the SaaS provider increases. Depending on where the data is stored, SaaS providers may be connected to potential human rights harms on various levels and may or may not have leverage to address them. • Level of interoperability: If a SaaS service can easily be integrated with others, the combined use of these services may lead to a higher likelihood of privacy impacts. Access to personal and potentially sensitive data may increase, and the data that is collected through different SaaS services may be combined to gather information on individuals. • Cloud versus on-premises deployment: When a SaaS service is deployed on-premises, access to data is well-defined and localized. While cloud solutions generally employ sophisti- cated encryption and data protection measures, they also increase the number of actors with access to sensitive data. Additionally, the usage of cloud solutions makes it easier to integrate different pieces of software, increasing the likelihood of risks related to privacy. • Level of customizability: If a SaaS service is highly customizable, customers may add new fields of data to be collected from users, which would increase the likelihood of potential harms related to violations of privacy. Responsible AI Some SaaS services incorporate AI systems, which may amplify the risks associated with the use of data and algorithmic decision making. An ethical and human rights-based approach to AI aims to address AI’s adverse social impacts. Company-Level Impacts • AI models used as part of SaaS services may introduce unintentional biases and lead to unfair or discriminatory outcomes for certain individuals or populations. This may happen when using biased or unrepresentative datasets when training or feeding AI models. If the SaaS provider can’t explain how the AI model arrives at certain outputs, the problem can be exacerbated. • Even when AI models are used as intended and datasets are representative and unbiased, some AI tools may still inherently cause human rights violations. For example, facial recognition solutions may be based on data collection practices that violate the right to privacy. • AI models used in business contexts typically optimize for short-term financial goals at the expense of non-financial goals such as labor conditions and environmental sustainability. A reliance on algorithmic decision-making systems in SaaS services may lead to the privileging of certain goals over others, leading to unintended negative outcomes. • AI models used as part of SaaS services may be used to analyze user or worker behavior, sentiment, or actions, leading to profiling individuals in ways that impact human autonomy and dignity. 24 Human Rights Assessment of the Software-as-a-Service Sector