Big Data

Why GDPR will Make Machine Learning not so legal

GDPR & Our Data

All of sudden lawyers are busy and got lot of work to do on this new thing called as GDPR. Because 90% of the world’s data was created in the last two years. Will GDPR also going to impact historical data. Does GDPR require Machine Learning algorithms to explain their output? may be yes may be no or in short probably not, but there is enough ambiguity to be clarified and keep DataScientists, Lawyers, industry influencers busy.
GDPRLaw.png

GDPR will affect you if you are processing any sort of data of people in the EU no matter where your organisation is located. Companies involved in Data Science needs to constantly strive to provide a seamless, integrated experience to help consumers to continue working smarter and without hesitations.

The GDPR is a regulation that is not bound to any country in the European Union specifically (Its a global requirement). It does limit it self to  any particular technology or type of business even.

It applies to all countries within the EU as well as to all companies providing services to and interacting with EU citizens and businesses. In short: the GDPR applies to a majority of all the enterprises there are on this planet.

Looking for a quick summary of this new regulation called GDPR? Read on:

Consent :  Companies should not use indecipherable terms and conditions

Breach Notification : In case of data breach, data controllers and customers should be notified the potential risk within 72 hours

Right to access :  Data subjects should be notified before their data is used for processing

Right to be forgotten : When data is no more relevant, data subjects can request data controllers to erase the data to avoid dissemination of the information

Data Portability : Individuals should be allowed to reuse their personal data for personal use across various IT environments

Privacy by Design :  Calls for data protection from the onset of system design, through implementation of technical and infrastructural measures

Data Protection Officers : Personally trained officers should be appointed in public authorities or organizations with an employee base of more than 250 employees that are involved in systematic processing of personal sensitive data

The new privacy policy goes into effect on May 25, 2018The penalties for non-compliance can reach €20 Million or four percent of the organization’s annual turnover, whichever is greater.

If you have any questions about these changes, take a look at the FAQs on open book called google. For questions not addressed by the FAQs, please reach out to us using the contact information provided in the contact us.

GDPR will affect you if you are processing any sort of data of people in the EU no matter where your organisation is located.

How GDPR will project Machine Learning not so legal

Why GDPR will make Machine Learning not so legal or Will GDPR going to make Machine Learning Illegal?. We cant answer as of now. One thing for sure many companies going to make lots of money out of this new buzz word for real. 

GDPRHFlow.png

With reference to machine Language based algorithms, the data subject has a right not to be subjected to a decision that is solemnly based on automated processing, including profiling which produces legal effects concerning him or her or significantly affects him or her. This then implies that consent of the data subject should be obtained first before any activity is done on their personal data.

This approval on personal data should be obtained through the use of terms and conditions that are indecipherable on written contracts , or alternatively any other platform that will provide the data subject a right of refusal if they are not satisfied with the provided justification or motivation.

GPDR Intervention in Data Analytics

  • GDPR will affect you if you are processing any sort of data of people in the EU no matter where your organisation is located.
  • EU residents can only consent to data uses that can be conspicuously and ambiguously explained at the time of consent. This dramatically reduces ability of organisation to rely on consent, AI and machine learning

GDPR Header

The aim of GDPR and associated legislation is not to restrict big data analytics but rather to provide a framework for effective regulation. Not all big data is personal data and it is only personal data that’s covered by GDPR and other data protection legislation.

GDPR also covers unique identifiers, sub names pseudonyms to identify data, and these are now accorded the same levels of protection. This is likely to have a huge impact on customer profiling.

Another new introduction that is causing headaches for organisations that deal in data Analytics is the user right to withdraw consent, and to ask for details to be erased. Managing old versions of databases will be a nightmare as there is need to ensure that all data has been erased when requested will be a real challenge.

Organisations will be required to institute processes and internal record keeping requirements to insure compliance with these new regulations. The organisations, be it, data collectors or data processers, will be required to implement the concept of privacy by design — which is based on the principle that data protection should be built into the very core of their information systems.

Organisations will be required to collect only the data absolutely necessary for the business (data minimization), and to limit the access to personal data only to those needed to process it

GDPR introduction will also mean organisations now need to introduce new roles, and clear separation of duties. A clear line must be seen between data users and the person with responsibility for maintaining the data.

Another change GDPR will introduce is that any organisation must inform their customers within 72 hours of any breach notification that might endanger “individual rights and liberties”.

 

Exceptions for use of machine learning on personal data

GDPR holds exemptions in the following 3 cases with relation to the use of personal data in Machine language algorithms:

  • (A) IS NECESSARY FOR ENTERING INTO, OR PERFORMANCE OF, A CONTRACT BETWEEN THE DATA SUBJECT AND A DATA CONTROLLER;
  • (B) IS AUTHORISED BY UNION OR MEMBER STATE LAW TO WHICH THE CONTROLLER IS SUBJECT AND WHICH ALSO LAYS DOWN SUITABLE MEASURES TO SAFEGUARD THE DATA SUBJECT’S RIGHTS AND FREEDOMS AND LEGITIMATE INTERESTS; OR
  • (C) IS BASED ON THE DATA SUBJECT’S EXPLICIT CONSENT.

Points to Note:

All credits if any remains on the original contributor only. We have now summarised GDPR here to give quick glimpse. You can find previous posts on Machine Learning – The Helicopter viewSupervised Machine LearningUnsupervised Machine Learning  and Reinforcement Learning  links.

 

Sign-tConclusion -:  How exactly compliance with GDPR will look is not entirely clear.  Just because something is required by law does not necessarily mean that everyone and every organisation complies with either the letter or the spirit of the law. In short time there would be GDPR-compliant data protection products, services, consultation works and  audit services around this new buzz word will flourish. Privacy policies are getting updated to be more user-friendly to address new data regulations. These same standards apply in all vital areas such as big data analysis and artificial intelligence. I am sure you will have many questions running in head but I am sure I would be able to clear many in my subsequent blog posts. 

 

Books + Other readings Referred

  • Open Internet

============================ About the Author =======================

Read about Author at : About Me

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPage    ContactMe      Twitter      ====================================================================

Advertisements

2 replies »

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.