Definitions
Ownership: Paolo Volpe
A scientific approach presupposes axiomatic foundations and rigorous definitions. This ensures the quality of the content and its correct assimilation by constructing a basic reference for understanding terms used in the fields of data, information, algorithms, autonomous systems and artificial intelligence. The work on this glossary was carried out according to a methodology consisting of the following main stages.
Collection of terms: from a variety of sources, taking into account the reliability and diversity of enriching points of view. Academic and institutional references, specialised international standards are included.
Integration of terms: where diversity is important. Other and different formulations of definitions of the same term identifying the common thread. Multiple definitions are sought from multiple sources for confirmation and completeness. Adding is done by trying to standardise translations.
Technical and linguistic revision. This phase ensures scientific accuracy and the integrity and completeness of the technical concept.
Continuous updating. New documents and new knowledge always bring updates. Keeping up to date is important. We welcome your comments and suggestions.
List of Definitions | |
---|---|
Title | Content |
#A | |
AAA systems list | A list, either by name or other identifier that tracks all distinct AI, Algorithmic or Autonomous Systems. |
Access Policy | Policy that informs employees, contractors, partners and other interested parties of requirements to ensure that all necessary physical access security measures are in place to prevent unauthorised access, damage and interference (malicious or otherwise) to the entity's assets; |
#Accountability | |
Adult Visuals | Violence, Language, Substances, Nudity or Sex as idenitified by the body of work established by the MPAA , or as specified by Ofcom broadcasting rules. |
Adverse impact | When the selection rate of a Protected Category is below 4/5th or 80% of the highest selection rate |
Affirmative Action | Policies positively supporting members of disadvantaged or underrepresented groups (aka Protected Classes) that have previously suffered discrimination in areas such as education, employment and housing |
Age-Appropriate | Ensuring that where Online Services and Connected Toys and Devices are accessed by Child or a CWCC, The services and content shall be appropriate for the use by Child or CWCC according to the Age Appropriate Policy and meet their development needs according to their age, developmental stage, capacity, and skills |
Age-Appropriate Policy | A public document outlining the organization’s commitment to Age-Appropriate content and disclosure include the identification of target age ranges per the ICO’s breakdown |
Algorithm Ethics | A sub field of Ethics focused on instances of Ethical Choice emerging from AI, algorithmic and autonomous systems. Training and expertise include areas such as Necessity, Proportionality, Benchmark setting, Validity, reliability, Concept Drift and thresholds for Bias mitigation. #EU_AI_ACT |
Algorithm List | List, either by name or by algorithm itself, of all algorithms used to compile a system, if the algorithm or the data set contain even a single variable of a Protected Category/Class/Variable |
Algorithmic Risk Analysis | Analysis and hierarchical comparison, prepared by a diverse team of assessors, designed to analyse the likelihood and severity of consequences to stakeholders and to the market for your algorithmic system incorporating feedback as appropriate. When severity and likelihood remain high, resulting in the overall risk of data processing remaining high, then the data processor shall consult directly with the data protection authority prior to beginning any data processing. |
Algorithmic Risk Assessment | An analysis of all risks associated with the comprehensive lifecycle of an AI, algorithmic or autonomous system, not covered by the TEC AT-Risk report, the Ethical Risk Analysis, the AI Governance Assessment and the Systemic Societal Impact Analysis |
Algorithmic Risk Committee (ARC) | Group of employees (or outsourced expert group) tasked with assuring that all algorithms and autonomous systems have taken the necessary steps to identify, remediate, explain and disclose all instances of Algorithmic Risk |
Algorithmic Risk(s) | Risks and associated definition listed in Appendix B.2 |
Anti-passback | Function that stops a single token being used to enable more than one person to enter a facility or to enter multiple facilities. To prevent ‘passback’ the entry system must not let a token be used to gain access more than once without the token then being registered as having left the area. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction. |
Anti-tailgating | Function of an entry system that enforces ‘one transaction one entry’. For a fully secure system, anti-passback and anti-tailgating should be combined to prevent both multiple uses of token and multiple entries on a single token transaction. |
Appropriate Policy Document | Document outlining your compliance measures and retention policies for Special Category Data, including procedures for complying with each principle, retention and Deletion / Destruction policies and the intended retention period https://ico.org.uk/media/for-organisations/documents/2616286/appropriate-policy-document.docx |
AR/VR Identity Data | Subset of Personal Data and Sensitive Personal Data, this refers to unique capture of identity such as retinal scans, eye movements/reactions, fingerprints, voiceprints, hand and face geometry, electrical muscle activity, heart-rate, skin response, and head position (similar to Biometric Data) |
Artificial Intelligence | Autonomous machine or software that replaces a function or task of the human brain. #FH |
Artificial Intelligence | The science and engineering of making intelligent machines #John_McCarthy_1955 |
