and requires the continuous application of power to stay locked.
Fail Secure
Locking device that locks the entry portal if power fails and requires the application of power to unlock the door
Field of Vision
Data input from an Augmented Reality system which is provided by the user as a function of their reality, location, activities and interactions, treated as a user generated data input
#G
GDPR
General Data Protection Regulation, passed by the EU and put into effect in 2018, governs certain rights and principles around personal data for individuals GDPR.EU
Genetic Data
Means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
Geolocation
Process of finding, determining and providing the exact location of a computer, networking device or equipment
Governance
Structure of rules, practices, and processes used to direct, manage and oversee an entity
Guardian
Person of legal age and ability who can act on behalf of a Child, Child Who Cannot Consent, or Disabled person
#H
Hate Speech
Abusive language specifically attacking a person or persons because of their race, color, religion, ethnic group, gender, or sexual orientation
Human-in-the-loop
Any model that is unable to offer an answer or conclude processing without human intervention
Human-on-the-loop
Human supervision and/or control of AI, algorithmic or autonomous systems, however the system is able to conclude processing without the need for human intervention
#K
Key Performance Indicators (KPIs)
Measurements indicated in advance to determine the success or failure of an algorithmic model to achieve its purposes
Key Words
Natural language words, spoken or typed, which may be read by a system and trigger a recording protocol or flagging protocol
#J
Joint Risk Assessment
Specific risk assessment using DPIAs and all relevant risk inputs to determine incompatibilities, gaps or insufficiencies that arise from duty designations, interfaces and the collective responsibilities of data protection to Data Subject
Jurisdiction
Geographic area containing a defined legal authority
#I
ICO’s Target Age Range Guide
0-5: Pre-literate and early literacy, 6-9 core primary school years, 10-12 transition years, 13-15 early teens, 16-17 approaching adulthood
Identity and Access Management (IAM)
framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.
ImporterAny natural or legal person physically present or established in the Union who has received and accepted a written mandate from the Provider of an AI system to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation;
Independent Governance
Independent means not influenced or controlled by others in matters of opinion, conduct, etc.; thinking or acting for oneself. Members of the governance body must not be affiliated with the entity providing the tracing systems. Further, if the government is the implementing authority, the independent panel shall represent the people and have the means to be transparent, hear from and interact with the people of the Jurisdiction. Governance means supervision; watchful care and the authority to call for change
Inference
Assumption or conclusion reached by a data processing algorithm, which may not be treated as fact and shall be labelled as such.
Information & Communication Technologies (ICT)
All technologies and services involved in computing, data management, telecommunications provision, and the internet.
Information Quality
The quality of the content of AI, algorithm or autonomous systems that is representative of the fitness for use (scope, nature, context and purpose). It refers to accuracy of data in representing ground truth and relevance of the data for the slated scope, nature, context and purpose
IntelligenceMight be defined as the ability to learn and perform suitable techniques to solve problems and achieve goals, appropriate to the context in an uncertain, ever-varying world. A fully pre-programmed factory robot is flexible, accurate, and consistent but not intelligent. #Stanford_University_Human_Centered_Artificial_Intelligence
Intruder Detection
Process of detecting unauthorized access to a Physical Space, for example jumping a barrier, forcing open a gate, or tailgating through an open gate
#L
#M
Membership Inference
Data mining technique designed to analyzing data in order to uncover Personal Data, Sensitive Personal Data or PII
Min/Max Pair
Determined by the Ethics Committee, this is lowest reasonable Baseline Population Norm combined with the greatest reasonable Baseline Population Norm
Minor
A person, who has not reached the legislated age of majority for the jurisdiction of their residence (see also Underaged, Child for distinction)
Model Inversion
the process of reverse-engineering Personal Data via the understanding and replication of the algorithmic system and the output
#N
#Natural Person
NatureThe forces and processes that influence and control the variables and features. #EU_AI_ACT
Necessity Assessment
The determination by an Ethics Committee that AI, algorithmic and autonomous systems are the only or best solution considering a comprehensive set of stakeholders in the context of the lawful basis. Including an analysis and determination of the vital inclusion of each Personal Datum collected and processed by AI, algorithmic and Autonomous system.
Need to know basis
Granting of access or permission to information only at the time the Data Subject is deemed by the entity to need to access this information
Network Provider
Entity which delivers the signal between a device and the database, or the database and the Contact Tracer
NeuroethicsAn interdisciplinary field devoted to the study of the ethical, legal, policy, and social implications of advances in neuroscience and their impact on people and society. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
NeuroprivacyA neuroethical concept of privacy concerns pertaining to neural information that is obtained through imaging or diagnostic technologies and the use of the information in legal and societal contexts. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
Non-Response Bias
Systematic exclusion of a Protected Category group related to that group's inability or reluctance to participate in the gathering of data
Nudge and Deceptive Pattern Awareness CurriculumBody of learning designed to raise awareness of Nudges or Nudge techniques for designers, developers, data scientists, governance and oversight teams involved in the creation of an ISS. The curriculum is a set of learning objectives that educate and empower learners to identify Nudges, determine the nature of the Nudge as detrimental or beneficial, and guide design accordingly
Nudging
concept in behavioral economics, political theory, and behavioral sciences which proposes positive reinforcement and indirect suggestions as ways to influence the behavior and decision making of groups or individuals.
