Lesson 1Vendor and client contracts for AI features: data processing agreements, joint controllership, liability allocation, and security requirementsExplains structuring vendor and client contracts for AI features, focusing on data processing deals, shared control, liability sharing, and security terms that meet rules and ethics.
Defining controller and processor rolesKey data processing agreement clausesJoint controllership and shared dutiesLiability caps, indemnities, and insuranceSecurity and incident response obligationsAudit, oversight, and termination rightsLesson 2Core data protection regimes and obligations relevant to AI (principles: purpose limitation, data minimization, lawful basis, transparency)Reviews main data protection rules for AI, highlighting principles like purpose limits, data minimisation, legal grounds, and openness, and putting them into practice in AI building and use.
Purpose limitation in AI training and useData minimization and feature selectionChoosing and documenting lawful basesTransparency and meaningful noticesAccuracy, storage limits, and integrityAccountability and governance structuresLesson 3Data Protection Impact Assessments (DPIAs) / AI Impact Assessments (AIA): structure, key questions, and remediation plansShows how to set up and do DPIAs and AIAs, from scoping risks to involving stakeholders, documenting, and planning fixes so AI meets legal, ethical, and company standards.
Scoping AI systems and processing activitiesIdentifying stakeholders and affected groupsCataloging risks to rights and freedomsDesigning mitigation and remediation plansDocumenting outcomes and sign-offIntegrating DPIAs into product lifecycleLesson 4Algorithmic fairness and bias: sources of bias, measurement methods, and mitigation techniquesAnalyses AI bias and fairness, covering bias sources, metrics, and fixes across data, models, and rollout, noting legal needs in tough regulatory spots.
Types and sources of algorithmic biasFairness metrics and trade-offsBias in data collection and labelingModel training and evaluation strategiesMitigation during deployment and monitoringDocumentation of fairness decisionsLesson 5Operational playbooks for product compliance reviews and cross-functional escalation (Product, Legal, Privacy, Compliance)Gives practical guides for product compliance checks, roles, workflows, and escalation among Product, Legal, Privacy, and Compliance to handle AI risks and record solid choices.
Intake and triage of AI product changesRisk-based review levels and criteriaRoles of Product, Legal, Privacy, ComplianceEscalation paths for high-risk AI use casesDecision documentation and approval recordsFeedback loops into product roadmapsLesson 6Model risk management for AI features: documentation (model cards), validation, testing, performance monitoring, and explainabilityCovers managing AI model risks, with docs, checks, tests, monitoring, and explainability, matching governance to rules and company risk levels.
Model inventory and classificationModel cards and documentation standardsValidation and independent challengePerformance, drift, and stability monitoringExplainability methods and limitationsModel change management and decommissioningLesson 7Ethical frameworks for AI decisions: stakeholder mapping, proportionality, contestability, human oversight, and redress mechanismsIntroduces ethics frameworks for AI choices, covering stakeholder maps, balance, challenge rights, human checks, and fixes, embedding them in governance and product design.
Stakeholder and impact mapping for AIProportionality and necessity assessmentsDesigning contestability and appeal channelsHuman-in-the-loop and on-the-loop modelsRedress and remedy mechanisms for harmEmbedding ethics reviews into governanceLesson 8Privacy-preserving design: data minimization, differential privacy, anonymization, pseudonymization, and secure multi-party computation basicsExplores privacy designs for AI like data minimisation, anonymisation, pseudonymisation, differential privacy, and secure computation, with tips on uses and trade-offs.
Data minimization in AI feature designAnonymization and re-identification risksPseudonymization and tokenization methodsDifferential privacy for analytics and MLSecure multi-party computation basicsSelecting appropriate privacy techniquesLesson 9Technical controls: access control, logging, encryption, retention policies, and secure development lifecycle (SDLC) for MLDetails tech safeguards for AI: access, logs, encryption, retention, and secure ML development, showing how tech choices aid compliance and cut ethical risks.
Role-based and attribute-based access controlSecurity logging and audit trail designEncryption in transit and at rest for AI dataData retention and deletion automationSecure coding and code review for MLSecurity testing and hardening of AI servicesLesson 10Assessing lawful bases and consent limits for workplace surveillance and employee data processingLooks at legal grounds and consent limits for workplace monitoring and staff data, tackling tools, openness duties, power gaps, and protections for dignity and worker rights.
Common workplace surveillance scenariosAssessing legitimate interest and necessityConsent limits in employment contextsTransparency and worker information dutiesSafeguards for monitoring technologiesEngaging works councils and unionsLesson 11Regulatory trends in high-regulation jurisdictions and compliance pathways for novel AI productsSurveys rule trends in strict jurisdictions, new AI laws, guidance, enforcement, and practical compliance paths for new AI products and cross-border work.
Overview of major AI regulatory regimesSector-specific AI rules and guidanceSupervisory expectations and enforcementRegulatory sandboxes and innovation hubsDesigning risk-based compliance programsCross-border data and AI compliance issuesLesson 12Human rights frameworks applicable to data and AI: UN Guiding Principles, GDPR as a rights-based model, and national human-rights implicationsLinks human rights to data and AI governance, explaining UN Principles, GDPR rights approach, and national duties shaping company AI responsibilities.
UN Guiding Principles and corporate dutiesGDPR as a rights-based regulatory modelNational human rights laws affecting AISalient human rights risks in AI useHuman rights due diligence for AIRemedy and accountability expectations