Artificial Intelligence (AI system) | An AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy. #OECD (OECD-Recommendation of the Council on Artificial Intelligence, 2019) #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Artificial Intelligence (AI) System | Engineered system that generates outputs such as content, predictions, recommendations or decisions for a given set of human-defined objectives (as for example, covered by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 22989 on AI concepts and terminology) #ref. ECE_CTCS_WP6_2024_11E.pdf |
Artificial Intelligence (Generative Artificial Intelligence) | An AI system which can produce a variety of data such as images, videos, 3-D models or audio files. These systems may be embedded into a device or be made available as a Software as a Service (SaaS). #ref. https://unece.org/sites/default/files/2024-06/ECE_CTCS_WP6_2024_11E.pdf |
At-Risk Protected Category | Any Protected Category or intersection of Protected Categories that is explicitly identified by law, identified during an Algorithm Risk Assessment or anticipated by an Ethics Committee to exhibit Disparate Impact, bias or restriction on rights and freedoms. #EU_AI_ACT |
#Auditor | |
Augmented Reality (AR) | Technology that superimposes a computer-generated image on a user's view of the real world, thus providing a composite view |
Authentic/ Authenticity | Worthy of acceptance or belief as conforming to or based on fact |
Automation Bias Curriculum | A body of learning designed to raise awareness of the Human-in-Command and other employees associated with the AAA System in regards to a general over-reliance of AAA Systems. The curriculum is designed to establish a healthy scepticism in regards to AAA Systems and to educate users when AAA Systems can be relied upon and when they should be overridden, stopped, or paused. The curriculum further encourages users to acquire knowledge and understanding of underlying assumptions, data inputs, risk mitigations, and Residual Risk associated with the AAA System. #EU_AI_ACT |
Automatic Threat Recognition (ATR) | ATR software interprets physical items or human body scan data, to identify areas where items may be concealed. These areas are flagged on a standardised display, to indicate to a security officer areas to perform a manual search. |
Automation | Robotics, cybernetics, machine or software that replaces a task previously performed by a human, generally for the purpose of increased efficiency, quality, or reduced cost. |
Automation Bias Curriculum | A body of learning designed to raise awareness of the Human-in-Command and other employees associated with the AAA System in regards to a general over-reliance of AAA Systems. The curriculum is designed to establish a healthy scepticism in regards to AAA Systems and to educate users when AAA Systems can be relied upon and when they should be overridden, stopped, or paused. The curriculum further encourages users to acquire knowledge and understanding of underlying assumptions, data inputs, risk mitigations, and Residual Risk associated with the AAA System. |
Autonomous System | Self-governing system, which operates without the need for human intervention from start to finish, except for pre-start inputs and design plus maintenance, recalibration, retasking and repair |
Autonomous System | Can independently plan and decide sequences of steps to achieve a specified goal without micro-management. A hospital delivery robot must autonomously navigate busy corridors to succeed in its task. In AI, autonomy doesn’t have the sense of being self-governing common in politics or biology #Stanford_University_Human_Centered_Artificial_Intelligence |
#B | |
Baseline Population Norm | Statistical expectations made by a reasonable person for the appropriate representation of the Protected Variables in a data training set with the defined Population Parameters |
B-Corp | (In the United States), a benefit corporation (or in several jurisdictions including Delaware, a public-benefit corporation or PBC) is a type of for-profit corporate entity, that includes positive impact on society, workers, the community and the environment in addition to profit as its legally defined goals, in that the definition of "best interest of the corporation" is specified to include those impacts. |
Bias | Systematic and repeatable errors in a computer system that create unfair outcomes, applied specifically to Protected Categories, Classes or Variable |
Bias Remediation Policy | A policy formed in accordance with Relevant Legal Frameworks, equality and anti-discrimination law that considers the scope, nature, context and purpose of the AI, algorithmic and autonomous system. Encompassing processes such as data inputs, architectural inputs and outcomes and taking note of the Data Quality, Information Quality and Pipeline Quality to identify: a) Metrics, thresholds and procedures designed to consider data prior to processing b) Metrics, threshold and procedures to examine architectural inputs for Bias c) Metrics, thresholds and procedure to examine outputs for fairness and compliance with Relevant Legal Framework d) Procedures for evaluation of Pipeline Quality, Human-in/on-the-Loop interfaces e) Procedure for evaluation of Cognitive and Non-Response Bias f) Frequency of review (a) thru (e) |
Biometric Data | Personal data resulting from specific technical processing relating to the physical, physio- logical or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data; |
Bullying | An intentional act that causes harm to others, and may involve verbal harassment, verbal or non-verbal threats, physical assault, stalking, or other methods of coercion such as manipulation, blackmail, or extortion. |
Business Continuity Plan (BCP) | Scheme that describes a system of prevention and recovery from potential threats to a company, ensuring that personnel and assets are protected and are able to function quickly in the event of a discontinuity, threat or disaster. The BCP is integrated with a Contingency plan and restoration prioritisation plan |
#C | |
