GDPR – sounding the death knell for self-learning algorithms?

In just a few short months the European General Data Protection Regulation becomes enforceable. This regulation enshrines in law the rights of EU citizens to have their personal data treated in accordance with their wishes. The regulation applies to any organisation which is processing EU citizens’ data, and the UK government has indicated that, irrespective of Brexit, it will implement the regulation in full.

The GDPR regulations are not just about where personal data is stored and the ability to opt out of email spam messages. Article 15 of the regulation specifically mentions the right for individuals to obtain meaningful information about the logic involved in any automatic decision concerning them, as well as the significance and the envisaged consequences of such processing for that individual.

Furthermore, Article 22 establishes the right of individuals to not be subject to an automated decision making process where those decisions significantly affect the individual.

Therefore, organisations need to be able to:

For those organisations that provide credit (e.g. mortgages, personal loans, credit cards) this is nothing new; there are already regulations in place to prevent discrimination and enforce clarity in data usage. It will more deeply impact organisations such as retailers who may make discount offers to some consumers and not others based upon an algorithm. If one consumer is disadvantaged as a result (i.e. gets a worse offer), then they can request an explanation and demand to be exempt from the algorithm.

These regulations have profound implications for data-driven organisations. Clearly, making an automated decision needs to be within a structured framework so that HOW the decision is made can be understood. The analytical model needs to be sufficiently interpretable to allow an explanation of WHY a decision was made about an individual, and WHAT the implications were for that individual. Organisations will also need to be able to explain what data was used to reach that decision, and in the case of important decisions, whether or not the overall decision making process is properly controlled.