Data is the phenomenon of our time. It is the world’s new natural resource, growing exponentially not only in quantity but more importantly in form. Every action and interaction, every decision and relationship, every event occurring in any of the world’s complex systems, natural and human-made, is now being expressed as data.
Read the introduction
To extract the profound insight, business value and societal potential in these flows of data, we require artificial intelligence – specifically, AI that can make sense of data from every source and in every form: structured data from transactional systems like e-commerce, financial markets and supply chains; natural language data like social media; data in the form of images and video; and data from Internet of Things sensors.
Through the pervasive instrumentation of everything, combined with networks of increasing speed and capacity, the world’s activities and processes are becoming real-time. This will increasingly require systems that learn, predict, make recommendations and aid decision-making with confidence. And that will enable the transformation of business and society, the solution of previously intractable challenges, lives that are healthier, opportunities that are more varied, and homes and cities that are safer, fairer and more vibrant.
This profound shift is compelling enterprises and institutions of all kinds to adopt new technology and business architectures, based on artificial intelligence and cloud; and new business processes, skills and forms of engagement. At IBM, we call this the cognitive enterprise.
But to realize this enormous promise and ensure the success of these new platforms, businesses, governments and all of civil society must address significant societal and policy implications. In the rush to harness the potential from data, we must not lose sight of basic expectations that individuals, enterprises and communities rightly have regarding security, trust, privacy, jobs, skills – and, increasingly, the data they own or that is collected from them.
In January 2017, IBM Chairman Ginni Rometty issued an initial set of Principles for the Cognitive Era, describing IBM’s commitments regarding the purpose of our cognitive systems; the transparency we will bring to its use; and the commitment we have made to help current and future generations develop the skills required to succeed in this new world.
But even before the deployment of AI, we believe that organizations that collect, store, manage or process data have an obligation to handle it responsibly. That belief – embodied in our century-long commitment to trust and responsibility in all relationships – is why the world’s largest enterprises trust IBM as a steward of their most valuable data. We take that trust seriously and earn it every day by following these responsible beliefs and practices:
1. DATA OWNERSHIP AND PRIVACY
A world being reshaped by the phenomenon of data requires clarity around the principles and rules of the road to ensure that the rights of those who own it and use it are protected. We have defined the following key areas of policy to ensure that trust for our clients and communities.
Read more about Data Ownership
- Clients are not required to relinquish rights to their data to have the benefits of IBM’s Watson solutions and services.
- We believe the unique insights derived from clients’ data are their competitive advantage, and we will not share them without their agreement.
- IBM client agreements are transparent. We will not use client data unless they agree to such use and we will limit that use to the specific purposes clearly described in the agreement.
- IBM employs industry-leading security practices to safeguard data. This includes use of encryption, access control methodologies, and proprietary consent management modules which allow us to restrict access to authorized users and to de-identify data in accordance with applicable permissions.
Read more about Data Privacy
- While there is no single approach to privacy, IBM complies with the data privacy laws in all countries and territories in which we operate.
- IBM was an early leader in developing and adopting the European Union (EU) Data Protection Code of Conduct for Cloud Service Providers for several offerings, securing certification under the U.S.-EU Privacy Shield and the APEC Cross-Border Privacy Rules, and will be fully compliant with the EU’s General Data Protection Regulation.
- IBM will advocate for strong and innovative means to enhance privacy and data protection, and will continue to invest in privacy-enhancing technologies.
- IBM supports global cooperation to facilitate mutual recognition of privacy regimes to enhance and facilitate cross-border data flows.
2. DATA FLOWS AND ACCESS
IBM is fully committed to protecting the privacy of data, which is fundamental in a data-driven society.
Read more about Cross-Border Data Flows
- IBM supports digital trade agreements that enable and facilitate the cross-border flow of data and that limit data localization requirements.
- We believe clients, not governments, should determine where their data is stored and how it is processed. Mandating that data be kept or processed within national boundaries does not make it safer from hackers or cyber criminals.
- IBM is making significant investments in cloud data centers around the world to give clients the flexibility to decide where to store and process their data. These decisions generally should be driven by client choice rather than government mandate.
Read more about Government Access to Data
- IBM has not provided client data to any government agency under any surveillance program involving bulk collection of content or metadata.
- In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client.
- We do not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).