cAIRE report | Comprehensive Artificial Intelligence Risk Evaluation report, comprising all risk inputs, risk mitigations and Residual Risks gathered from any of the following reports: Algorithm Risk Assessment, Systemic Societal Impact analysis, T&E At-Risk Report, Ethical Risk Assessment, and an AI Governance Assessment |
#Carer | |
Child-Friendly | To present information using diagrams, cartoons, graphics, video and audio content, and gamified or interactive content that will attract and interest Children, rather than relying solely on written communications |
Children's Core Interests | From the UNCRC (United Nation's Convention on the Rights of the Child) provisions, the Best Interests of the Child include but are not limited to safety, health, wellbeing, family relationships, physical, psychological and emotional development, identity, freedom of expression, privacy, and agency to form their own views |
Child's Data Oversight Committee (CDOC) | Group of employees (or outsourced expert group) tasked with reviewing all aspects of data collection, risk and procedures associated with data related to Children or Minors for the jurisdiction |
Chief Data Officer | Individual responsible for all data policies and compliance with data and privacy laws |
Child(ren) | Person, individual under the age of 13, Children is the plural (Source:COPPA) [Children, Minor #EU_AI_ACT] |
Code of Data Ethics | Set of guidelines, principles and procedures by which data is acquired, analyzed, processed, adjusted, compiled or otherwise sold, traded or shared with other entities |
Code of Ethics | A set of principles and rules concerning moral obligations and regards for the rights of humans and nature, which may be specified by a given profession or group |
Cognitive Bias | The way a particular person understands events, facts, and other people, which is based on their own particular set of beliefs and experiences and may not be reasonable or accurate |
Commissioning Documentation | Drawings and manuals covering the installation, operation and maintenance of a system that are provided to the person responsible for maintenance and operation of the system on the site |
Commissioning Tests | Tests to assess the functionality and performance of a system to ensure it is installed correctly and performs to the required specification |
Component Risk | Elements of construction, which may have their own points of failure, such as data pipeline, hardware, software, processors |
Concept Drift | The observation that the correlation between the inputs and the outputs of an AI system may change over time, including situations where training data labels change over time. |
Conditioning | Process of changing behavior by rewarding or punishing a subject each time an action is performed until the subject associates the action with pleasure or distress |
Connected Toys and Devices | Which are connected to the internet. They are physical products that are supported by the functionality provided through internet or network connection |
Consent | Consent to processing personal data is only lawful and effective if provided by a Child Who Cannot Consent/Child of the age of 13 years and above |
Consent Risk | Failure to assure a chain of custody or appropriate consent for the data processing being conducted |
Consent UK GDPR | Used as a lawful basis specified in Article 6(1)a of the UK GDPR. Meeting all requirements in that regulation, including enhanced requirements for Consent for Children in Article 8 UK GDPR and Consent for use of Special Category Data, supplemented by requirements in Article 9 |
(A Primary) Consideration | Something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child |
Context | The circumstances in which an event occurs; including jurisdiction and/or location, behaviour and functional inputs to an AAA System that are appropriate #EU_ACT |
Contingency Plan | A plan to make the system inaccessible and unavailable, or to continue processing, in the context of a security related event |
Controller | Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (but see section 6 of the 2018 Act); |
#D | |
Data Class/(Data Classification) | Group of data with common principles (to group data with common principles) |
Data Control Committee (DCC) | Group of three or more people, who are entrusted with the same responsibilities as the Chief Data Officer, in support of the Chief Data Officer or Data Protection Officer (DPO) |
Data Control Policy | Document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, plans for amendments, procedures for change and amendments |
Data Entry Point Attacks | Vulnerabilities and attacks associated with the data used for training and processing data, where the adversary manipulates the data in order to attack, alter or otherwise corrupt the intended purpose, scope and nature of the algorithmic system (e.g., data poisoning, model inversion, model evasion) |
Data Ethics | See Ethics section of the CDO/DPO/DCC |
Data Flow Diagram | Cartoon or graphic which visually represents all inputs for data collection and locations where data is captured in a database or may leave the system with export interfaces, including notation where processing effects individuals and consent has been granted. The Data Flow Diagram shall include a systematic description of the processing activity, including data flows and stages when AI process any automated decision that may produce effects on individuals. The Data Flow Diagram should also track the jurisdictional location of data and when those data flows move between entities and their relevant jurisdictions, including internal data flows. The Data Flow Diagram should be reviewed and maintained throughout the lifespan of the algorithmic system. |
Data Input Calibration | Process of examining training and processing data with respect to Population Parameters, Population Baseline Norms, cognitive bias, accessibility bias, Data Entry Point Attacks |
Data Minimisation | Limiting data collection to only what is required to fullfill a specific purpose. |
