We conducted development and demonstration experiments of services based on decentralized management of Personal Data (PD), compared and analyzed various countries' legal systems regarding self-information control, summarized regulatory trends and challenges related to PAI, and quantitatively demonstrated that trust in PAI and perceived usefulness strongly determine usage intentions.
PAI is expected to spread rapidly as it can be implemented with existing technology, bridge the digital divide, and create a massive industry. Therefore, there is an urgent need to promote proper risk management of PAI. To this end, focusing on the possibility of consolidating and fully utilizing PD exchanged when PAI mediates various services through dialogue with users, we incorporated requirement (L) "Consolidate AI system logs in the user's Personal Data Store (PDS) and fully utilize them for management and operation" (pink section in the right figure) into ISO/IEC 24970, an international standard for AI system risk management. When properly managed PAI mediates services based on this requirement, service providers cannot manipulate user behavior by exploiting cognitive biases, thus ending the attention economy and surveillance capitalism and protecting freedom of mind. Additionally, due to (L), if users trust PAI, its value can be maximized through full utilization of logs. As ISO/IEC 24970 is expected to become a harmonized standard for the EU AI Act (having binding force equivalent to law), requirement (L) under GDPR and Data Act will likely be applied to high-risk AI systems worldwide owing to the Brussels Effect.