#O
Online Service
A service that is accessible by a Child through the internet
Opt-In
having the characteristic of individual choice free from coercion or persuasion
Opt-In Diagram
Cartoon or simplified visual representation of the interfaces with an entity that is contributing data to a system with an explanation of choice and disclosure at the interface
Opt Out or Opts-out
Having the characteristic of individual choice, free from coercion to leave a service or data collection process
#P
#Parent
Parental Controls
features which may be included in systems (such as digital television services, computer and video games, mobile devices and software) that allow parents to restrict the access of content to their children. These controls were created to assist parents in their ability to restrict certain content viewable by their children
Penetration Testing
testing technique aiming to exploit security vulnerabilities (known or unknown) to gain unauthorised access
Personal Data
any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. Personal Data may be a collective term encompassing specialised terms such as Inferences, Proxy Variables, and Special Category Data
Personally Identifiable Information (PII)
representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means
Population Parameters
realized statistical properties of a dataset with respect to Protected Category Variables.
Pragmatics NeuroethicsA practical, solution-oriented approach to neuroethical inquiry that privileges empirical analyses over a priori moral principles and emphasizes real worldcircumstances, pluralism, and multidirectional, inclusive deliberations. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
Preferential Treatment
output where a reasonable person can argue that one Data Subject is offered better or improved circumstances, prices, economic benefits or measurable advantage over another Data Subject
Primary Consideration
something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child
Privacy Policy
the notification regarding details of data processing to data subjects according to the requirement for Transparency in Article 5(1)a of the UK GDPR and specific requirements in Articles 13.1 and 13.2 and 14.1 and 14.2. Inclusions differ depending on whether personal data is obtained directly or indirectly from Data Subjects and additional details are needed when processing involves joint controllers (Article 26).
Processing
means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Processor
a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; processes means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or Destruction
Profile Re-engageA user interface that allows the User to reapply their Profile to the AAA System after a period of Profiling Decline or Profiling Reset #EU_AI_ACT
Profile ResetA user interface that allows the User to zero-out or completely reset the Profile created by the Provider of the system for the Users interface with the AAA System #EU_AI_ACT
Profiling
Means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Profiling DeclineA user interface that allows the User to opt out of recommendation engines or other content moderation through the use of Profiling #EU_AI_ACT
Profiling Re-engageA user interface that allows the User to reapply their Profile to the AAA System after a period of Profiling Decline or Profiling Reset #EU_ACT
Profiling ResetA user interface that allows the User to zero-out or completely reset the Profile created by the Provider of the system for the Users interface with the AAA System #EU_ACT
Proportionality Study
Conducted prior to a DPIA, it is a study conducted by the Algorithm Risk Committee to assess tensions and tradeoffs between risks to and sacrifices of, rights and freedoms of individuals or groups balanced against the potential benefits and gains to an individual or group in the context of the Relevant Legal Frameworks
Protected Classes/Categories
Defined by jurisdiction legally, may include race, age, gender, religion, ability/disability, sexual orientation, color, nation of origin, socioeconomic class etc.
Protected Variables
Data item, that can be directly or indirectly connected to one of the protected categories of people groups, such as Ethnicity, Gender, Age, Ability, Religion, Sexual Orientation
Proxy Variables
The use of second order variables combined with Inferences, designed to associate a Data Subject with Personal Data
ProviderAny natural or legal person, public authority, agency or other body that develops an AI System or that has an AI System developed and places that system on the market or puts it into service under its own name or trademark, whether for payment or free of charge
Pseudonymisation
means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
Publicly
open to all; open to common use. not limited or restricted to any particular class of the community.
PurposeThe aim or goal of a system #EU_ACT
#R
#Restoration Prioritisation Plan
Recommendation Systems
Information filtering system that seeks to predict the "rating" or "preference" a user would give to an item to provide preferential ordering and/or appearance
Relevant Legal Frameworks
Can contain a broad range of applicable law such as the laws that govern an entity or organisation, that govern the rights and privileges of a Data Subject, that restrict the activities and behaviors of a Data Controller or Data Processor, or put positive obligations upon an entity Note: These include consideration for human rights, equalities and anti-discrimination law, access to goods and services (having due regard to who is included/excluded from such goods and services), Children's law and laws with regard to the platform and/or laws with regard to the sector in and through which the AI (and data processing) is being provided, amongst other risks law, as it applies to Data Subjects, specific to the Jurisdiction of Data Subject being included in the data processing for the audit or certification.