D&O | Directors and Officers insurance, liability insurance payable to the directors and officers of a company, or to the organization itself, as indemnification for losses or advancement of defense costs in the event an insured suffers such a loss as a result of a legal action brought for alleged wrongful acts in their capacity as directors and officers |
Data Poisoning | An adversarial attack targeted at training, testing/validation, Data Quality, Information Quality, Pipeline Data in an attempt to render the data useless or alter/damage the model’s ability to achieve its scope, nature, context and purpose potentially altering outputs in favour of the adversary. Intentional subversion of Data Quality |
Data Portability | Ability to move, copy or transfer data easily from one database, storage or IT environment to another. These same data copy/transfer rules apply between companies and/or services |
Data Protection Impact Assessment | Consistent with GDPR, it is a tool for examining the purpose of an algorithm, kinds of data required and collected, who has access to the data in your organization and any Service Providers who might have access |
Data Protection Officer (DPO) | Ensures, in an independent manner, that an organisation applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organisation are described in Articles 37, 38 and 39 of the European Union (EU) General Data Protection Regulation (GDPR). |
Data Protection Policy | Document produced by the entity, which details all corporate policies with regards to Personal Data and/or PII. Includes definitions, procedures, controls, plans for review, procedures for change, amendments, security and records management, retention policies, integrated with the Business Continuity Plan, Data Security Plan and Security Plan specific scope, nature, context and purpose while limiting accessibility and storage to only necessary persons for processing, including the regular Deletion and Destruction of unnecessary data, all integrated with the Business Continuity Plan, Data Security Plan and Security Plan |
Data Quality | The quality of data that makes it representative and aligned to the scope, nature, context and purpose of the intended use as applicable to an algorithm. Quality of data refers to data that is reasonably and sufficiently relevant, complete and free from errors in aggregation, annotation, maintenance, enrichment, ground truth constructive (inference or proxy or causative), correct syntax, sampling and training-test split as appropriate to the specific domain and/or industry context from reasonably calibrated sources |
Data Security Policy | Process of protecting files, databases, and accounts on a network by adopting a set of controls, applications, and techniques that identify the relative importance of different datasets, their sensitivity, regulatory compliance requirements and then applying appropriate protections to secure those resources. |
Data Subject | Means an identifiable natural person who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person |
Data Subject Access Requests (DSAR) | A process that is transparent, concise, intelligible and easily accessed using clear and plain language in written or where appropriate in electronic form, to handle requests to exercise one or more of the Data Subject rights detailed in UK GDPR articles 15 to 22, including the right of access, right to rectification, right to erasure, right to restriction of processing, the notification obligation, right to portability and right to object. |
Data Transparency Document | A public report created by the Algorithm Risk Committee designed to collect and document Publicly all relevant steps taken by the Ethics Committee and the Algorithm Risk Committee to mitigate risk of Bias, Data Quality, Information Quality and Pipeline Quality in data sets both prior to processing |
De-Anonymization | The practice of willfully processing aggregate anonymized data for the purposes of re-identifying individual persons specifically regardless of the rationale or merit. De-Anonymizations does not include security tests which are designed with the knowledge of the owner and anonymizer of the aggregate data to verify the quality and security of the anonymization process |
Deletion | (Delete) In the context of data, is when data is removed and is no longer available in plain sight or can easily be recovered |
Destruction | (Destroy) In the context of data, is when data is removed from your device and can never be restored, even be professional data recovery experts |
Digital | characterized by electronic and especially computerized technology |
Disability Inclusion and Accessibility Awareness Curriculum | A body of learning designed for all employees associated with AAA Systems to raise their awareness of the value of inclusion and accessibility, especially in regards to Persons with Disabilities, The learning objectives are meant to be tailored to the organisations preferred method for handling accommodations and for employees to raise concerns or ask questions about ways to improve inclusion and accessibility. #EU_AI_ACT |
Disabled Person | Person who has an impairment that substantially limits one or more major life activites |
Disabled Person(s)/ People with Disabilities (EU) | Include those who have long-term physical, mental, intellectual or sensory impairments which in interaction with various barriers may hinder their full and effective participation in society on an equal basis with others |
#Disaster Recovery | |
Disparate Impact | A legal doctrine which declares that a policy can be considered discriminatory if it “adversely impacts” a group based on that group’s traits, such as its race, color, religion, or sex. |
Distributor | Any natural or legal person in the supply chain, other than the provider or the importer, that makes an AI system available on the Union market without affecting its properties #EU_AI_ACT |
