With GDPR coming into effect from 25 May, will it restrict the use of Artificial Intelligence by marketers?

In today’s era of rapid advancement in all domains, while shopping online you would definitely prefer a website that predicts your purchase based on your shopping history/pattern as it saves your time and hence enhances your experience on the website.

Artificial Intelligence (AI), undoubtedly saves time. The huge complex systems and logic involved in AI makes it extremely user-friendly and magical at times! We are flooded with AI all around us. It is so omnipresent that we might actually fail to recognise it. From matching our cab pool rides to social media suggestions, AI is omnipresent. It is just like a system that humans associate with other human minds, such as learning and problem-solving.

Representational image.

Representational image. Pixabay.

The key factor of the exponential increase in the use of AI is the ability to take autonomous decisions which are aimed at maximising the chances of success. A successful AI requires a lot of data to train its systems and produce desired results. This immense data which is used by AI systems is the area of concern. With rising privacy obligations and concerns, focussing on using minimal data with only a “need to know” purpose is a major challenge for AI marketers.

One such regulation which is enforceable from 25 May 2018 is the General Data Protection Regulation (GDPR), which is designed to strengthen and unify data protection for every individual across the European Union. It places various transparency requirements on organisations by providing individuals with the logic involved in AI systems in a clear and understandable way. Transparency, however has never been AI’s strong suit. AI marketers have never proactively preferred giving out the logic involved in their systems as otherwise, it may subdue its magical experience.

Does that mean GDPR will kill AI?

With GDPR coming in which focuses on data minimisation technologies, organisations will have to severely work on identifying the purpose of processing all the data they collect. GDPR will impact all domains where AI involves processing of personal data of EU citizens. AI used in areas, like healthcare is very critical from a privacy and GDPR perspective as it involves highly critical and sensitive personal data which any individual may not want to reveal to unintended recipients. High degree of safety measures like encryption needs to be ensured prior to processing this data.

Another point of concern is when automated decision systems are used to process health-related data. Any organisation which automatically processes health data to assess the risks involved has to first provide the individual with an option to decide whether or not they want to give their consent to the automatic processing of their health data. This might have a massive cost for the AI marketers processing healthcare data of an individual.

Predicting user behaviour and pattern and driving results out of them is another key area highly used by AI marketers and is critical to an individual as specified in the GDPR. Patterns and behavioural trends used by AI systems can be pleasing and disturbing at the same time. Suppose, you search directions for a church on Google Maps everyday at 5:00 pm. You would be very pleased seeing that your smartphone reminds you of visiting the church every time the clock hits 5:00 pm, but you would not know that the same AI system in your smartphone may predict your religion based on this pattern. It may also use this data to drive out results and you would have no clue of how and where your data may be used. Now after GDPR coming in, there is a huge challenge in processing this personal data which the individual themselves may be unaware of. Obtaining consent for each and every kind of processing activity which may be involved is mandatory. This is a huge area of concern in the AI domain as the data involved is very dynamic in nature.

Changes in the way AI is used

AI marketers have to figure out ways of obtaining consent, providing details of the complex logic involved with AI and also ensure that no bias is involved while processing data through AI. Catering to the requests of the individual (whose data is under processing) within defined timelines is another important aspect where AI marketers have to focus. They must have visibility on all the domains where an individual’s data is processed, shared or stored.

All these challenges faced by marketers using AI will either force marketers to increase their resources which would involve a huge investment of time, money and effort to restrict the way or areas where AI is used on their systems and processes.

It is clear that businesses continue to depend on AI to manage growing data sets and customer demands. Similarly, it is important for regulations like GDPR to ensure that data which is personal to an individual is kept safe and used only for the intended purposes and in a transparent manner to the individual.

The author is a cybersecurity partner at EY.


Updated Date: May 24, 2018 09:04 AM