Balancing the Regulation and the Innovation: GDPR and AI

Artificial Intelligence (AI) sector is promising an altogether new generation of technological advancement being highly disruptive and productive for the Industry 4.0. AI is a constellation of technologies performing different cognitive functions- data analysis to language learning that assists a machine to understand thoughts, experiences and senses. The major functioning of A.I is to analyse the data and provide responses in accordance to the collected intelligence, basically AI provides a sui generis ability to analyse the big data applications in its various dimensions. Therefore, AI is most about the computer-generated behaviours which is considered intelligent in human beings. The concept of AI has existed for some time now, and contemporarily it is a reason of rapidly increasing computational power in industry (a phenomenon known as Moore’s law) [i] leading to the point where AI market will surpass $100 billion by 2025.[ii] AI is significant as it will transform the medium of interaction between humans and technology resulting in overall societal advantages such as inventiveness, innovation and confidence.

With all the advancement that AI will bring in the industry, it brings a lot of concern for regulators across the different jurisdictions. One of the major concerns with the application of AI is its character of feasting on large amount of data and hence its impact on data-privacy. This is making the regulators hesitant in order to allow AI start-ups to initiate any kind of large-scale activities based on AI technology. AI start-ups are soon going to hit a major impediment as the European Union’s General Data Protection Regulation (GDPR) is in effect now. The GDPR, adopted in April 2016, is being considered as the intention of European Union (EU) to form a strengthened, integrated and unified data-privacy mechanism within the EU. It aims primarily to provide the EU citizens an instrument of more control over their personal data and its protection. It provides a framework in which individuals will have liberty to ask questions that how the companies or institutions are processing and storing their personal data. The challenge of full accountability to consumer as strictly put mentioned by the GDPR makes the collection of data by more difficult impacting the AI start-ups which are absolutely dependant on varieties of personal data for machine-learning initiatives.

When it comes to knowing the specific limits that GDPR will put on AI start-ups and services then it can be explained in two-fold impacts. Firstly, processing of data has direct legal effects on the customer, such as credit applications, e-recruiting, or workplace monitoring, the GDPR will completely limit the usefulness of AI or these purposes as the Article 22 and Recital 71[iii] strictly provides for the requirement of explicit consent for each and every unit of data that is used making the functioning of the market slower. Secondly, the algorithms that the AI developers use for the application evolve themselves making it later not at all understandable, and this data combination becomes very complex to regulate.[iv]

The way out for AI start-ups seems to be in the organisational procedures that can standardise the obtaining of consent for the governance of the data within a well-structured data management framework. To be in compliance with the GDPR while processing the huge amount of data it is required that AI developers provide a fixed policy of filing an automated appeal to consumers. Illustrating this it is required that if a consumer is denied the service by any AI application, developers should provide a chance to know the reason to that consumer i.e. an appeal. It is worth mentioning that it is humans that have created, modified and implemented AI technology and they also have the potential to make it compliant and moderate according to the reasonable considerations of regulators. GDPR is not an evil for AI applications but it is just a regulatory initiative with which if AI technology develops, it will get more confidence of the potential consumers.

[i] ICO, Big Data, Artificial Intelligence, Machine Learning and Data Protection, Information Commissioner’s Office, https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf.

[ii] Todd Wright and Mary Beth, The GDPR: An Artificial Intelligence Killer?, Datanami, https://www.datanami.com/2018/02/27/gdpr-artificial-intelligence-killer/.

[iii] David Roe, Understanding GDPR and Its impact on the Development of AI, CMS wire, https://www.cmswire.com/information-management/understanding-gdpr-and-its-impact-on-the-development-of-ai/.

[iv] David Meyer, AI Has a Big Privacy Problem and Europe’s New Data Protection Law Is About to Expose It, Fortune, http://fortune.com/2018/05/25/ai-machine-learning-privacy-gdpr/.

Understanding the ‘Technology of Regulation’: Regulating the Scientific Advancements

Regulations are most often considered as adversaries of technological changes. The position of technology is to stimulate the growth of the enterprises, markets, and industries, while the periodical regulations as issued by the government, represents the limits that are imposed on this growth. This is the general conception of regulations that is no doubt everyone has regarding the regulation of technology since the 1970s when the debate started which was focused on controlling the nation-states expedition of nuclear energy, supersonic transport, and food additives. Today, the debate continues as the fears of technologies such as dark web, genetically modified foods etc. calling for regulations as precautionary measures. And to an extent, the conflict is unavoidable.

The dynamics that are induced by the technology revolution are credited with half or more productivity growth. The process of ‘creative destruction’ by entrepreneurs who devise new ways of producing goods and services is potentially a far more potent source of progress that is short-term price competition, as pointed out by Schumpeter. However, regulation can retard all of Schumpeter’s three stages of technological change: invention, innovation, and diffusion.

Every negative in the whole story is just not about the regulations. An anxiety amounts when there is talk about driverless cars, artificial intelligence, and social media, regulation is the only way to relax the stress of uncertainties that these technological changes will bring in lives of humans. These are not the views of legislators only, but also from the people who are driving these technologies and people who are driven by these technologies.

Is there a way to balance regulation and technology? The way seems to be accepting the change in the technology of regulation. Regulations are being imposed in traditional ways only such that considered to be of one type and of effecting in one way only. However, there is a way to explore more in this regard, just as there are many different types of technologies, there are many different types of regulations. Different technology instruments, such as technical requirements, performance standards, taxes, allowances, and information disclosure, can have very different effects on technological change and other important consequences.

One of the main reasons that the present regulatory technology is not rendering desired results is that the state regulators are not dedicating the time, energy, or funding to the regulations in the way the technology is developed. The key to bringing in the same creativity and inspiration into the regulations, such that the incentivized-approach must be followed, is to allow the private regulators to build the regulatory systems of the digital age.

The drivers of this shift are often ultimately regulated companies themselves- looking to define a reasonably reliable playing field on which they and their competitors meet. Private regulators are already regulating to a certain extent by having autonomy over the governance of choosing their terms and conditions of the ‘agreement’ which is the main source of the entire corporate control. Another compelling reason for bringing up the private regulators in the game is that the private entities are closer to what is happening, at increasingly high speed, on the ground, and in the cloud is not going to go away till the time they are responsible for developing new technologies.

It is very important to create a supervised cohort of private regulators. This gets the best of both worlds: the regulations that follow the incentivized approach and being accountable to the government and the understanding of these regulations to the market players in very clear terms. The question of arbitrariness because of these regulators cannot creep in as the licenses to regulate will always be in the hands of the government. Further, they have to keep their regulatory clients happy by developing easier, less costly and more flexible ways of implementing regulatory controls.

The sooner we adopt the new technology of regulation and move beyond the idea that conventional regulation can handle the challenges of our powerful new technologies, the better. The idea to regulate the innovative and disruptive technologies is a useless idea unless we figure out how to harness the power of markets, and new approaches to government accountability, to that task.

(This blog series will explore and cover all the areas of regulations that are present and required for adjusting the balance with certain scientific advancements. Suggestions and Improvements are invited from readers)