Home » AI » Case studies » First scenario: building and AI tool devoted to diagnosing COVID-19 disease » Deployment


“Deployment is the process of getting an IT system to be operational in its environment, including installation, configuration, running, testing, and making necessary changes. Deployment is usually not done by the developers of a system but by the IT team of the customer. Nevertheless, even if this is the case, developers will have a responsibility to supply the customer with sufficient information for successful deployment of the model. This will normally include a (generic) deployment plan, with necessary steps for successful deployment and how to perform them, and a (generic) monitoring and maintenance plan for maintenance of the system, and for monitoring the deployment and correct usage of data mining results.”[1]

Main actions that need to be addressed

General remarks

Once you have created your algorithm, you face an important issue. It might happen that it incorporates personal data, openly or in a hidden way.You must perform a formal evaluation assessing which personal data from the data subjects could be identifiable. This can be complicated at times. For example, some AI tools, such as Vector Support Machines (VSM) could contain examples of the training data by design within the logic of the model. In other cases, patterns may be found in the model that identifies a unique individual. In all of these cases, unauthorized parties may be able to recover elements of the training data, or infer who was in it, by analyzing the way the model behaves.If you know or suspect that the AI tool contains personal data (see Purchasing or promoting access to a database section in Actions and tools chapter), you should:

Finally, you must take regular action to proactively evaluate the likelihood of the possibility of personal data being inferred from models in light of the state-of-the-art technology, so that the risk of accidental disclosure is minimized. If these actions reveal a substantial possibility of data disclosure, necessary measures to avoid it should be implemented (see Integrity and confidentiality” section in “Principles” chapter).

Updating information

If the algorithm is implemented by a third party, you must communicate the results of the validation and monitoring system employed at the development stages and offer your collaboration to continue monitoring the validation of the results. It would also be advisable to establish this kind of coordination with third parties from whom you acquire databases or any other relevant component in the life cycle of the system. If this involves data processing by a third party, you must ensure that access is provided within a legal basis.

It is necessary to offer real time information to the end user about the values of accuracy and/or quality of the inferred information at each stage (see Accuracy” section in “Principles” chapter). When the inferred information does not reach minimum quality thresholds, you must highlight that this information has no value. This requirement often implies that you shall provide detailed information about the training and validation stages. Information about the datasets used for those purposes is particularly important. Otherwise, the use of the solution might bring disappointing results to the end users, who are left speculating on the cause.




1SHERPA, Guidelines for the Ethical Development of AI and Big Data Systems: An Ethics by Design approach, 2020, p 13. At: Accessed 15 May 2020


Skip to content