The new digital arms race has begun and revolves around artificial intelligence (AI) and machine learning (ML). Companies are seeking to get an advantage on their competitors by gaining insights or automating outcomes using AI and ML. The General Data Protection Regulation (GDPR) from the European Union will force companies to re-examine their use of AI and ML when determining outcomes for European citizens and residents.
What does GDPR say about AI and ML?
GDPR does not explicitly reference AI and ML technologies. Article 22 within GDPR is titled “Automated individual decision-making, including profiling”. Automated decision-making is what AI and ML are all about. The legislation states that the “data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.” If a company is using AI and ML, that company should be working with its general counsel to determine if the output of the AI or ML constitutes a legal effect or something as similarly impacting.
How can I leverage AI and ML while still adhering to GDPR?
First and foremost, the easiest way to deal with GDPR is to get the data subject’s explicit consent. Simple enough, a company just needs to get the data subject to agree to whatever action the AI determines is appropriate. How many customers will give up that much control to a computer?
A company must be prepared for a data subject to remove their consent. What does a company do then? Stop doing business? Another option is to implement a system that leverages explainable AI.
Explainable AI is AI where a human can easily understand the actions taken. Explainable AI allows the automation of decision making which then can be leveraged by an individual to agree or disagree with the actions. Decisions are no longer “based solely on automated processing”, and can still have the efficacy that AI and ML bring.
Is there any good news about dealing with GDPR and AI?
AI and ML are still in their infancy. Starting with the right data privacy framework, right design principles, right technology, a company can sail confidently into the future. NetApp provides state-of-the-art capabilities through its unified security features, integrated data protection and comprehensive audit logging to help address GDPR. All these features can be leveraged in the AI/ML pipeline line.