The Tour d’ Horizon of Data Law Implications of Digital Twins
remnants in historical data may manifest in AI-driven decisions, perpetuating inequities. 51 In addition, there may be scenarios where doctors do not act independently— such as prescribing specific medications due to external influences like pharmaceutical guidelines or institutional policies— yet these prescriptions are recorded as data for training AI systems. Such data, reflecting constrained or non-autonomous decision-making, can inadvertently introduce biases into AI models, potentially leading to skewed or suboptimal recommendations.
From a privacy context, it becomes relevant to ensure that the fidelity of data is safeguarded from unauthorized access or modifications at all stages, which may compromise the integrity of the data used in the DT.
Network DTs of energy grids are used to prevent forest fires, and if such a DT is subject to inaccurate data, it may result in inaccurate analysis. Such analysis could be counterproductive and may not prevent forest fires. Similarly, in Manufacturing, an inaccurate outcome may harm the operational efficiency of the manufacturing process and in remote situations, the output may be defective which may have a ripple effect on consumers and human life.
4.6.2 IMPACT
Data protection and privacy laws impose an obligation on the Data Controller( and Data Processors in some cases) to ensure that the personal information of the Data Subject collected is accurate. For instance, Australia mandates that the personal information collected is“ accurate, up-to-date and complete,” and since the Australian law does not distinguish between a Data Processor and a Data Controller, this obligation would be applicable to any entity that collects and / or processes personal data of a Data Subject. 52
On the other hand, in Saudi Arabia, the Data Controller has to ensure the accuracy of the data before it is processed. 53 The Data Controller is mandated to notify the Data Subject if the personal data is corrected, updated or completed 54 and in addition to this, there are compliance regulations that a Data Controller is mandated to comply with while correcting the data. 55 The above-mentioned obligations would be applicable in the Use Cases under Healthcare. The liability of the DT provider in each jurisdiction would depend on whether it is classified as a Data Controller or Data Processor for the DT, as well as the specific liabilities imposed on these roles by the jurisdiction.
51
Carey, S., Pang, A., & Kamps, M.( 2024) Fairness in AI for healthcare, Future Healthcare Journal( Vol. 11( 3)), pp 2. https:// doi. org / 10.1016 / j. fhj. 2024.100177
52
Principle 10, Schedule 1, Privacy Act 1988, Australia.
53
Article 14, PDPL, Saudi Arabia.
54
Article 17, PDPL, Saudi Arabia.
55
Article 22, Implementing Regulation of the Personal Data Protection Law, Saudi Arabia. Journal of Innovation 89