Privacy is a big challenge when dealing with vast amounts of data, which is the basis of artificial intelligence. People whose data is being collected, treated and analysed are often referred to as ‘data subjects’. Our AI Privacy Expert Erlin Gulbenkoglu explains how to design GDPR compliant AI systems that honour data subject rights.
How do you define the data subject rights?
I took GDPR as my framework, since it is the evolutionary privacy regulation. In addition, GDPR articles help anyone who designs AI to embed privacy into the process.
How to build privacy compliant AI systems matching GDPR requirements? (GDPR Article 22)
Often the most accurate AI systems are built by utilising both human and machine intelligence, so called human-in-the-loop concept. One advantage of this approach is that it helps with compliance requirements that apply for ‘solely’ automated processing, not involving any humans. AI is often misunderstood as autonomy, but it’s safer and more efficient to combine machines with humans.
With very complex machine learning models the logic behind the model becomes harder to explain. How would you solve this? (GDPR article 13.2(f))
According to GDPR we are required to provide meaningful information about the logic involved in an AI system. There are techniques like SHAP, LIME, LRP which help us to explain the so called “black box machine learning models”. These techniques help us to to explain why AI made a certain conclusion, but they also help the human expert in the loop.
According to GDPR data subjects have the right to be forgotten. Is this a problem with training data used in machine learning? (GDPR Article 17)
Research shows that some machine learning models can memorise their data. One solution to this would be using differentially private machine learning models that can help tackle this problem by adding randomness to each query which a model is making throughout the training dataset. With the mathematical guarantees of differentially private machine learning models, there will be no way to trace back to an individual in the training dataset. This approach also helps us to generalise our models.
Recently, Erlin gave a talk at MyData 2018 about “How to build AI while honouring data subject rights”. Check out her presentation here.
Read Erlin’s insights about GDPR & AI: Privacy by Design in Artificial Intelligence.