Dreamstime Images
Dreamstime L 159869047 5f34074084ad2

AI and Privacy Laws: Transparency vs. Data Protection

Aug. 12, 2020
Because artificial intelligence systems handle massive amounts of data, any breach in them can be catastrophic. This leaves businesses and financial institutions with the difficult decision of determining whether it is more important to be transparent with the use of AI or to protect data.

In its present-day incarnation, artificial intelligence (AI) works by imitating how humans think. AI can learn by observing data and making connections. However, this can make it more sophisticated than humans and lead to us not being able to understand how it works. AI often uses complex algorithms to yield results, but revealing these algorithms can weaken the very data the systems were designed to protect.

Because these systems handle massive amounts of data, any breach in them can be catastrophic. This leaves businesses and financial institutions with the difficult decision of determining whether it is more important to be transparent with the use of AI or to protect data.

AI for Personal and Public Records Management

AI is an effective solution to manage personal and public records. It has the ability to sort through a lot of information contained in public records and group it into different categories, allowing the system to identify people, places and things from the data collected. More sophisticated AI allows the system to extract important information about the data it collects and determine its value to the user.

AI Transparency Impact on Customers’ Everyday Life

AI has a direct impact on customers’ everyday life and has been used in various manners, including:

  • Reviewing applications for jobs
  • Identifying people through facial recognition
  • Sifting email messages
  • Interacting with customers through chatbots
  • Anticipating human concerns
  • Detecting user activity
  •  Protecting consumers from financial harm

When AI is transparent, customers can determine for themselves whether the risk of using the technology outweighs any other benefit they would derive from it.

Fundamental Principles of Data Protection

The GDPR establishes the following seven key principles for data protection:

  1. Lawfulness, fairness and transparency. Processing of personal data must be lawful and fair. It should also be transparent so that individuals know how their data is being used and collected.
  2. Purpose limitation. Data should only be collected for specified and legitimate reasons.
  3. Data minimization. Personal data processing should be limited to what is actually necessary.
  4. Accuracy. Personal data must be accurate and kept up to date.
  5. Storage limitation. Personal data should only be maintained in a form that provides identification of the subjects of data for as long as necessary for the purpose limitation.
  6. Integrity and confidentiality. Personal data must be processed in a way that protects its security and confidentiality.
  7. Accountability. The controller must be able to show that they are compliant with all of these principles.

Fairness and Transparency

Transparency in data protection is an integral part of the EU’s General Data Protection Regulation (GDPR). According to the “lawfulness, fairness and transparency” standard, any processing of personal data should be easily accessible and easy to understand. Those who collect personal data must explain how and why they are collecting the data in clear and plain language.

AI Transparency’s Impact on Business Data

Businesses collect all kinds of information, including customers’ contact information, email addresses and financial information. Businesses that provide transparent collection statements may help aid their credibility and may be considered more trustworthy. However, some customers may respond to these transparent statements by refusing to provide information if they think it may be mismanaged.

The Limits of Transparency for AI

There are limits to how effective transparency for AI can be. For example, even when AI is transparent, the onus is on the user to be able to understand how highly sophisticated AI functions. Additionally, revealing algorithms or even how they work can make data susceptible to attacks from hackers who may be able to manipulate the algorithm for nefarious purposes.

Personal Data Risks and Protection

The GDPR also requires that the controller and processor take reasonable steps to minimize risk to users’ data. Data privacy risks may include:

  • Unauthorized use
  • Unauthorized access
  • Unauthorized transfer
  • Financial or reputational injury

It is important for AI developers to prioritize data protection to protect their customers’ private data. AI transparency should not mean that data becomes publicly available information, and AI users can prevent this from happening by applying appropriate safeguards.

Solutions and Recommendations

The GDPR requirement to be transparent while also minimizing the risk to users’ data presents a delicate balancing act. However, it is achievable through the careful use and integration of AI technologies. Controllers should take the greatest care to control their algorithms and prevent misuse by third parties.

Internal risk teams and outside risk consultants may be able to provide an objective determination of the potential risks involved and the solutions to minimize them. Data protection impact assessments allow businesses to quantify risks to correct them and disclose them to customers. Additionally, manually checking for accuracy can help prevent unfair results and patterns being developed by AI.

About the Author

Ben Hartwig

Ben Hartwig is a web operations director at InfoTracer who authors guides on marketing and cybersecurity. He can be contacted via LinkedIn.

Voice your opinion!

To join the conversation, and become an exclusive member of Supply Chain Connect, create an account today!