Diverse Inputs and Multi Stakeholder Feedback | As accepted by the Ethics Committee in compliance with the Code of Ethics and/or a diversity policy, it is a collection of individuals noteworthy by their myriad representation of lived experience, background, and culture, diversity of thought process, skills and expertise, and representation of protected categories and intersection thereof. This group is used for risk inputs, risk evaluation, assessment of foreseen misuse and this evaluation occurs throughout the algorithmic lifecycle from design to decommissioning (captured in an Algorithm Risk Assessment) |
#E | |
Emotional AI | One of the more recently emerging domains of artificial intelligence (AI), which is also referred to as emotion AI or affective computing. It largely covers the ability of computational systems and machines to study, analyze, and interpret humans via mostly nonverbal features such as gestures, facial expressions, body language, as well as other factors including human voice to establish and determine humans’ emotional states. Naturally, this is one of the more controversial areas of AI and consequently subject to greater scrutiny by AI Ethicists. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Employment Impact Assessment | Analysis, prepared by a reputable third party, which examines the projected job losses from an increase in automation |
Entry Breach Protocol | Procedure detailing the required physical human response to entry breach events, malicious and otherwise |
Escorted | Act of an employee or group of employees accompanying a visitor for guidance and protection of valuable or sensitive assets |
Ethical Choice | Awareness of a set of options to be made In the context of automated and intelligent systems, using a set of principles and rules concerning moral obligations and regards for the rights of humans and for nature, which may be specified by a given profession or group. The result, outcome or judgment is made using a shared moral framework. or set of moral principles based upon the entity’s Code of Ethics |
Ethical Choice Curriculum | Body of learning designed to raise awareness of instances of Ethical Choice for designers, developers, governance and oversight teams involved in the creation of AI, algorithmic and autonomous systems. The curriculum raises awareness of instances of Ethical Choice as well as the organisation’s preferred procedure for handling the instance of Ethical Choice. |
Ethical Risk Assessment | The documentation of the analyses and subsequent conclusions of all instances of Ethical Choice, softlaw, application of Code of Ethics and Code of Data Ethics principles and shared moral frameworks across the lifecycle of the AAA Systems (e.g., Necessity Assessment, Proportionality Study, representativeness, Key Performance Indicators) shared Publicly. #EU_AI_ACT |
Ethics Committee | A group of persons trained in Algorithm Ethics and Ethical Choice, guided by the Code of Ethics and Code of Data Ethics, which they create and maintain on behalf of the organisation. The Ethics Committee is responsible for all instance of Ethical Choice related to AI, algorithmic and autonomous systems and producing the Ethical Risk Analysis |
Ethics Curriculum | Body of work highlighted for teaching the nuance and process for including ethics and ethical thinking into the design and implementation of autonomous systems - SEE CURRICULUM TAB |
#Explainability | |
Explainability plus | A human-centric process by which a Data Subject or user is helped to understand the decision making process and educated on how they could have earned a favourable result from the system, in order to improve their interaction, their outcome or their satisfaction |
External Contacts | Person or organization that is not an employee or retained contractor of the entity |
#F | |
Fail Safe | Locking device that unlocks the entry portal if power fails and requires the continuous application of power to stay locked. |
Fail Secure | Locking device that locks the entry portal if power fails and requires the application of power to unlock the door |
Field of Vision | Data input from an Augmented Reality system which is provided by the user as a function of their reality, location, activities and interactions, treated as a user generated data input |
#G | |
GDPR | General Data Protection Regulation, passed by the EU and put into effect in 2018, governs certain rights and principles around personal data for individuals GDPR.EU |
Genetic Data | Means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; |
Geolocation | Process of finding, determining and providing the exact location of a computer, networking device or equipment |
Governance | Structure of rules, practices, and processes used to direct, manage and oversee an entity |
Guardian | Person of legal age and ability who can act on behalf of a Child, Child Who Cannot Consent, or Disabled person |
#H | |
Hate Speech | Abusive language specifically attacking a person or persons because of their race, color, religion, ethnic group, gender, or sexual orientation |
Human-in-the-loop | Any model that is unable to offer an answer or conclude processing without human intervention |
Human-on-the-loop | Human supervision and/or control of AI, algorithmic or autonomous systems, however the system is able to conclude processing without the need for human intervention |
#K | |
Key Performance Indicators (KPIs) | Measurements indicated in advance to determine the success or failure of an algorithmic model to achieve its purposes |
Key Words | Natural language words, spoken or typed, which may be read by a system and trigger a recording protocol or flagging protocol |
#J | |
Joint Risk Assessment | Specific risk assessment using DPIAs and all relevant risk inputs to determine incompatibilities, gaps or insufficiencies that arise from duty designations, interfaces and the collective responsibilities of data protection to Data Subject |
Jurisdiction | Geographic area containing a defined legal authority |
#I | |
ICO’s Target Age Range Guide | 0-5: Pre-literate and early literacy, 6-9 core primary school years, 10-12 transition years, 13-15 early teens, 16-17 approaching adulthood |
Identity and Access Management (IAM) | framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared. |
