Organizations have been using artificial intelligence(AI) and machine learning(ML) to help individuals and businesses to achieve actionable insights, key goals, expedite critical decision making, and create new, exciting and innovative products and services. With the rapid advancements in this field, the concerns on how artificial intelligence and machine learning have found sophisticated means to impact and compromise data privacy today, are being evaluated.
The AI requires to feed on massive amounts of data for it to function, so does ML in order for it to be trained and deployed. For years, companies have complied with how data is being used and shared among by third parties, but with the recent data breaches making headlines — governments, consumer-rights advocates, civil societies have raised questions on how the field of AI affects data privacy.
How it began....
Earlier, consumers had been giving away access to their personal data for free products and services, without much concern about how their personal data is being used. But over the years data breaches have piled up into a long list, it is only justified for the rising concerns.
The most prominent example would be the Cambridge Analytica-Facebook scandal in 2018. In short, Facebook’s(now known as Meta) lack of regulations on the sharing of personal data, allowed Cambridge Analytica, a British political consulting firm, to harvest profile/personal data from the social media using AI. The consulting firm used the data collected overtime from 50 million users to overtake the social media experience of the users and manipulated their feeds.
Privacy Legislation – GDPR
Governments today have played a very crucial role in order to establish a balance between the right to privacy and the technological advancements taking place. With over 130 jurisdictions across the world, having data privacy laws in place.
An example was set by the EU to get organizations world across, to treat personal data seriously, with its General Data Protection Regulation(GDPR), which went into effect during 2018. Organisations not adhering to the regulations can face hefty fines worth millions of dollars and penalties going up to 20 years. Some of the clauses given in the GDPR regulations have stirred up controversies and discussions, and subject to their interpretation it is said to be a hindrance to the working of AI/ML.
A clause in the GDPR has required that while data processing, the data processors should not be using the data for other purposes than what it was originally intended for when taking consent of the data subject. This itself is a challenge since, data science projects rely on exploratory data analysis(EDA) to help further the progress of the proct leading to interesting insights and innovation.
Furthermore, Article 22 of the GDPR says that data subjects shall have the right to autonomous decision making and not subjected to a decision making solely based on automated processing, which includes profiling, causing legal effects concerning the data subjects or it’s significant him or her. While the regulation protects the individual from being manipulated into decision making, it does become an obstacle to many of the mainstream uses of AI/ML.
Other clauses include: the GDPR dictating to provide sufficient explanation to the data subject regarding the logic involved behind the existence of automated decision making; focusing on the right to be forgotten — data subject will be able to request a data processor to remove all stored data and the withdrawal of it’s past consent to the use of the personal data.
Though the laws in the GDPR are not perfect, they will continuously evolve over time, and as cases are involved the interpretation of it will be more clearer.
Privacy Challenges of AI
The AI poses high risks when it processes large amounts of personal data, and hinders the rights and privacy of the individuals. While privacy was not one of the pillars considered when AI technologies were developed, certain challenges have popped up since:
- Data Persistence: Huge amounts of data is being accumulated for beyond the purposes it was originally intended for, hence the repurposing of data
- Data Repurposing: once collected, can indefinitely be stored way past the users life span, driven by low cost data storage
- Data Spillovers: Information being collected on other individuals(not the target) besides the data subjects
What does it mean for businesses?
Target once used personal identifiable information(PII), obtained shopping behavior data from it’s customers and using AI could then predict which customer was pregnant, simply based on which products were bought and in how much quantity. They then used this information to send coupons and store booklets for cribs, baby clothes, diapers, etc., to the customer’s addresses. Though this may not seem like a big deal, in one case the father of the pregnant woman got to know about the pregnancy even before she could tell her parents.
Privacy has to be one of the foundational elements of building and maintaining it’s trust among its customers for every business. According to a cybersecurity study conducted by IBM, 75% of customers won’t even consider buying products and services of businesses where they feel that their privacy is not being protected and their personal information is being inappropriately used.
Besides the ever evolving privacy regulations causing bottlenecks in the development of AI technologies, the businesses have to come to terms with the ethical aspect of it all from an individual point of view. The need to bring in transparency in the matters of data collection and explanation on how it’s processed to predict various outcomes, is becoming a legal requirement across countries. Privacy and compliance, is a direct reflection of the company and it’s business practice.
