DATA PROTECTION LAW Assignment Sample
Introduction
As per the “general data protection regulation” the “cross border data transfer process” is enabled and it elaborates the general“data protection regime” that are mostly applied in the UK business purpose and with the “data protection act 2018” it explain the principles, rights and obligation. Each of the principles include the ICO guidelines and with the relevant “European data protection board” it helps to understand political campaigning and direct marketing with the help of AI. AI is mentioned in the process of GDPR and some are involved in personal data processing for individual right. GDPR has a significant impact on AI and machine learning.
Data protection principles
The Data protection act first introduced in the year 1998 incorporated GDPR in the United Kingdom’s Law system and with the British context it sets 7 principles.
- Lawfulness, fairness along with transparency
Principle of data lawfulness in data protection system seeks users understanding on where they are signing up to transfer their personal data and for this organization which requires personal information should use clear and accurate data subject that helps to provide legal protection.
- Purpose limitation
This mainly stipulates the data which is mainly collected for a significant purpose and it should ensure that the data is not used for any other application. GDPR mainly states this principle of purpose limitation is not incompatible under the public interest ground or any statistical purposes. It sets limits for the organization to use personal data in “multipurpose”.
- Accuracy
The significant step in data protection law in 1998 Act was, organization is responsible for updating any inaccurate information.
Data minimization
It is mainly for the organization that it should be ensured that the data collected for the intended purpose is adequate, relevant and limited and the “cdata minimization” principles seek hoarding data which have no clear rationale.
Integrity and confidentiality
It was mainly known as the security principle and the confidentiality of personal users data should always be considered in security measures. Along with other protection laws there are inherent responsibility states in the principle where both the physical and technological controls need to ensure compliances.
Individual right
With the advanced principle of data protection the GDPR states the individual rights for the citizen and their personal data [1]. The GDPR mainly provides some rights of individuals which are discussed in this section.
- Right of access
For individual requests any data can be entitled for confirming that their data is being accessed or processed and further relevant information regarding automated decision making her data can be accessed.
- Right To be informed
With the advanced law Data processors and controllers are obliged to individual for providing information about the personal data when collected and they have the right to know with whom the data would be shared and for how long the data will be kept to the organization for processing purpose.
- Right to rectification
The accuracy principle is related to these rights where it is mentioned that data objectives have the proper right and options to rectify the personal information and data if there is possibility of data [2]being inaccurate or not completed properly.
- Rights to erasure
It was generally referred to as “right to be forgotten” and this provides the right for the individuals to ask for any data deletion or removal and this right is obligated when company wants to omit some results or limiting their presence[3].
- “Right to data portability”
Any individual could reuse their personal information for various services which defines the data or information is available in such a machine in much readable format types that does not restricts data not to be repeatedly submitted.
- Right to object
It allows individuals to point to data usage and it is considered a duty of the organization to inform individuals of the right in their first communication process.
GDPR impact on AI and machine learning
The European Union focuses on data limitation and protection and they are passing regulations on accessing personal data usage. Before people start to share their personal information online, the EU creates a framework adopting data protection directives. In May 2016, the European parliament adopted the GDPR that aimed to harmonize the data privacy among the citizens and safeguard data that is transferred abroad for access and with the advanced technology gives individual rights to control the data. There are several principles and articles related with the principles of processing of personal data and some are discussed here.
Article 5 GDPR
According to this articles 5 (1) “personal data” should be
- Processed and assesed with fairness, lawfully and with a substance manner that relates with the subject of the data.
- “Personal data” should be collected and assessed with valid purpose and it will not further be processed in such a way that is considered “incompatible with purposes” In accordance with the purpose of article 89(1).
- The data should be relevant, limited and adequate for which those are processed with data minimization.
- Where it is necessary the personal data required to be updated and each step should be taken for ensuring the accuracy of personal data and it relates with the accuracy.
Article 5(2) is for controllers of the data and it states that controllers should be responsible for the data accountability and they need to demonstrate compliance with the above mentioned rules.
Article 39
Data processing principles relate the processing and personal data should always be lawful as well as fair and for natural persons it should be always transparent and with their concern personal data should be collected, accessed or transferred[4]. The transparent principles require information and communication for the processing and organization indeed to use clear and plain language.