Importer | Any natural or legal person physically present or established in the Union who has received and accepted a written mandate from the Provider of an AI system to, respectively, perform and carry out on its behalf the obligations and procedures established by this Regulation; #EU_AI_ACT |
Independent Governance | Independent means not influenced or controlled by others in matters of opinion, conduct, etc.; thinking or acting for oneself. Members of the governance body must not be affiliated with the entity providing the tracing systems. Further, if the government is the implementing authority, the independent panel shall represent the people and have the means to be transparent, hear from and interact with the people of the Jurisdiction. Governance means supervision; watchful care and the authority to call for change |
Inference | Assumption or conclusion reached by a data processing algorithm, which may not be treated as fact and shall be labelled as such. |
Information & Communication Technologies (ICT) | All technologies and services involved in computing, data management, telecommunications provision, and the internet. |
Information Quality | The quality of the content of AI, algorithm or autonomous systems that is representative of the fitness for use (scope, nature, context and purpose). It refers to accuracy of data in representing ground truth and relevance of the data for the slated scope, nature, context and purpose |
Intelligence | Might be defined as the ability to learn and perform suitable techniques to solve problems and achieve goals, appropriate to the context in an uncertain, ever-varying world. A fully pre-programmed factory robot is flexible, accurate, and consistent but not intelligent. #Stanford_University_Human_Centered_Artificial_Intelligence |
Intruder Detection | Process of detecting unauthorized access to a Physical Space, for example jumping a barrier, forcing open a gate, or tailgating through an open gate |
#L | |
#M | |
Membership Inference | Data mining technique designed to analyzing data in order to uncover Personal Data, Sensitive Personal Data or PII |
Min/Max Pair | Determined by the Ethics Committee, this is lowest reasonable Baseline Population Norm combined with the greatest reasonable Baseline Population Norm |
Minor | A person, who has not reached the legislated age of majority for the jurisdiction of their residence (see also Underaged, Child for distinction) |
Model Inversion | the process of reverse-engineering Personal Data via the understanding and replication of the algorithmic system and the output |
#N | |
#Natural Person | |
Nature | The forces and processes that influence and control the variables and features. #EU_AI_ACT |
Necessity Assessment | The determination by an Ethics Committee that AI, algorithmic and autonomous systems are the only or best solution considering a comprehensive set of stakeholders in the context of the lawful basis. Including an analysis and determination of the vital inclusion of each Personal Datum collected and processed by AI, algorithmic and Autonomous system. |
Need to know basis | Granting of access or permission to information only at the time the Data Subject is deemed by the entity to need to access this information |
Network Provider | Entity which delivers the signal between a device and the database, or the database and the Contact Tracer |
Neuroethics | An interdisciplinary field devoted to the study of the ethical, legal, policy, and social implications of advances in neuroscience and their impact on people and society. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Neuroprivacy | A neuroethical concept of privacy concerns pertaining to neural information that is obtained through imaging or diagnostic technologies and the use of the information in legal and societal contexts. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Non-Response Bias | Systematic exclusion of a Protected Category group related to that group's inability or reluctance to participate in the gathering of data |
Nudge and Deceptive Pattern Awareness Curriculum | Body of learning designed to raise awareness of Nudges or Nudge techniques for designers, developers, data scientists, governance and oversight teams involved in the creation of an ISS. The curriculum is a set of learning objectives that educate and empower learners to identify Nudges, determine the nature of the Nudge as detrimental or beneficial, and guide design accordingly |
Nudging | concept in behavioral economics, political theory, and behavioral sciences which proposes positive reinforcement and indirect suggestions as ways to influence the behavior and decision making of groups or individuals. |
#O | |
Online Service | A service that is accessible by a Child through the internet |
Opt-In | having the characteristic of individual choice free from coercion or persuasion |
Opt-In Diagram | Cartoon or simplified visual representation of the interfaces with an entity that is contributing data to a system with an explanation of choice and disclosure at the interface |
Opt Out or Opts-out | Having the characteristic of individual choice, free from coercion to leave a service or data collection process |
#P | |
#Parent | |
Parental Controls | features which may be included in systems (such as digital television services, computer and video games, mobile devices and software) that allow parents to restrict the access of content to their children. These controls were created to assist parents in their ability to restrict certain content viewable by their children |
Penetration Testing | testing technique aiming to exploit security vulnerabilities (known or unknown) to gain unauthorised access |
Personal Data | any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. Personal Data may be a collective term encompassing specialised terms such as Inferences, Proxy Variables, and Special Category Data |
Personally Identifiable Information (PII) | Representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means |
Population Parameters | realized statistical properties of a dataset with respect to Protected Category Variables. |
