Artificial Intelligence (AI) sector is promising an altogether new generation of technological advancement being highly disruptive and productive for the Industry 4.0. AI is a constellation of technologies performing different cognitive functions- data analysis to language learning that assists a machine to understand thoughts, experiences and senses. The major functioning of A.I is to analyse the data and provide responses in accordance to the collected intelligence, basically AI provides a sui generis ability to analyse the big data applications in its various dimensions. Therefore, AI is most about the computer-generated behaviours which is considered intelligent in human beings. The concept of AI has existed for some time now, and contemporarily it is a reason of rapidly increasing computational power in industry (a phenomenon known as Moore’s law) [i] leading to the point where AI market will surpass $100 billion by 2025.[ii] AI is significant as it will transform the medium of interaction between humans and technology resulting in overall societal advantages such as inventiveness, innovation and confidence.
With all the advancement that AI will bring in the industry, it brings a lot of concern for regulators across the different jurisdictions. One of the major concerns with the application of AI is its character of feasting on large amount of data and hence its impact on data-privacy. This is making the regulators hesitant in order to allow AI start-ups to initiate any kind of large-scale activities based on AI technology. AI start-ups are soon going to hit a major impediment as the European Union’s General Data Protection Regulation (GDPR) is in effect now. The GDPR, adopted in April 2016, is being considered as the intention of European Union (EU) to form a strengthened, integrated and unified data-privacy mechanism within the EU. It aims primarily to provide the EU citizens an instrument of more control over their personal data and its protection. It provides a framework in which individuals will have liberty to ask questions that how the companies or institutions are processing and storing their personal data. The challenge of full accountability to consumer as strictly put mentioned by the GDPR makes the collection of data by more difficult impacting the AI start-ups which are absolutely dependant on varieties of personal data for machine-learning initiatives.
When it comes to knowing the specific limits that GDPR will put on AI start-ups and services then it can be explained in two-fold impacts. Firstly, processing of data has direct legal effects on the customer, such as credit applications, e-recruiting, or workplace monitoring, the GDPR will completely limit the usefulness of AI or these purposes as the Article 22 and Recital 71[iii] strictly provides for the requirement of explicit consent for each and every unit of data that is used making the functioning of the market slower. Secondly, the algorithms that the AI developers use for the application evolve themselves making it later not at all understandable, and this data combination becomes very complex to regulate.[iv]
The way out for AI start-ups seems to be in the organisational procedures that can standardise the obtaining of consent for the governance of the data within a well-structured data management framework. To be in compliance with the GDPR while processing the huge amount of data it is required that AI developers provide a fixed policy of filing an automated appeal to consumers. Illustrating this it is required that if a consumer is denied the service by any AI application, developers should provide a chance to know the reason to that consumer i.e. an appeal. It is worth mentioning that it is humans that have created, modified and implemented AI technology and they also have the potential to make it compliant and moderate according to the reasonable considerations of regulators. GDPR is not an evil for AI applications but it is just a regulatory initiative with which if AI technology develops, it will get more confidence of the potential consumers.
[i] ICO, Big Data, Artificial Intelligence, Machine Learning and Data Protection, Information Commissioner’s Office, https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf.
[ii] Todd Wright and Mary Beth, The GDPR: An Artificial Intelligence Killer?, Datanami, https://www.datanami.com/2018/02/27/gdpr-artificial-intelligence-killer/.
[iii] David Roe, Understanding GDPR and Its impact on the Development of AI, CMS wire, https://www.cmswire.com/information-management/understanding-gdpr-and-its-impact-on-the-development-of-ai/.
[iv] David Meyer, AI Has a Big Privacy Problem and Europe’s New Data Protection Law Is About to Expose It, Fortune, http://fortune.com/2018/05/25/ai-machine-learning-privacy-gdpr/.