Artificial intelligence and data protection – a contradiction?

Data is the oil of the 21st century – artificial intelligence is one of the major buzzwords of our time. Not only the GAFA corporations (Google, Apple, Facebook and Amazon), but all major digital companies have been hunting for data to feed their algorithms.

Even Apple, the only one among these companies emphasizing at every moment how important data protection is. However, artificial intelligence that is not supplied with data is about as useful as a swimming pool without water. Big data is the key term that is the issue of debate particularly in the area of data protection. How can unlimited data collection and the protection of personal data be reconciled? Is that even possible?

To enable an algorithm to learn independently, it needs to analyse huge quantities of data. To date, companies’ answer to this question has been: crowd sourcing or also “differentiated data protection”. This means that the data records used are not only anonymized, but that an additional fuzziness is applied to them. This ultimately means that the data records cannot be traced back to any real person. Problem solved? Almost! The principles of transparency, purpose limitation and data minimization are active opponents of the concept of big data – with the latter being the direct antagonist of data minimization.

Massive data collectors vs. informational self-determination

A look at the example of Apple shows: those who do not “pimp” their products with artificial intelligence run the risk of being left behind – as demonstrated by the comparison of the voice assistants from Google, Amazon and Apple. While Apple was still leading when Siri was introduced to the market, Google and Amazon are now a step ahead thanks to the storage and analysis of user data. Data protection activists see the informational self-determination of the users above all endangered by the practice of data collection. Smartphones and digital assistants are constantly listening and sending their results to California. The users can barely guess how the data is evaluated and how it is used. The fact is that data has substantial value and digital companies know how to make money with it.

Risk assessment in the context of data protection – problems with black box AI

Since AI is an independently learning system, the algorithm can no longer be traced by its developers and it makes its own decisions. This phenomenon is called “black box AI.” There is a strong potential for conflict between artificial intelligence and data protection. Companies, but also the legal system, face a major challenge of offering companies a fair chance in the competition for the future of AI technology on the one hand, but also ensure the security of data on the other hand.

How data protection can be ensured despite artificial intelligence

How can data protection and artificial intelligence then be reconciled with each other in such an environment? Apple answers this question with the crowd sourcing approach already mentioned. Many companies additionally point out that their technologies could also be used locally on the device. A good example for this is FaceID, the face recognition technology on the iPhone, which means that processing the user’s personal information would no longer be required. Moreover, data protection and artificial intelligence can be combined without any problems in other situations: for example, the AI can detect data leaks – until now, this has been a difficult task for many companies. If data protection is compromised, 44% of companies will not be able to detect and report a data leak within 72 hours according to current studies. A bot could really be helpful here. Artificial intelligence can also provide important assistance in the area of risk analysis. The risk assessment with regard to data protection as currently required by law will probably be difficult to ensure in the future, as already mentioned, since artificial intelligence by definition learns independently and is intended to be able to find its own ways. The law currently requires, however, that the use and processing of personal data ultimately must be assessed and evaluated – but this is entirely impossible in the case of artificial intelligence.

What is the conclusion?

It can be said that data protection and AI are not incompatible per se, but much potential for conflict persists. Data protection must start earlier in order to account for the phenomenon of black box AI. In addition, changes in data protection law will probably be necessary in order to eliminate inconsistencies. It is currently difficult to predict in which direction the issue will evolve. What is certain is this potential for conflict will trigger many discussions.
In the long term, however, data protection with standards protecting the personal data of the people can provide a framework for technological innovations – also in the area of AI.