On June 10, Prof. Alessandro Mantelero, Jean Monnet Chair in Mediterranean Digital Societies and Law, spoke at the Brazilian Senate-Jurists Commission to support the preparation of the Brazilian regulatory framework for AI.
He highlighted the importance of adopting a rights-based approach in risk management, which is preferable to the risk/benefit approach, and pointed out that both the EU Artificial Intelligence Act and the US American Data Privacy and Protection Act, currently under discussion, have proposed some limitations to Human Rights Impact Assessment (HRIA) in AI due to the industrial strategies for AI in these countries.
Prof. Mantelero also stressed that HRIA for AI is not an expanded Data Protection Impact Assessment (DPIA) and that regulatory emphasis on quantifiable risk thresholds requires a methodological approach to HRIA in AI. He suggested an expert-based and participatory HRIA for AI, in line with the proposal described in his recent book Beyond Data: Human Rights, Ethical and Social Impact Assessment in AI. Finally, he criticised the emphasis on standardization, pointing out that standards are appropriate tools for recurring and similar processes, while HRIA in AI requires a context-based approach and deals with a variety of different situations.
Looking to the future Brazilian regulation on AI, Prof. Mantelero recommended four key elements to be set out in the law: (i) a clear definition of the nature and scope of risk assessment; (ii) the parameters relevant to HRIA; (iii) a clear description of the roles of AI manufactures and users in HRIA; (iv) the implementation of specific requirements on transparency, participation, and accountability.
On the contrary, he suggested leaving the models for HRIA to best practices, guidelines, and soft law. In this vein, based on the experience with Privacy Impact Assessment, DPIA, and HRIA, he stressed the need for an open, flexible, and case-specific approach rather than long, complex, standardised templates consisting of tick-box exercises.