As titles go for an e-book the Information Commissioner’s Office have not gone for one that grabs the attention and instead just stuck with descriptive. Let’s face it, if you saw a book in Waterstones entitled; Big data, artificial intelligence, machine learning and data protection you probably wouldn’t pick it for holiday reading. At 114 pages it is also big. If you process ‘big data’ then it is aimed at you.
As you have already worked out no doubt, there’s too much in the book to cover in a short article so this is little more than an overview. It repays reading. Click here for a copy: https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf
The pdf starts by defining big data:
“…high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.”
Or one could say massive datasets, real time data, and from different sources, although this is not exclusive.
It then goes on to define artificial intelligence (AI) and machine learning (ML), which are often confused and might well continue to be so even with the explanations of differences.
The next two chapters cover data protection implications and compliance tools, which are followed by one headed discussion but maybe explanation would be more accurate.
Perhaps the most relevant chapter is the one which lists six ‘Key Recommendations’. These require organisation to:
1/ consider whether there is a requirement of personal data and whether annonymisation before analysis would be the better option.
2/ ensure transparency in dealing with personal data. There is a section of privacy notices to be used throughout and project at appropriate stages.
3/ use privacy impact assessments in processes to identify risks to personal data. PIA have been promoted by the ICO.
4/ adopt a privacy by design approach. This has been mentioned in other contexts.
5/ develop ethical principles to reinforce key data protection principles.
6/ implement innovative techniques to develop auditable machine learning algorithms.
The ICO also stated the obvious, that big data is personal data and all the laws and regulations apply. However, some of the more strict rules under the GDPR will have an impact on big data. They give the instance of automated decision making. Individuals enjoy a qualified right not to be subject of it so consent will require information on processes to be clear and unambiguous.
You may have noticed that there are requirements for companies to ‘develop ethical principles’, to ‘implement innovatve techniques’ and to ‘develop auditable machine learning algorithms’. See 5/ and 6/ above. Or, to put it another way, much of the development work for systems is left to us.
This might be seen by some as the ICO opting out of its responsibilities and dumping their regulatory responsibility on us. Well, maybe there’s some truth in that. On the other hand, it gives us flexibility to design bespoke systems to suite specific needs.
The ICO is obviously concerned with the challenges of big data complying with the regulations. The book is extremely helpful, and it not being pedantic is one of it best features. I assume the ICO will, as ever, respond promptly and clearly to requests for clarification of any point.