To extract the profound insight, business value and societal potential in these flows of data, we require artificial intelligence – specifically, AI that can make sense of data from every source and in every form: structured data from transactional systems like e-commerce, financial markets and supply chains; natural language data like social media; data in the form of images and video; and data from Internet of Things sensors.

Through the pervasive instrumentation of everything, combined with networks of increasing speed and capacity, the world’s activities and processes are becoming real-time. This will increasingly require systems that learn, predict, make recommendations and aid decision-making with confidence. And that will enable the transformation of business and society, the solution of previously intractable challenges, lives that are healthier, opportunities that are more varied, and homes and cities that are safer, fairer and more vibrant.

This profound shift is compelling enterprises and institutions of all kinds to adopt new technology and business architectures, based on artificial intelligence and cloud; and new business processes, skills and forms of engagement. At IBM, we call this the cognitive enterprise.

But to realize this enormous promise and ensure the success of these new platforms, businesses, governments and all of civil society must address significant societal and policy implications. In the rush to harness the potential from data, we must not lose sight of basic expectations that individuals, enterprises and communities rightly have regarding security, trust, privacy, jobs, skills – and, increasingly, the data they own or that is collected from them.

• Clients are not required to relinquish rights to their data to have the benefits of IBM’s Watson solutions and services.
• We believe the unique insights derived from clients’ data are their competitive advantage, and we will not share them without their agreement.
• IBM client agreements are transparent. We will not use client data unless they agree to such use and we will limit that use to the specific purposes clearly described in the agreement.
• IBM employs industry-leading security practices to safeguard data. This includes use of encryption, access control methodologies, and proprietary consent management modules which allow us to restrict access to authorized users and to de-identify data in accordance with applicable permissions.

• While there is no single approach to privacy, IBM complies with the data privacy laws in all countries and territories in which we operate.
• IBM was an early leader in developing and adopting the European Union (EU) Data Protection Code of Conduct for Cloud Service Providers for several offerings, securing certification under the U.S.-EU Privacy Shield and the APEC Cross-Border Privacy Rules, and will be fully compliant with the EU’s General Data Protection Regulation.
• IBM will advocate for strong and innovative means to enhance privacy and data protection, and will continue to invest in privacy-enhancing technologies.
• IBM supports global cooperation to facilitate mutual recognition of privacy regimes to enhance and facilitate cross-border data flows.

• IBM supports digital trade agreements that enable and facilitate the cross-border flow of data and that limit data localization requirements.
• We believe clients, not governments, should determine where their data is stored and how it is processed. Mandating that data be kept or processed within national boundaries does not make it safer from hackers or cyber criminals.
• IBM is making significant investments in cloud data centers around the world to give clients the flexibility to decide where to store and process their data. These decisions generally should be driven by client choice rather than government mandate.

• IBM has not provided client data to any government agency under any surveillance program involving bulk collection of content or metadata.
• In general, if a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client.
• We do not provide access to client data stored outside the lawful jurisdiction of any government requesting such data, unless the request is made through internationally recognized legal channels such as mutual legal assistance treaties (MLATs).
• If we receive a request for enterprise client data that does not follow processes in accordance with local law, we will take appropriate steps to challenge the request through judicial action or other means.
• If we receive a government request for enterprise client data that includes a gag order prohibiting us from notifying that client, we will take appropriate steps to challenge the gag order through judicial action or other means.
• We will continue to work closely with governments and clients to balance the protection of data with law enforcement’s obligation to conduct lawful investigations of criminal activity.
• IBM supports measures to increase the transparency, oversight and appropriate judicial review of government requests for data, including modernized international agreements on legal assistance.

IBM opposes any effort to weaken or limit the effectiveness of commercial encryption technologies that are essential to modern business.

• IBM does not put ‘backdoors’ in its products for any government agency, nor do we provide source code or encryption keys to any government agency for the purpose of accessing client data.
• In response to the global data breach epidemic, IBM will continue to develop new technologies to enhance the protection of our clients’ data and transactions, which are the foundation of the worldwide digital economy.
• IBM supports the use of internationally-accepted encryption standards and algorithms, rather than those mandated by individual governments.

IBM employs industry-leading security practices and technologies to safeguard data, and is at the forefront of applying artificial intelligence capabilities to stay one step ahead of emerging digital threats.

• IBM believes in public-private partnerships to raise cybersecurity awareness and tackle current and future threats to data security. The most effective approach involves voluntary, industry best practices and flexible risk management, such as the NIST Cybersecurity Framework.
• IBM also supports voluntary, real-time sharing of actionable cyber threat information between government, business and academia to collaboratively prevent and mitigate attacks.
• We believe that securing the Internet of Things – including all data, communications and processing associated with those systems – can only be achieved if their designs put data security and privacy first.

• The value in AI lies in human augmentation, not replacement. AI systems will not become conscious or sentient beings; rather, they will be integrated into the world’s processes, systems and interactions. Artificial intelligence cannot and will not replace human decision-making, judgment, intuition or ethical choices.
• IBM supports transparency and data governance policies that will ensure people understand how an AI system came to a given conclusion or recommendation. Companies must be able to explain what went into their algorithm’s recommendations. If they can’t, then their systems shouldn’t be on the market.
• As society debates the implications of AI systems, IBM does not believe in taxing automation or penalizing innovation. Rather, IBM will work with policymakers and clients to prepare the workforce with the skills needed to work effectively in partnership with AI systems.

IBM encourages governments to:

• Better align education with in-demand skills and competencies;
• Support business investment in retraining employees; and
• Encourage individuals to invest in skills for career advancement.