Abundant data, widespread digitisation, and attractive efficiency gains have driven the development and use of Artificial Intelligence (AI). However, this rapid growth is not isolated from human rights abuses which often stem from the way AI technologies are deployed. In July 2022, Aapti Institute, a Bengaluru-based tech think-tank, in collaboration with the Business and Human Rights (Asia) programme at UNDP India, examined the impact of AI deployment on the human rights of consumers in finance, healthcare, and on the labour force in gig work and retail in India. This work builds on existing research, such as the Human Rights Guide by the Danish Institute on Human Rights, which has found that a human rights-respecting approach by businesses can enhance individual and community well-being and drive sustainable economic growth. Our research identified numerous sector-specific risks and found commonalities across sectors.

Custom DU is an automated underwriting system that enables mortgage lenders to build their own business rules that facilitate assessing borrower eligibility for different mortgage products. Developed by Fannie Mae, Custom DU has been used since 2004 by several lenders to automate the underwriting of numerous mortgage products. Custom DU uses rule specification language techniques and a web-based, user-friendly interface for implementing business rules that represent business policy. By means of the user interface, lenders can also customize their underwriting findings reports, test the rules that they have defined, and publish changes to business rules on a real-time basis, all without any software modifications. The user interface enforces structure and consistency, enabling business users to focus on their underwriting guidelines when converting their business policy to rules.

Ea ch process description is shaped like a formalized business policy consisting of the following set of features: - the file(s) to be processed; - the software that carries out the processing; - the purpose of the processing; - the entities that can access the results of the processing; - the details of where the results are stored and for how long; - the obligations that are fulfilled while (or before) carrying out the processing; - the legal basis of the processing. It is not hard to see that the first five elements in the above list match SPECIAL's usage policy language (UPL) introduced in Section 3. As far as the above elements are concerned, the only difference between UPL expressions and a business policy is the granularity of attribute values. Fo r example, the involved data (specified in the first element of the above list) are not expressed as a general, content-oriented category, but rather as a concrete set of data sourc es or data items. Such objects can be modeled as instances or subclasses of the general data categories illustrated in Section 3, thereby creating a link between digital artifacts and usage policies. Similar considerations hold for the other a t-tributes: - processing is not necessarily described in the abstract terms adopted by the processing vocabulary introduced in Section 3; in a business policy, this can be specified by naming concrete software procedures; - the purpose of data processing may be directly related to the data controller's mission and products; - recipients may consist of a concrete list of legal and/or physical persons, as opposed to general categories such as Ours or ThirdParty; - storage may be specified by a list of specific data repositories, at the level of files and hosts. With this level of granularity, specific authorizations can be derived from the business policy, for example: The indicated software procedure can read the indicated data sources. The results can be written in the specified repositories. The specified recipients can read the repositories...

We address the problem of complying with the GDPR while processing and transferring personal data on the web. For this purpose we introduce an extensible profile of OWL2 for representing data protection policies. With this language, a company's data usage policy can be checked for compliance with data subjects' consent and with a formalized fragment of the GDPR by means of subsumption queries. The outer structure of the policies is restricted in order to make compliance checking highly scalable, as required when processing high-frequency data streams or large data volumes. However, the vocabularies for specifying policy properties can be chosen rather freely from expressive Horn fragments of OWL2. We exploit IBQ reasoning to integrate specialized reasoners for the policy language and the vocabulary's language. Our experiments show that this approach significantly improves performance.

This paper shows how knowledge representation and reasoning techniques can be used to support organizations in complying with the GDPR, that is, the new European data protection regulation. This work is carried out in a European H2020 project called SPECIAL. Data usage policies, the consent of data subjects, and selected fragments of the GDPR are encoded in a fragment of OWL2 called PL (policy language); compliance checking and policy validation are reduced to subsumption checking and concept consistency checking. This work proposes a satisfactory tradeoff between the expressiveness requirements on PL posed by the GDPR, and the scalability requirements that arise from the use cases provided by SPECIAL's industrial partners. Real-time compliance checking is achieved by means of a specialized reasoner, called PLR, that leverages knowledge compilation and structural subsumption techniques. The performance of a prototype implementation of PLR is analyzed through systematic experiments, and compared with the performance of other important reasoners. Moreover, we show how PL and PLR can be extended to support richer ontologies, by means of import-by-query techniques. PL and its integration with OWL2's profiles constitute new tractable fragments of OWL2. We prove also some negative results, concerning the intractability of unrestricted reasoning in PL, and the limitations posed on ontology import.

Custom DU is an automated underwriting system that enables mortgage lenders to build their own business rules that facilitate assessing borrower eligibility for different mortgage products. By means of the user interface, lenders can also customize their underwriting findings reports, test the rules that they have defined, and publish changes to business rules on a real-time basis, all without any software modifications. The user interface enforces structure and consistency, enabling business users to focus on their underwriting guidelines when converting their business policy to rules. Using Custom DU, lenders can create different rule sets for their products and assign them to different channels of the business, allowing for centralized control of underwriting policies and procedures--even if lenders have decentralized operations.

AI agents combining natural language interaction, task planning, and business ontologies can help companies provide better-quality and more costeffective customer service. Our customer-service agents use natural language to interact with customers, enabling customers to state their intentions directly instead of searching for the places on the Web site that may address their concern. We use planning methods to search systematically for the solution to the customer's problem, ensuring that a resolution satisfactory for both the customer and the company is found, if one exists. Our agents converse with customers, guaranteeing that needed information is acquired from customers and that relevant information is provided to them in order for both parties to make the right decision. The net effect is a more frictionless interaction process that improves the customer experience and makes businesses more competitive on the service front.