Pragmatics Neuroethics | A practical, solution-oriented approach to neuroethical inquiry that privileges empirical analyses over a priori moral principles and emphasizes real worldcircumstances, pluralism, and multidirectional, inclusive deliberations. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Preferential Treatment | output where a reasonable person can argue that one Data Subject is offered better or improved circumstances, prices, economic benefits or measurable advantage over another Data Subject |
Primary Consideration | something to be treated with equal importance as shareholder value and/or other inherent interests of the organisation when weighing or balancing tensions and Trade-offs. This shall not prejudice the rights of another Child |
Privacy Policy | the notification regarding details of data processing to data subjects according to the requirement for Transparency in Article 5(1)a of the UK GDPR and specific requirements in Articles 13.1 and 13.2 and 14.1 and 14.2. Inclusions differ depending on whether personal data is obtained directly or indirectly from Data Subjects and additional details are needed when processing involves joint controllers (Article 26). |
Processing | means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements |
Processor | a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; processes means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or Destruction |
Product and/or services with embedded AI or other digital technologies | A product and/or service with an embedded, upgradeable (remotely, offline or by other means) AI system or with integrated, upgradeable software or with a combination of both, that operates with varying levels of autonomy and directs its operation and can make decisions influencing physical or virtual environments in a way that is generally intended to further human-defined objectives. #ref. https://unece.org/sites/default/files/2024-06/ECE_CTCS_WP6_2024_11E.pdf |
Profile Re-engage | A user interface that allows the User to reapply their Profile to the AAA System after a period of Profiling Decline or Profiling Reset #EU_AI_ACT |
Profile Reset | A user interface that allows the User to zero-out or completely reset the Profile created by the Provider of the system for the Users interface with the AAA System #EU_AI_ACT |
Profiling | Means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements |
Profiling Decline | A user interface that allows the User to opt out of recommendation engines or other content moderation through the use of Profiling #EU_AI_ACT |
Profiling Re-engage | A user interface that allows the User to reapply their Profile to the AAA System after a period of Profiling Decline or Profiling Reset #EU_ACT |
Profiling Reset | A user interface that allows the User to zero-out or completely reset the Profile created by the Provider of the system for the Users interface with the AAA System #EU_ACT |
Proportionality Study | Conducted prior to a DPIA, it is a study conducted by the Algorithm Risk Committee to assess tensions and tradeoffs between risks to and sacrifices of, rights and freedoms of individuals or groups balanced against the potential benefits and gains to an individual or group in the context of the Relevant Legal Frameworks |
Protected Classes/Categories | Defined by jurisdiction legally, may include race, age, gender, religion, ability/disability, sexual orientation, color, nation of origin, socioeconomic class etc. |
Protected Variables | Data item, that can be directly or indirectly connected to one of the protected categories of people groups, such as Ethnicity, Gender, Age, Ability, Religion, Sexual Orientation |
Proxy Variables | The use of second order variables combined with Inferences, designed to associate a Data Subject with Personal Data |
Provider | Any natural or legal person, public authority, agency or other body that develops an AI System or that has an AI System developed and places that system on the market or puts it into service under its own name or trademark, whether for payment or free of charge |
Pseudonymisation | means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person |
Publicly | open to all; open to common use. not limited or restricted to any particular class of the community. |
Purpose | The aim or goal of a system #EU_ACT |
#R | |
#Restoration Prioritisation Plan | |
Recommendation Systems | Information filtering system that seeks to predict the "rating" or "preference" a user would give to an item to provide preferential ordering and/or appearance |
Relevant Legal Frameworks | Can contain a broad range of applicable law such as the laws that govern an entity or organisation, that govern the rights and privileges of a Data Subject, that restrict the activities and behaviors of a Data Controller or Data Processor, or put positive obligations upon an entity Note: These include consideration for human rights, equalities and anti-discrimination law, access to goods and services (having due regard to who is included/excluded from such goods and services), Children's law and laws with regard to the platform and/or laws with regard to the sector in and through which the AI (and data processing) is being provided, amongst other risks law, as it applies to Data Subjects, specific to the Jurisdiction of Data Subject being included in the data processing for the audit or certification. |
Reliability | The extent to which the results can be reproduced when the research is repeated under the same conditions. |
Residual Risk Schedule | Consolidation of the residual risks from all the reports along with the treatment plan and specific impact assessments #cAire_Report |
Risk and Control Log | Consolidation of risks and mapped mitigating controls for risks where appropriate mitigations exist #cAIRE_Report |
#S | |
Scope | The boundaries of a system, what is covered, what is not covered #EU_ACT |
