Why GDPR will Make Machine Learning not so legal

GDPR & Our Data

How GDPR will project Machine Learning not so legal

Why GDPR will make Machine Learning not so legal or Will GDPR going to make Machine Learning Illegal?. We cant answer as of now. One thing for sure many companies going to make lots of money out of this new buzz word for real. 

With reference to machine Language based algorithms, the data subject has a right not to be subjected to a decision that is solemnly based on automated processing, including profiling which produces legal effects concerning him or her or significantly affects him or her. This then implies that consent of the data subject should be obtained first before any activity is done on their personal data.

This approval on personal data should be obtained through the use of terms and conditions that are indecipherable on written contracts , or alternatively any other platform that will provide the data subject a right of refusal if they are not satisfied with the provided justification or motivation.

GPDR Intervention in Data Analytics

• GDPR will affect you if you are processing any sort of data of people in the EU no matter where your organisation is located.
• EU residents can only consent to data uses that can be conspicuously and ambiguously explained at the time of consent. This dramatically reduces ability of organisation to rely on consent, AI and machine learning

The aim of GDPR and associated legislation is not to restrict big data analytics but rather to provide a framework for effective regulation. Not all big data is personal data and it is only personal data that’s covered by GDPR and other data protection legislation.

GDPR also covers unique identifiers, sub names pseudonyms to identify data, and these are now accorded the same levels of protection. This is likely to have a huge impact on customer profiling.

Another new introduction that is causing headaches for organisations that deal in data Analytics is the user right to withdraw consent, and to ask for details to be erased. Managing old versions of databases will be a nightmare as there is need to ensure that all data has been erased when requested will be a real challenge.

Organisations will be required to institute processes and internal record keeping requirements to insure compliance with these new regulations. The organisations, be it, data collectors or data processers, will be required to implement the concept of privacy by design — which is based on the principle that data protection should be built into the very core of their information systems.

Organisations will be required to collect only the data absolutely necessary for the business (data minimization), and to limit the access to personal data only to those needed to process it

GDPR introduction will also mean organisations now need to introduce new roles, and clear separation of duties. A clear line must be seen between data users and the person with responsibility for maintaining the data.

Another change GDPR will introduce is that any organisation must inform their customers within 72 hours of any breach notification that might endanger “individual rights and liberties”.

Exceptions for use of machine learning on personal data

GDPR holds exemptions in the following 3 cases with relation to the use of personal data in Machine language algorithms:

• (A) IS NECESSARY FOR ENTERING INTO, OR PERFORMANCE OF, A CONTRACT BETWEEN THE DATA SUBJECT AND A DATA CONTROLLER;
• (B) IS AUTHORISED BY UNION OR MEMBER STATE LAW TO WHICH THE CONTROLLER IS SUBJECT AND WHICH ALSO LAYS DOWN SUITABLE MEASURES TO SAFEGUARD THE DATA SUBJECT’S RIGHTS AND FREEDOMS AND LEGITIMATE INTERESTS; OR
• (C) IS BASED ON THE DATA SUBJECT’S EXPLICIT CONSENT.

Points to Note:

All credits if any remains on the original contributor only. We have now summarised GDPR here to give quick glimpse. You can find previous posts on Machine Learning – The Helicopter view, Supervised Machine Learning, Unsupervised Machine Learning  and Reinforcement Learning  links.

Conclusion -:  How exactly compliance with GDPR will look is not entirely clear.  Just because something is required by law does not necessarily mean that everyone and every organisation complies with either the letter or the spirit of the law. In short time there would be GDPR-compliant data protection products, services, consultation works and  audit services around this new buzz word will flourish. Privacy policies are getting updated to be more user-friendly to address new data regulations. These same standards apply in all vital areas such as big data analysis and artificial intelligence. I am sure you will have many questions running in head but I am sure I would be able to clear many in my subsequent blog posts. 

Books + Other readings Referred

• Open Internet

============================ About the Author =======================

Read about Author at : About Me

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPage    ContactMe      Twitter      ====================================================================