Bradley Arant Boult Cummings LLP
  August 23, 2024 - Birmingham, Alabama

Avoiding growing pains in the development and use of digital twins
  by Illman, Erin Jane

Novel technologies that seek to improve quality of life or simplify complex processes offer great promise. For example, medical technologies that detect or cure disease or supply chain technologies that allow for real time understanding of the location or destination of a specific product — make our lives easier and safer.

They also pose potentially unforeseen complications. This is especially true for technology such as digital twins, used in everything from medicine to city planning, which rely on large sets of data to understand complex systems. Additionally, digital twin technology integrates machine learning and artificial intelligence with real time operations using sensors and other sensitive instruments.

This combination of factors falls squarely into many of the privacy, security, and ethical issues that plague new technologies generally. This article offers some considerations in addressing those issues while counterbalancing the competing practical challenges and risks inherent in digital twin innovation.

What is a digital twin?

A digital twin is a virtual replica, or a dynamic representation of something that exists in the physical world, built using real time data collected from the original source. For example, a digital twin can “stand in” for the human organ undergoing a complex medical procedure to determine what risks the procedure may pose. The digital twin replica can be of a physical object, process, system, or whole environment.

The purpose of a digital twin is to provide data analysis and system monitoring to improve decision making, alone, or on behalf of the original “twin.” Digital twins use sensors, internet connected devices (such as IOT), and other instruments to measure and monitor the data source in real time.

A digital twin is different from a digital model, computer generated representation, or a design model or simulation that provides a visual replica. Unlike these previous technologies, a digital twin uses an exact replica of the object or process to test new products in real time, with real life data, while reducing miscalculation, mistake, or harm to the original source.

The benefits are infinite, including reducing cost and time, improving research and development, facilitating the ability to monitor an object in real time without disturbing its host, predict and apply preventative maintenance, prevent injury, train in real life settings, and numerous other advantages. This technological improvement creates the ability to essentially see into the future by seeing what will happen on the digital twin before the real-life version is exposed to the same process.

Privacy implications

Evolving privacy laws focus on concepts that conflict with the development and use of digital twins. For example, most comprehensive privacy laws, in the U.S. and abroad, focus on data minimization, consent, the right to delete data, and the ability to understand how personal data is used in certain types of technologies.

Digital twin developers must understand how these privacy laws interact with and influence decisioning around design features. For example, if data cannot be retained indefinitely and must be deleted or anonymized after a certain period, how would that affect the historical processes that a digital twin relies on to operate? Further, can data used in a digital twin be anonymized if it is tied to a real-life object whose identity is known? These are questions that developers and privacy experts must work together on to solve.

Additionally, with the uptick in privacy related litigation around tracking technologies and interception of data, digital twins may face an increasingly hostile environment that requires multiple layers of consent and disclosure to use the data that is being collected. Further, the technology could be vulnerable to the revocation of that consent, making a particular “twin” obsolete if the original source of data is no longer available.

Data that is collected for a digital twin can also include both personal data and proprietary or confidential company data. Ownership rights of the digital twin, or the underlying data, could diverge creating a split in ownership claims. Clear contractual terms that consider non-waivable privacy rights will be imperative to protect intellectual property vested in digital twins.

Security implications

Digital twins rely on a continuous influx of detailed data, which is often sensitive, from a variety of sources. Additionally, this data is often transmitted by devices that are connected to the internet and subject to interception by malicious actors.

It is imperative that developers consider security by design, not just for the digital twin, but for any technology that is connected to it. That would include any IOT device, sensor, or other integrated technology, such as artificial intelligence or robotics.

With ransomware attacks on the rise, and tactics constantly evolving, it will be imperative to consider how these types of attacks could affect the digital twin environment, the secure transfer or storage of data, or critical functionalities that depend on the connectivity of the digital twin.

Ethical implications

The individualized nature of digital twins is one of the main advantages of the technology. However, the decontextualization of digital twins (overly individualizing a particular person, thing, or process) can also lead to ethical issues. Imagine a digital twin of your heart that can undergo stress testing, or be monitored for drug interactions, without any potential harm to the “original” heart.

However, what happens if something outside of the original testing purpose is discovered, for instance, that your heart is susceptible to irregularities or harm under circumstances previously unknown.

What are the ethical obligations to notify the heart’s owner? What if the heart’s owner’s identity has been masked due to privacy considerations? What are the ethical obligations to notify other individuals who may be subject to the same irregularities? Is the study of that digital heart specialized, in that it would only apply to one person, or can the results be transferred to all patients? These and other issues, particularly in the medical context, create a lot of unanswered questions on the long-term expectations around this technology.

Even outside of the medical context, the use of digital twins presents the opportunity for misuse. Because this space is largely unregulated at present, unorthodox or unintended use of digital twins has little oversight. As with any technology, there is also the possibility of bias, injustice, consumer harm, or other malfeasance.

The privacy, security and ethical issues identified above only touch the surface of questions that developers, compliance, legal, and privacy professionals must ask themselves as they develop this new technology. There is no doubt that digital twin technology could revolutionize research into the human body, as well as manufacturing, design, city planning, and a host of other conceivable use cases. With that in mind, digital twin developers must consider where general principles of ethics, privacy, and security would benefit the innovative process.

Republished with permission. This article, “Avoiding growing pains in the development and use of digital twins," was first published on Reuters Legal News and Westlaw Today on August 20, 2024.




Read full article at: https://www.bradley.com/insights/publications/2024/08/avoiding-growing-pains-in-the-development-and-use-of-digital-twins