The Evolving Relationship Between AI And The GDPR

by Dirk Shaw

The General Data Protection Regulation, implemented in May 2018, seeks to regulate the collection and storage of personal data. As it applies not only to businesses based in the EU, but any organization collecting data on EU citizens, the impact of the legislation has a global ripple effect throughout the data-hungry AI field.

It’d be tempting to assume the rules pose a permanent road-block for those developing AI, and while there are absolutely major regulatory requirements and penalties for non-compliance, it’s too early to say whether GDPR and AI will be friends, foe, or somewhere in between.

One challenge in this relationship is that the legislation is relatively clear in its scope and remit, but not necessarily its intent due to the highly technical nature of the topic. Best practices and guidelines have been published, but ultimately it’ll come to courts to provide a legally binding interpretation to be used as precedent.

Articles 22 and 15 are the most frequently addressed in data security news, covering restrictions on automated decision-making and profile, but specifically apply in instances where automated processes are the sole decision-making criteria.

A core component of the GDPR’s transparency requirement allows citizens to request “meaningful information about the logic” governing an AI system, but the language doesn’t require an explicit explanation of how a given decision was reached. Due to intellectual property concerns, it’s unlikely companies would want to share algorithm detail, and equally unlikely the average citizen would find this information useful. It’s generally understood that a far more meaningful mode of transparency would be to provide the data used for the inputs, as well as how the outputs played a role in the decision itself.

The above approach would serve as a checks-and-balances to address biases and improve quality while also helping to better interpret the outcomes and ensure the ethical use of AI.

It’s this goal of fairness where the GDPR and AI have the greatest alignment. There’s likely to be friction in adoption and implementation of new technologies as a result of the rules in the short-term, but the long-term goal is to create a more transparent system in which consumers have more faith in the systems that increasingly govern our day-to-day lives.

In this “frienemies” period the AI community needs to prepare for additional legislation regarding specific issues, but a collaborative effort toward accepted best-practices will help consumers and businesses alike as the relationship between technology and governance continues to mature and solidify.

Find out more here.