Artificial intelligence in business operations poses problems in terms of GDPR compliance

25. February 2022

With the introduction of the General Data Protection Regulation, the intention was to protect personal data and to minimize the processing of such data to the absolutely necessary extent. Processing should be possible for a specific, well-defined purpose.

In the age of technology, it is particularly practical to access artificial intelligence, especially in everyday business, and use it to optimize business processes. More and more companies are looking for solutions based on artificial intelligence. This generally involves processing significant amounts of personal data.

In order for artificial intelligence to be implementable at all, this system must first be given a lot of data to store so that it can learn from it and thus make its own decisions.

When using so-called “machine learning”, which forms a subset of artificial intelligence, care must be taken as to whether and what data is processed so that it is in compliance with the General Data Protection Regulation.

If a company receives data for further processing and analysis, or if it shares data for this purpose, there must be mutual clarity regarding this processing.

The use of artificial intelligence faces significant challenges in terms of compliance with the General Data Protection Regulation. These are primarily compliance with the principles of transparency, purpose limitation and data minimization.

In addition, the data protection impact assessment required by the General Data Protection Regulation also poses problems with regard to artificial intelligence, as artificial intelligence is a self-learning system that can make its own decisions. Thus, some of these decisions may not be understandable or predictable.

In summary, there is a strong tension between artificial intelligence and data privacy.

Many companies are trying to get around this problem with the so-called “crowd sourcing” solution. This involves the development of anonymized data, which is additionally provided with a fuzziness instead of being able to trace it back to a person.