Machine learning is the application of artificial intelligence (AI) that uses huge amounts of data to automatically learn and improve something for itself.
Machine learning is already used by many of the world’s biggest technology companies to improve their services and software. Some prime examples of businesses that use machine learning are Amazon, which utilizes data about its customers to improve product recommendations and Facebook, which uses machine learning to recognise faces in photos.
Adoption of machine learning is set to grow at a rapid pace over the next few years. According to market intelligence firm Tractica Research, the market for artificial intelligence for enterprise applications will be worth $11.1 billion by 2024 – and that includes machine-learning AI.
Many companies across many industries are set to embrace machine learning then, but one big question remains: with so much data involved, what does this mean for businesses looking to adhere to data protection regulations?
How Machine Learning Affects GDPR Compliance
A large, blue, abstract blur in front of several skyscrapers via Pexels
The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. The regulation states that “The protection of natural persons in relation to the processing of personal data is a fundamental right.” As part of this approach, companies that store personal data must have explicit permission (and must request permission if they do not already have it) in order to use said personal data. Companies must also inform individuals if they store personal information and also explain how they use said information. These companies are deemed to be data controllers or data processors, between which there is a subtle difference, handling the data of “data subjects.”
When it comes to machine learning, the GDPR could potentially be a problem. How will data processors properly explain that they are using this personal data for machine learning purposes – and if so, how exactly does the GDPR apply? How will customers feel to learn that their data is being used in order to better sell and promote products to themselves and other customers that shop with a retailer, considering these data subjects’ explicit permission is required? Will the phrasing of this information concern consumers, and will it be adequate in explaining the process?
A sheet of paper with statistics on it is next to a laptop computer via Pexels
For businesses, there are also challenges in terms of adapting the machine learning algorithm if data is removed from the pool. People have the right to withdraw permission to use their personal data which would rule that particular person’s dataset out of the machine learning data pool and could require businesses that use machine learning algorithms to get their computers to reexamine a dataset and make a new outcome when that data is omitted.
Moreover, GDPR also states that businesses using data for machine learning must be “fair and unbiased”. Businesses will also have to take appropriate steps to ensure that their machine learning processes work as such, and look into the legal definitions of such terms and how they apply to AI algorithms.
Machine learning offers a huge opportunity for businesses to expand and improve the services and products they offer but it should not be used without the proper care and measures in order to remain GDPR compliant. Intervention from the GDPR could be costly – up to 4% of a business’ total global revenue or 20 million euros – and failing to be compliant on this could see customers lose confidence, making it even more important for businesses to tread carefully.