Why GDPR will Make Machine Learning not so legal

GDPR & Our Data – All of sudden lawyers are busy and got lot of work to do on this new thing called as GDPR. Because 90% of the world’s data was created in the last two years. Will GDPR also going to impact historical data. Does GDPR require Machine Learning algorithms to explain their output? may be yes may be no or in short probably not, but there is enough ambiguity to be clarified and keep DataScientists, Lawyers, industry influencers busy.

GDPR – Introduction

GDPR will affect you if you are processing any sort of data about people in the EU, no matter where your organization is located. Companies involved in data science need to constantly strive to provide a seamless, integrated experience to help consumers continue working smarter and without hesitation.

The GDPR is a regulation that is not bound to any country in the European Union specifically (it’s a global requirement). It does limit itself to any particular technology or type of business.

It applies to all countries within the EU as well as to all companies providing services to and interacting with EU citizens and businesses. In short, the GDPR applies to the majority of all the enterprises there are on this planet.

Looking for a quick summary of this new regulation called GDPR? Read on:

• Consent: Companies should not use indecipherable terms and conditions.
• Breach Notification: In case of a data breach, data controllers and customers should be notified of the potential risk within 72 hours.
• Right to access: Data subjects should be notified before their data is used for processing.
• Right to be Forgotten: When data is no longer relevant, data subjects can request that data controllers erase the data to avoid dissemination of the information.
• Data Portability: Individuals should be allowed to reuse their personal data for personal use across various IT environments.
• Privacy by Design: Calls for data protection from the onset of system design through the implementation of technical and infrastructural measures
• Data Protection Officers: Personally trained officers should be appointed in public authorities or organizations with an employee base of more than 250 employees that are involved in the systematic processing of personal sensitive data.

The new privacy policy goes into effect on May 25, 2018. The penalties for non-compliance can reach €20 million or four percent of the organization’s annual turnover, whichever is greater.

If you have any questions about these changes, take a look at the FAQs on the open book called Google. For questions not addressed by the FAQs, please reach out to us using the contact information provided in the “Contact Us” section.

GDPR will affect you if you are processing any sort of data about people in the EU, no matter where your organization is located.

How GDPR will project Machine Learning not so legal

Why will GDPR make machine learning not so legal, or is GDPR going to make machine learning illegal? We can’t answer as of now. One thing is for sure: many companies are going to make lots of money out of this new buzz word for real.

With reference to machine-language-based algorithms, the data subject has a right not to be subjected to a decision that is solemnly based on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her. This then implies that the consent of the data subject should be obtained first before any activity is done on their personal data.

This approval on personal data should be obtained through the use of terms and conditions that are indecipherable on written contracts, or alternatively, any other platform that will provide the data subject with a right of refusal if they are not satisfied with the provided justification or motivation.

GPDR Intervention in Data Analytics

• GDPR will affect you if you are processing any sort of data about people in the EU, no matter where your organization is located.
• EU residents can only consent to data uses that can be conspicuously and ambiguously explained at the time of consent. This dramatically reduces the ability of organizations to rely on consent, AI, and machine learning.

The aim of GDPR and associated legislation is not to restrict big data analytics but rather to provide a framework for effective regulation. Not all big data is personal data, and only personal data is covered by GDPR and other data protection legislation.

GDPR also covers unique identifiers and pseudonyms to identify data, and these are now accorded the same levels of protection. This is likely to have a huge impact on customer profiling.

Another new introduction that is causing headaches for organizations that deal in data analytics is the user’s right to withdraw consent and to ask for details to be erased. Managing old versions of databases will be a nightmare, as there is a need to ensure that all data has been erased when requested.

Organizations will be required to institute processes and internal record-keeping requirements to ensure compliance with these new regulations. The organizations, be they data collectors or data processors, will be required to implement the concept of privacy by design, which is based on the principle that data protection should be built into the very core of their information systems.

Organizations will be required to collect only the data absolutely necessary for the business (data minimization) and limit access to personal data only to those needed to process it.

GDPR’s introduction will also mean organizations now need to introduce new roles and a clear separation of duties. A clear line must be drawn between data users and the person with responsibility for maintaining the data.

Another change GDPR will introduce is that any organization must inform their customers within 72 hours of any breach notification that might endanger “individual rights and liberties”.

Exceptions for use of machine learning on personal data

GDPR holds exemptions in the following 3 cases with relation to the use of personal data in Machine language algorithms:

• (A) IS NECESSARY FOR ENTERING INTO, OR PERFORMANCE OF, A CONTRACT BETWEEN THE DATA SUBJECT AND A DATA CONTROLLER;
• (B) IS AUTHORISED BY UNION OR MEMBER STATE LAW TO WHICH THE CONTROLLER IS SUBJECT AND WHICH ALSO LAYS DOWN SUITABLE MEASURES TO SAFEGUARD THE DATA SUBJECT’S RIGHTS AND FREEDOMS AND LEGITIMATE INTERESTS; OR
• (C) IS BASED ON THE DATA SUBJECT’S EXPLICIT CONSENT.

 

Points to Note:

All credits, if any, remain with the original contributor only. We have now summarized GDPR here to give a quick glimpse. You can find previous posts on Machine Learning: The Helicopter View, Supervised Machine Learning, Unsupervised Machine Learning, and Reinforcement Learning here.

—

Conclusion -: How exactly compliance with GDPR will look is not entirely clear. Just because something is required by law does not necessarily mean that everyone and every organization complies with either the letter or the spirit of the law. In a short time, GDPR-compliant data protection products, services, consultations, and audit services around this new buzzword will flourish.

Privacy policies are getting updated to be more user-friendly to address new data regulations. These same standards apply in all vital areas, such as big data analysis and artificial intelligence. I am sure you will have many questions running through your head, but I am sure I will be able to clear many of them in my subsequent blog posts.

Books + Other readings Referred

• Open Internet

============================ About the Author =======================

Read about Author at : About Me

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPage    ContactMe      Twitter      ====================================================================