Reliability
The extent to which the results can be reproduced when the research is repeated under the same conditions.
Residual Risk ScheduleConsolidation of the residual risks from all the reports along with the treatment plan and specific impact assessments #cAire_Report
Risk and Control LogConsolidation of risks and mapped mitigating controls for risks where appropriate mitigations exist #cAIRE_Report
#S
ScopeThe boundaries of a system, what is covered, what is not covered #EU_ACT
Security Clearance
status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. Jurisdictional differences in terminology and levels apply.
Security Policy
document outlining how to protect the organisation from threats, including technical, organisational and/or socially engineered security threats, and how to handle situations when they do occur
Sensitive Personal Data
data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. (SOURCE:GDPR)
Service Provider
Third-party contracted provider who is supplying critical infrastructure and services to the entity
Social NetworkAn online service or site through which people create and maintain interpersonal relationships. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
Social Responsibility
Practice of producing goods and services in a way that is not harmful to employees, society or the environment
Socially aligned networkAn online service or site or gaming suite or virtual-/augmented-/extended-reality (VR/AR/XR) or metaverse or similar technological ecosystem through which people communicate, create, date, compete, and/or challenge each other. In addition, they use socially aligned network(s) also to establish and maintain relationships that are based on either their real or fabricated online identities and their aligned or mis-aligned common interests. Although they may overlap with the more traditional social networks, membership and activities are more characterized by an align- ment of participants’ common interests and less focus on interpersonal rapport. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi
Special Category Data
Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, Biometric Data, data concerning health or data concerning a natural person's sex life or sexual orientation #UK GDPR
Specific Children's Risk
A set of risks designated as terms, phrases or definitions designed by a local jurisdiction to indicate special concerns related to the data control or data process of children's data
#Sustantial Public Interest
Surveillance
Event or time period during which the activities of a particular individual are observed or documented
Sustainability
Managing an entity's activity so that society, its members and its economies are able to meet their needs and express their greatest potential in the present, while preserving biodiversity and natural ecosystems, planning and acting for the ability to maintain these ideals for future generations
System Drawings
Diagrams and schedules to show all the information necessary so that the system can be safely operated, maintained, inspected and tested, as far as is reasonably practicable. The drawings should be fully crossreferenced and co-ordinated with the Data Flow Diagram and operation and maintenance manual.
#T
#Tension and trade offs
Testing Frequency
The rate at which an algorithm has its output compared to acceptable parameters of operation
Threat and Risk (Emergent & Horizon scanning)List of emergent risks identified based on horizon scanning (including industry, domain, technology etc) #cAire_Report
Time zoning
Time periods when an entry system system will allow or disallow entry/exit. Time zoning can be used to simply prevent entry or can generate alarms in the event that a user is within a secured area outside a permitted time. For example time zoning may allow for cleaners to enter between 2000-2400, with access only to non-sensitive areas.
Traceability
the ability to trace a data right back to its origin through documentation, including a chain-of-custody (“paper trail,” physical or otherwise) for data provenance that chronologically records the ownership, viewing, analysis, and transformations of a data record or data sources
Toxic Combination
conflict of system access permissions that allows a user to break the law, violate rules of ethics, damage customers' trust, or even create the appearance of impropriety
Training Data
A subset of testing/validation data to which algorithms are applied seeking the best fit to train a model
Triple Bottom Line
The triple bottom line (TBL) is a framework or theory that recommends that companies commit to focus on social and environmental concerns just as they do on profits.
#U
Underaged
An individual who has not reached a minimum age as defined by corporate policy and requiring a guardian consent (see also Minor, Child for distinction)
User (EU)Any natural or legal person, including a public authority, agency or other body under whose authority the system is used
#V
Validity
The extent to which the results really measure what they are supposed to measure presently and as time passes
Validity Test
refers to how an algorithmic model is tested; to measure how well the test measures real properties, characteristics, and variations in the physical or social world
Verifiable Parental Consent
Required under COPPA to make sure parents know what information is shared with who; approved methods can be found on the FTC's website
Virtual Reality (VR)
Computer-generated simulation of a three-dimensional image or environment that can be interacted with in a seemingly real or physical way by a person using special electronic equipment, such as a helmet with a screen inside or gloves fitted with sensors.
Vulnerable Populations (People in vulnerable situations)Persons who often experience exclusion, insufficient accessibility resulting from geopolitical, social, socioeconomic, and cultural inequitable power distribution including but not limited to: children, persons with disabilities, ethnic minorities, and people made vulnerable by an imbalance of power in relation to knowledge, economic or social circumstances, or age. #EU_ACT
Welcome Package
Documents that are provided to a new hire upon either the acceptance of an offer or accompanying the offer which explain the details of the relationships between the employer and employee