The European Union’s new General Data Protection Regulation (GDPR) may outlaw some AI algorithms and data collection practices, warns University of Washington Professor Pedro Domingos, author of the seminal AI introduction The Master Algorithm.
The GDPR will come into effect on May 25, 2018, replacing the 1995 Data Protection Directive. The regulation aims to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy,” according to the GDPR website, bringing Europe “the most important change in data privacy regulation in 20 years.”
What exactly will change? First, the GDPR applies to all companies processing the personal data of EU citizens regardless of company location. Second, breaching the GDPR will carry stiff penalties, with companies facing fines of up to 4% of their global turnover, or €20 million. Third, companies will be required to procure customer consent in clear and comprehensible language, allow easy user withdrawal from data collection, and notify local EU Data Processing Authorities of data usage.
EU citizens will be entitled to have their data erased or transferred to another processing agent, and must be notified immediately if their data is misused.
The new regulation will be detrimental to data mining operations and AI startups, and big tech companies will be scrutinized for using web browsing cookies or social media profiles. Deutsche Bank estimates the GDPR could erase 2% of Google’s revenue.
GDPR requires AI decisions to be interpretable
Along with its regulations on the use of private data, the GDPR also imposes adverse provisions on scientists and researchers who are deploying machine learning algorithms, especially in deep learning.
Section 4, article 22 of the GDPR requires a “right to explanation” for users on all decisions made by automated or AI algorithm systems. According to the context, a data subject has the right to opt out of a decision made by automated processing or AI that produces legal effects on them, such as automatic refusal of an online credit application or e-recruiting practices without any human intervention.
The GDPR mandates that all customers or users are entitled to receive “specific information” regarding the decision. This raises the issue of AI interpretability, especially in deep learning systems. An Oxford Internet Institute research paper predicts the GDPR’s right to explanation will directly impact machine learning.
Researchers and data scientists regard the interpretability of AI as very challenging, especially given that recent advancements in AI are based on deep learning and deep reinforcement learning. The most common fundamental algorithms used in these models learn their objective functions and adjust weights automatically as the learning proceeds via iterative epochs based on huge amounts of labelled data.
Researchers do not know how the learned weights achieve the best result, and it is difficult to determine what kinds of learning the model has achieved. Accordingly, such systems are referred to as “black-box” mechanisms wherein humans provide the data, the model, and the architecture — and then the computer outputs the answer.
Will deep learning really be outlawed?
Prof. Domingos’ “making deep learning illegal” tweet ignited a heated debate on AI and the GDPR. Some criticized him for misrepresenting the regulation. Eric Topol, an renowned American cardiologist, replied “that kinda makes human intelligence — which is unexplainable — illegal by inference.”
Director of Product Marketing for Cloudera Data Science Thomas Dinsmore blogged that the GDPR’s adverse impact on deep learning might be exaggerated because a right to explanation has already existed for years and the GDPR is simply expanding the scope and applying such rules to automated processing. “The need to deliver an explanation affects decision engines but need not influence the choice of methods data scientists use for model training,” wrote Dinsmore.
The premise and definition of the GDPR’s “right to explanation” is also opaque. Oxford researchers expressed doubts in a January 2017 paper, noting several issues regarding the regulation’s feasibility, such as “it lacks precise language as well as explicit and well-defined rights and safeguards against automated decision-making, and therefore runs the risk of being toothless.”
For their part, machine learning scholars have over the last two years put increasing focus on the interpretability of AI technologies. IJCAI 2017 held a special workshop on Explainable Artificial Intelligence (XAI); while NIPS 2017 hosted a debate on whether interpretability is necessary for machine learning.
Other efforts in academia hint at the possibility of unveiling the black box’s mysteries. The Defense Advanced Research Projects Agency (DARPA) initiated an XAI program in order to turn the “black-box” into a “glass-box” so that a “human-in-the-loop” would know the reasoning behind decisions. Local Interpretable Model-agnostic Explanations (LIME) is a more well-known study aiming to explain black-box algorithms by starting from simpler models in the field of object recognition and text classification.
Meanwhile, many practical AI applications do not demand interpretation. Machine translation for example has been revolutionized by AI technologies, and users are much more concerned with the translation results than how they were generated.
Despite the alarmism from Prof. Domingos and some others in the AI community, the GDPR will not outlaw deep learning. It will however impact big data collection and usage with the goal of protecting users’ privacy, and may even encourage researchers to find a way to open the black box and look inside.
Journalist: Meghan Han, Mos Zhang, Tony Peng | Editor: Michael Sarazen
GDPR does not mandate the “right to explanation”, which is further explained in the Oxford University research you link to. The premise of this article is therefore incorrect and misleading.