Security Clearance | status granted to individuals allowing them access to classified information (state or organizational secrets) or to restricted areas, after completion of a thorough background check. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. Jurisdictional differences in terminology and levels apply. |
Security Policy | document outlining how to protect the organisation from threats, including technical, organisational and/or socially engineered security threats, and how to handle situations when they do occur |
Sensitive Personal Data | data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. (SOURCE:GDPR) |
Service Provider | Third-party contracted provider who is supplying critical infrastructure and services to the entity |
Social Network | An online service or site through which people create and maintain interpersonal relationships. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Social Responsibility | Practice of producing goods and services in a way that is not harmful to employees, society or the environment |
Socially aligned network | An online service or site or gaming suite or virtual-/augmented-/extended-reality (VR/AR/XR) or metaverse or similar technological ecosystem through which people communicate, create, date, compete, and/or challenge each other. In addition, they use socially aligned network(s) also to establish and maintain relationships that are based on either their real or fabricated online identities and their aligned or mis-aligned common interests. Although they may overlap with the more traditional social networks, membership and activities are more characterized by an align- ment of participants’ common interests and less focus on interpersonal rapport. #Emotional AI: Neuroethics and Socially aligned networks Markus Krebsz - Divya Dwivedi |
Special Category Data | Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, Biometric Data, data concerning health or data concerning a natural person's sex life or sexual orientation #UK GDPR |
Specific Children's Risk | A set of risks designated as terms, phrases or definitions designed by a local jurisdiction to indicate special concerns related to the data control or data process of children's data |
#Sustantial Public Interest | |
Surveillance | Event or time period during which the activities of a particular individual are observed or documented |
Sustainability | Managing an entity's activity so that society, its members and its economies are able to meet their needs and express their greatest potential in the present, while preserving biodiversity and natural ecosystems, planning and acting for the ability to maintain these ideals for future generations |
System Drawings | Diagrams and schedules to show all the information necessary so that the system can be safely operated, maintained, inspected and tested, as far as is reasonably practicable. The drawings should be fully crossreferenced and co-ordinated with the Data Flow Diagram and operation and maintenance manual. |
#T | |
#Tension and trade offs | |
Testing Frequency | The rate at which an algorithm has its output compared to acceptable parameters of operation |
Threat and Risk (Emergent & Horizon scanning) | List of emergent risks identified based on horizon scanning (including industry, domain, technology etc) #cAire_Report |
Time zoning | Time periods when an entry system system will allow or disallow entry/exit. Time zoning can be used to simply prevent entry or can generate alarms in the event that a user is within a secured area outside a permitted time. For example time zoning may allow for cleaners to enter between 2000-2400, with access only to non-sensitive areas. |
Traceability | The ability to trace a data right back to its origin through documentation, including a chain-of-custody (“paper trail,” physical or otherwise) for data provenance that chronologically records the ownership, viewing, analysis, and transformations of a data record or data sources |
Toxic Combination | Conflict of system access permissions that allows a user to break the law, violate rules of ethics, damage customers' trust, or even create the appearance of impropriety |
Training Data | A subset of testing/validation data to which algorithms are applied seeking the best fit to train a model |
Triple Bottom Line | The triple bottom line (TBL) is a framework or theory that recommends that companies commit to focus on social and environmental concerns just as they do on profits. |
#U | |
Underaged | An individual who has not reached a minimum age as defined by corporate policy and requiring a guardian consent (see also Minor, Child for distinction) |
User (EU) | Any natural or legal person, including a public authority, agency or other body under whose authority the system is used |
#V | |
Validity | The extent to which the results really measure what they are supposed to measure presently and as time passes |
Validity Test | refers to how an algorithmic model is tested; to measure how well the test measures real properties, characteristics, and variations in the physical or social world |
Verifiable Parental Consent | Required under COPPA to make sure parents know what information is shared with who; approved methods can be found on the FTC's website |
Virtual Reality (VR) | Computer-generated simulation of a three-dimensional image or environment that can be interacted with in a seemingly real or physical way by a person using special electronic equipment, such as a helmet with a screen inside or gloves fitted with sensors. |
Vulnerable Populations (People in vulnerable situations) | Persons who often experience exclusion, insufficient accessibility resulting from geopolitical, social, socioeconomic, and cultural inequitable power distribution including but not limited to: children, persons with disabilities, ethnic minorities, and people made vulnerable by an imbalance of power in relation to knowledge, economic or social circumstances, or age. #EU_ACT |
Welcome Package | Documents that are provided to a new hire upon either the acceptance of an offer or accompanying the offer which explain the details of the relationships between the employer and employee |