Technological innovation has begun to change our lives rapidly. Especially the development in robotic technology will be felt in our social life in the near future. Robots, which are used extensively in the industrial field, have now started to support the service sector. For example, Pal Robotics, an important company in the production of humanoid robots, exhibited the Stockbot, which wandered inside the stores to check products at night, at fairs.
Autonomous vehicles of Oppent, one of the important technology companies, carry laundry or waste materials in hospitals, Motoman robot of Yaskawa company with a history of 100 years prepares laboratory samples, Bristol-based OC Robotics robots with snakes to inspect dangerous points such as nuclear power plants or inside aircraft wings. produces.
Safety requirements are also changing and becoming more complex due to the expansion of functions and the working environments of service robots. For example, the use of a robot that can connect to the internet inside the house paves the way for the interior of the house to be displayed. They can record all the information about your life, from what time you come home to who you meet. In this way, the way is cleared for users to access their personal data.
In addition, malicious people who can access the robot thanks to the internet connection can also access many other personal information of the host. In this respect, data security should be at the forefront in machines for consumers. At present, there is no clear clarity on who will belong to the collected data, which biometric data or which data is collected by the sensor, how much data is collected, and how these data will be used.
In terms of robots, there is no direct regulation that can be applied to this issue in legal terms. When looking at the regulations and practices of the European Union, these can give ideas for a solution to these problems. According to the EU's 2002/58 / EC Directive, when there are certain risks such as malware attack in general, people should be informed by the service provider and the confidentiality of their information should be ensured. Here, the obligations of the service provider should be determined in order to protect the fundamental rights and freedoms of the people.
However, when it comes to data recorded by a robot with artificial intelligence, determining the data controller and the data processor poses an important problem. In terms of KVKK, the data controller is defined as directly related real person or legal person, not any representative, responsible person. For example, a joint stock company itself is the data controller as a legal entity within the meaning of this law. The data processor is the natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller. Although it is determined as a real person or legal person in the law, it will be necessary to redefine the concepts of data controller and data processing in terms of personal data processed by an artificial intelligence robot that can make and implement decisions on its own.
Although the laws regulated on this subject bring exceptions, personal data cannot be processed without the consent of the person concerned. We may not realize exactly what our information is accessed by the robots used in the social service sector or in our home through cameras and internet connection. Personal data collected by these robots should not be used beyond its intended purpose. Again, in the Directive 2009/136 / EC of the EU, it is stated that in case of personal data breach, the service provider should notify the persons to take the necessary measures, and this notification should include recommendations to the relevant person as well as the measures taken to eliminate the violation.
In the KVKK regulation, the data controller is obliged to take all necessary technical and administrative measures to prevent the unlawful processing and access of personal data and to ensure the appropriate level of security in order to preserve personal data. As stated above, in terms of robotic technology used here, the concept of data controller should be enlightened in terms of software developer and manufacturer.
Personal data should not be transferred without the express consent of the person concerned. However, with the application of cloud technology to robots, there is a greater risk in terms of privacy and security of data. The transfer of data between robots via the internet increases the risk of personal data being transferred. At this point, measures such as preventing unauthorized access and distribution of malicious code should be taken to ensure the security of personal data. When we look at the improvement in the Regulation numbered EU 2016/679, it is emphasized to pay attention to the risks caused by personal data processing due to material or intangible damages that may occur while evaluating data security. In the KVKK, the explicit consent of the relevant person is sought for the transfer of personal data to third parties. However, determining what information a robot records, which third parties and when it transmits this data, and then the responsibility for the damage that may occur creates a great uncertainty at the moment.
Another point worth mentioning is whether individuals can consent in advance to the collection and transfer of their data. We may not want the chip in the robot, which we know will record some data, to be active. Here we come across a new right "the right to disable the chip". This is an opt-out procedure. The chip is initially active, the user can then deactivate the chip. Another method is opt-in. Here, the chip is initially inactive, the user decides whether to activate it or not.
The processing of personal data of previously placed chips or plug-ins without express consent, without the user's knowledge, should also be sanctioned. In addition, persons should have the right to request the deletion of data properly processed by the robot, in return for the right to be forgotten. The data that requires processing can be anonymized either personally or upon the request of the person concerned. However, since the robots used in homes can record the most sensitive information about private life, it does not seem possible to anonymize this data.
In general, we can say that the artificial intelligence robot technology is still in the development stage. In this area, there is no clarity on how the collected data of individuals will be used and how their privacy and security will be ensured. Considering the KVKK and the relevant regulation, although the principles to be followed in the processing of personal data, the conditions of data processing, deletion, destruction and anonymization, transfer, informing individuals and obligations, the confidentiality of users' information and the EU on general data protection regulations are needed to ensure compliance.
At this stage, although solutions to the problems brought by robotic technology can be solved through the interpretation of existing regulations, in the future, special regulations will need to be made in which standards for artificial intelligence robots are set.