- If we receive a request for enterprise client data that does not follow processes in accordance with local law, we will take appropriate steps to challenge the request through judicial action or other means.
- If we receive a government request for enterprise client data that includes a gag order prohibiting us from notifying that client, we will take appropriate steps to challenge the gag order through judicial action or other means.
- We will continue to work closely with governments and clients to balance the protection of data with law enforcement’s obligation to conduct lawful investigations of criminal activity.
- IBM supports measures to increase the transparency, oversight and appropriate judicial review of government requests for data, including modernized international agreements on legal assistance.
3. DATA SECURITY AND TRUST
As a global leader in enterprise security, IBM has a unique perspective on the rapidly growing threats of an increasingly open marketplace and public sphere. We are devoting our powerful engines of technology innovation to create the tools to protect our clients and global trade – from AI to blockchain. And we are drawing on our global array of trusted relationships to convene business, government, academia and all of civil society to address our collective need, while striking the crucial balance among security, privacy and freedom.
Read more about Encryption
IBM opposes any effort to weaken or limit the effectiveness of commercial encryption technologies that are essential to modern business.
- IBM does not put ‘backdoors’ in its products for any government agency, nor do we provide source code or encryption keys to any government agency for the purpose of accessing client data.
- In response to the global data breach epidemic, IBM will continue to develop new technologies to enhance the protection of our clients’ data and transactions, which are the foundation of the worldwide digital economy.
- IBM supports the use of internationally-accepted encryption standards and algorithms, rather than those mandated by individual governments.
Read more about Cybersecurity
IBM employs industry-leading security practices and technologies to safeguard data, and is at the forefront of applying artificial intelligence capabilities to stay one step ahead of emerging digital threats.
- IBM believes in public-private partnerships to raise cybersecurity awareness and tackle current and future threats to data security. The most effective approach involves voluntary, industry best practices and flexible risk management, such as the NIST Cybersecurity Framework.
- IBM also supports voluntary, real-time sharing of actionable cyber threat information between government, business and academia to collaboratively prevent and mitigate attacks.
- We believe that securing the Internet of Things – including all data, communications and processing associated with those systems – can only be achieved if their designs put data security and privacy first.
4. DATA AND ARTIFICIAL INTELLIGENCE
From our long history of pioneering AI technology and the work we are doing to help our clients apply it around the world, we have learned that these capabilities – which are better understood as “augmentation” than “artificial” – represent a positive and transformative force for businesses, institutions, governments and individuals. We have also learned that they must be developed in thoughtful and responsible ways.
Read more about Data and AI
- The value in AI lies in human augmentation, not replacement. AI systems will not become conscious or sentient beings; rather, they will be integrated into the world’s processes, systems and interactions. Artificial intelligence cannot and will not replace human decision-making, judgment, intuition or ethical choices.
- IBM supports transparency and data governance policies that will ensure people understand how an AI system came to a given conclusion or recommendation. Companies must be able to explain what went into their algorithm’s recommendations. If they can’t, then their systems shouldn’t be on the market.
- As society debates the implications of AI systems, IBM does not believe in taxing automation or penalizing innovation. Rather, IBM will work with policymakers and clients to prepare the workforce with the skills needed to work effectively in partnership with AI systems.
5. DATA SKILLS AND NEW COLLAR JOBS
IBM is leading efforts to ensure workers worldwide are prepared for technological and business shifts that are changing the way work gets done, and that are driving productivity, economic growth and job creation. We are working with policymakers to modernize education systems to emphasize in-demand skills rather than specific degrees. Preparing more students and workers for careers in well-paying new collar jobs will help ensure that more workers have an opportunity to benefit from technology-driven economic growth.
Read more about New Collar Jobs
IBM encourages governments to:
- Better align education with in-demand skills and competencies;
- Support business investment in retraining employees; and
- Encourage individuals to invest in skills for career advancement.
The data economy is evolving rapidly, and new technologies are changing the way we live and work – and so these views on data responsibility will continue to evolve. By offering this comprehensive view of our principles and practices, we aim to spark dialogue across all sectors of society. And we will continue to earn the trust of our clients and the communities in which we work in moving, storing, managing, analyzing and learning from the data that powers the modern world, and the new capabilities – in both technology and business – that offer so much promise for turning it into economic value and societal progress.