ABSTRACT
The purpose of this paper is to analyse the rules of the General Data Protection Regulation on automated decision making in the age of Big Data and to explore how to ensure transparency of such decisions, in particular those taken with the help of algorithms. The GDPR, in its Article 22, prohibits automated individual decision-making, including profiling. On the first impression, it seems that this provision strongly protects individuals and potentially even hampers the future development of AI in decision making. However, it can be argued that this prohibition, containing numerous limitations and exceptions, looks like a Swiss cheese with giant holes in it. Moreover, in case of automated decisions involving personal data of the data subject, the GDPR obliges the controller to provide the data subject with 'meaningful information about the logic involved' (Articles 13 and 14). If we link this information to the rights of data subject, we can see that the information about the logic involved needs to enable him/her to express his/her point of view and to contest the automated decision. While this requirement fits well within the broader framework of GDPR's quest for a high level of transparency, it also raises several queries particularly in cases where the decision is taken with the help of algorithms: What exactly needs to be revealed to the data subject? How can an algorithm-based decision be explained? Apart from technical obstacles, we are facing also intellectual property and state secrecy obstacles to this 'algorithmic transparency'.
- Agreement on Trade-Related Aspects of Intellectual Property Rights. https://www.wto.org/english/docs_e/legal_e/27-trips_01_e.htm accessed 11 November 2016.Google Scholar
- Article 29 Working Party 2013. 'Advice paper on essential elements of a definition and a provision on profiling within the EU General Data Protection Regulation', adopted on 13 May 2013, http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2013/20130513_advice-paper-on-profiling_en.pdf accessed 11 November 2016.Google Scholar
- 'Artificial Intelligence, Robotics, Privacy and Data Protection'. Room document for the 38th International Conference of Data Protection and Privacy Commissioners, October 2016.Google Scholar
- Trevor Bench-Capon, Thomas F. Gordon 2015. 'Tools for Rapid Prototyping of Legal Cased-Based Reasoning' ULCS-15-005, University of Liverpool, United Kingdom.Google Scholar
- Jenna Burrell 2016. 'How the machine 'thinks': Understanding opacity in machine learning algorithms' Big Data & Society 1--12.Google Scholar
- Toon Calders, Indrėe Žliobaiteė 2013. 'Why Unbiased Computational Processes Can Lead to Discriminative Decision Procedures' in Bart Custers et al. (eds.), Discrimination and Privacy in the Information Society. Data Mining and Profiling in Large Databases. Springer, 43--57.Google Scholar
- Thomas H. Coormen 2013. Algorithms Unlocked. MIT Press. Google ScholarDigital Library
- Angèle Christin, Alex Rosenblat, Danah Boyd 2015. 'Courts and Predictive Algorithms'. Data & Civil Rights: A New Era of Policing and Justice http://www.law.nyu.edu/sites/default/files/upload_documents/Angele%20Christin.pdf accessed 16 January 2017.Google Scholar
- Anupam Datta, Shayak Sen and Yair Zick 2016. 'Algorithmic Transparency via Quantitative Input Influence'. https://www.andrew.cmu.edu/user/danupam/datta-senzick-oakland16.pdf accessed 10 December 2016.Google Scholar
- Nicholas Diakopoulos 2016. 'Accountability in Algorithmic Decision Making'. Communications of the ACM 56: 58--59. Google ScholarDigital Library
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31.Google Scholar
- Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs, OJ L 111, 5.5.2009, p. 16.Google Scholar
- Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, OJ L 157, 15.6.2016, p. 1.Google Scholar
- European Data Protection Supervisor 2015. 'Opinion 7/2015. Meeting the challenges of big data. A call for transparency, user control, data protection by design and accountability'. https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2015/15-11-19_Big_Data_EN.pdf accessed 15 November 2016.Google Scholar
- European Patent Convention in combination with Guidelines for Examination, point 3.6 Programs for computers, available at https://www.epo.org/law-practice/legal-texts/html/guidelines/e/g_ii_3_6.htm accessed 20 December 2016.Google Scholar
- Bryce Goodman 2016. 'Discrimination, Data Sanitisation and Auditing in the European Union's General Data Protection Regulation'. European Data Protection Law Review 493.Google Scholar
