From the course: Ethics and Law in Data Analytics

GDPR, big data, and AI

From the course: Ethics and Law in Data Analytics

Start my 1-month free trial

GDPR, big data, and AI

- In this presentation we're going to be taking about the unique relationship between the GDPR and its requirements and data analytics and artificial intelligence. Because of the nature of the technology there are nine data protection principles that are threatened by its use. The first one, big data analytics must be fair. The GDPR requires fairness. We know that there can be instances in analytics and in artificial intelligence like predictive analytics that there can be some bias or discrimination we're working to eradicate but we acknowledge it can exist. Big data analytics are required to be fair in the GDPR so this is going to be a tension right out of the gate. Number two. You need permission to process data under the GDPR. And it has to be unambiguous so consent is very important. It has to be clear, affirmative. It can be taken back at any time. There are points in the process with analytics and artificial intelligence where you can't just continuously be asking for consent. So business people already they've got their eyes on this requirement considering how are we going to have a just in time notification process when there are downstream uses of the data. Number three, purpose limitation. The GDPR requires that you collect and use data for very specific purposes. And that you don't use the data inconsistently with that purpose. Again, the technology of analytics and artificial intelligence makes this almost impossible because it's expected that the data might be used for other purposes than what it was originally collected for. Number four, holding on to data. Under the GDPR and also the earlier privacy directive there's an objective of keeping the data in a minimalistic space. Meaning you take what you need, you only have what you need. You minimize the data which again based on the technology of artificial intelligence and analytics we're actually seeking more data we're not seeking to minimize data, we're actually looking for more. Number five is accuracy. We know that when data sets are large inaccurate data might be passed over or dismissed and also that big data might not represent a general population. We talked about this in mod two when we were introducing concepts of inclusion and exclusion and Kate Crawford's work in this area. Again, not entirely possible to promise exact accuracy working towards that but the GDPR requires it. Next year when it comes into force this is one of it's central principles. Number six, individual rights and access to data. The GDPR requires that individuals are allowed to access their personal data and actually correct it if it's not correct. Again the technology here in analytics, this is something that is not considered it is certainly not a practice but we're going to have to make some accommodations here. Number seven, security measures and risk. Security is very important in the GDPR. We know that large data sets and the nature of big data processing can throw up some specific information security risks that are going to have to be addressed in the European Union. Number eight, accountability. There are provisions promoting accountability in the GDPR and again mostly mod two when we were introducing some of the problems with algorithmic decisions. The erroneous algorithmic decisions based on bias profiling can create these accountability issues. And finally number nine. Controllers and processes. The GDPR defines data controllers differently from data processors. But it's going to be very important for anyone in the business of artificial intelligence and analytics to really get clear on what definition they fit and what rules and regulations are going to apply to them.

Contents