Report suggests GDPR limits AI in Europe
Report from the Centre for Data Innovation finds that GDPR limits the collection and use of data, restricts automated decision-making and increases costs and risks
13 May 2019 | 0
One year on from the introduction of the General Data Protection Regulation (GDPR), a report from the Centre of Data Innovation (CDI) examines how it has impacted artificial intelligence (AI).
According to the report, by limiting organisations data collection and use, GDPR hinders the development and use of AI in Europe, putting firms at a competitive disadvantage.
It finds that GDPR makes data artificially scarce, automated decision making more difficult and that, if the EU wants to thrive in the algorithmic economy, it must be reformed.
The economic value of AI is difficult to predict but already, the total annual value of applying AI and analytics across industries is between €8.5 trillion and €13.7 trillion according to McKinsey.
“While EU policymakers should remain committed to the overall goals of improving consumer protection, they should also embrace opportunities to reform the GDPR to make it better suited to the algorithmic economy.” said Eline Chivot, senior policy analyst at the CDI.
“Mending, not ending, the GDPR should be on the table if the EU plans to seriously pursue its AI ambitions.”
Upon first draft in 2014, GDPRs impact on AI was not prioritised. As such, the report recommends five steps EU policymakers should take to reform GDPR and remain competitive in the algorithmic economy.
- Data processing should be allowed in the public interest, thus excusing it from GDPR requirements. EU states can exempt certain types of data processing from GDPR requirements when in the public interest. In creating these exemptions, legislative action must be taken, which defeats the intent of GDPR in creating a single digital market.
- Repurposing of data should be allowed, when it poses minimal risk. GDPR restricts organisations from repurposing data past original intended use, limiting the ability of organisations to experiment and innovate with lawfully collected data. As most of the repurposed data would be beneficial to consumers, this should be allowed, once harm is minimal and data is not being transferred from one controller to another.
- Restricting automated decision making, increases both costs and compliance risks. The right to human review of algorithmic decisions should be removed as it makes consumers victim to unfair, biased decisions.
- Organisations using algorithmic decision-making need only disclose basic information about how their systems work.
- Fines for violating GDPR should be proportional to the harm inflicted on the data subjects.
Daniel Castro, director, CDI said: “The EU can make reforms to the GDPR that enable greater data sharing and use of AI but do not undercut the protection of human dignity, legitimate interests, and other fundamental rights. Targeted changes to the GDPR will empower the EU to achieve its vision of becoming a leader in the algorithmic economy.”