- Bryce Goodman, Seth Flaxman 2016. 'European Union regulations on algorithmic decision-making and a "right to explanation"'. https://arxiv.org/abs/1606.08813v3 accessed 1 September 2016.Google Scholar
- Dennis S. Karjala 1991. 'Japanese Courts Interpret the 'Algorithm' Limitation on the Copyright Protection of Programs'. Jurimetrics Journal 233.Google Scholar
- Joshua A. Kroll et al. 2017. 'Accountable Algorithms' (forthcoming) 165 University of Pennsylvania Law Review, 1, 18.Google Scholar
- Jacob Loveless et al. 2013. 'Online Algorithms in High-frequency Trading. The challenges faced by competing HFT algorithms' 11 acmqueue 1.Google Scholar
- Alessandro Mantelero 2016. 'Personal data for decisional purposes in the age of analytics: From an individual to a collective dimension of data protection'. Computer Law & Security Review 32, 2: 238--255.Google ScholarCross Ref
- Mike Masnick 2016. 'Activists Cheer On EU's 'Right To An Explanation' For Algorithmic Decisions, But How Will It Work When There's Nothing To Explain?' https://www.techdirt.com/articles/20160708/11040034922/activists-cheer-eus-right-to-explanation-algorithmic-decisions-how-will-it-work-when-theres-nothing-to-explain.shtml accessed 10 January 2016.Google Scholar
- Cade Metz 2016. 'The Sadness and Beauty of Watching Google's AI Play Go'. https://www.wired.com/2016/03/sadness-beauty-watching-googles-ai-play-go/ accessed 21 November 2016.Google Scholar
- Cade Metz 2016. 'Artificial Intelligence Is Setting Up the Internet for a Huge Clash With Europe'. https://www.wired.com/2016/07/artificial-intelligence-setting-internet-huge-clash-europe/ accessed 10 January 2016.Google Scholar
- Sue Newell, Marco Marabelli 2015. 'Strategic opportunities (and challenges) of algorithmic decision- making: A call for action on the long-term societal effects of 'datification". Journal of Strategic Information Systems 24: 3--14. Google ScholarDigital Library
- Opinion of EPO G 0003/08 (Programs for computers) of 12.5.2010, ECLI:EP:BA:2010:G000308.20100512, point 13.5.Google Scholar
- Frank Pasquale 2015. The Black Box Society. The Secret Algorithms That Control Money and Information. Harvard University Press, 2015. Google ScholarDigital Library
- Melissa Perry 2017. 'iDecide: Administrative Decision-Making in the Digital World'. Australian Law Journal (forthcoming).Google Scholar
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1.Google Scholar
- Giovanni Sartor, Luther Branting (eds.) 1998. Judicial Applications of Artificial Intelligence. Springer. Google ScholarDigital Library
- Lauren Henry Scholz 2017. 'Algorithmic Contracts'. Stanford Technology Law Review, available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=274770 accessed 10 November 2016.Google Scholar
- Richard H. Stern 1995. 'On Defining the Concept of Infringement of Intellectual Property Rights in Algorithms and Other Abstract Computer-Related Ideas'. AIPLA Quarterly Journal 23: 401.Google Scholar
- John Swinson 1991. 'Copyright or Patent or Both: An Algorithmic Approach to Computer Software Protection'. Harvard Journal of Law & Technology 5: 145.Google Scholar
- Tal Zarsky 2016.'The Trouble with Algorithmic Decisions: An Analytic Road Map to Examine Efficiency and Fairness in Automated and Opaque Decision Making'. Science, Technology, & Human Values 41: 118--132.Google ScholarCross Ref
- Indrė Žliobaitė, Bart Custers 2016. 'Using sensitive personal data may be necessary for avoiding discrimination in data-driven decision models'. Artificial Intelligence and Law 24: 183--201. Google ScholarDigital Library
Index Terms
- AI-supported decision-making under the general data protection regulation
Recommendations
Using artificial intelligence to support compliance with the general data protection regulation
The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of ...
General Data Protection Regulation: new ethical and constitutional aspects, along with new challenges to information law
The EU 'General Data Protection Regulation' (GDPR) marked the most important step towards reforming data privacy regulation in recent years, as it has brought about significant changes in data process in various sectors, ranging from healthcare to banking ...
An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security
CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018High returns for processing personal data and low penalties for privacy violations led to the circumstance that protection of privacy was often not considered a priority. To counter this habit and to harmonize data protection laws throughout the ...
Comments