EU GDPR in machine language
There are certain impacts on the applications of machine learning in the regulation protection of “European Union’s General data ” (GDPR). These effects could have far reached in the data protection systems. These laws are effective for the development of data privacy and regulations. There are different external factors which are required to be assessed and managed properly for the development of these data protection laws. There could be development of different external elements. Different EU data assessments could be developed with the appropriate implementation of these GDPR laws. The “individual machine learning” processes could bbe improved with the appropriate use of these laws and regulations.
The key changes in the EU framework include territorial scope with heavy penalties that are non-compliances and required data subject concerns. In the advanced GDPR the breach notification , right to be forgotten and privacy by design is involved.
Limit of GDPR in personalization context
The European data protection framework involved the data driven personalization and with the general perception that protection is suitable and there are several elements of the GDPR linked with the data driven personalization. GDPR can serve as a legal framework to govern the concerns that have relation with AI. According to Michele Finck, personalization can be driven by both and it can produce the personal data which is involved in the scope of “General data protection regulation”. The consequence of the data protection framework involves the data driven personalization. As a legal framework the artificial intelligence involved in the GDPR process and it is very important to keep it realistic in opportunities and limitations[5]. GDPR can serve as the legal framework that involves the normative concerns regarding AI.
Article 6(1) Lawfulness of data processing
This article states that processing ifd the data should be lawfully done and it can be extended to at least one of the following criteria discussed below.
- The data subject should always give concurrence to the procedures of the personal data for a particular purpose.
- Data processing is one of the valuable aspects for the execution of a contract where the data subject is considered as the part who can take steps for entering a contract.
- Processing is compulsory in addition to a legal obligation after that the controller becomes the subject.
- Processing is important for task performance that are carried out in public interest and oficial authority vested in the controller.
- Processing is also compulsory for the authorized interest to go after the controller or any other various types of third party and is excluded in some cases where elemental rights and freedoms of the personal can access the required protection of the personal data.
Artificial intelligence related with the GDPR process
With the machine language update AI is developing really fast and with more precise diagnosis it enables the opportunity for the people to access the personal data for significant purposes. A solid European framework is needed and European strategy decides the opportunities and challenges of AI is must and it can be defined by any one with its own way. The specific characteristics of AI technology include opacity, complexity, and unpredictability and according to the EU law it gives the fundamental rights to the enforcement authorities.
In 2018, the European commission includes communication on AI and it is defined as the system that displays intelligent behaviors by analyzing the environment and taking action.
Role of AI in collection and classification of personal data
The development as well as the deployment of the AI tools can be placed with the socio-technical framework where machine learning, human skills and organization structure is related with the data protection Law. This helps to provide regulatory support and the persuasive impact of AI in the Eu GDPR can be discussed in this section with describing the article and facts.
Article 4(1): Personal data
In advance the GDPR concept of personal data plays an important role and the provision in the GDPR concerns personal data and it excludes information which does not have human concerns. According to the ARTICLE 4(1) GDPR describes the personal data which means the required data that is related to “identified” or “identifiable” data subject. The “identifiable person” is one who can be directly or indirectly identified with the particular reference in terms of human name, location data and identification number or with themorespecific factors physiological, genetic, cultural, and social for the person.
Rectial (26) mainly represent the namely identifiability and the condition under which the pieces of data that are not linked to a person but considered as the personal data and the possibility exist to identify the “person concerned data” [6]Personal data which have “pseudonymisation” and can be attributed to a human by using additional information should be considered as an identifiable natural person. The “concept of non-personal data” is not mentioned in the EU framework; rather it iconsist the data with GDPR regulation 2018/1807 at recital.
Article 4(2): Profiling
The term profiling is used when the explicitly is not used and it refers to AI process and with the technologies regarding AI and the “processing consists” of the data concerning the person that infer the data on further aspects of the person. “Profiling” can be referred to as the form of “automated processing” of personal data that consists of using the personal data for evaluating certain personal aspects that are related with the natural person in particular to foreseeing a natural person’s performance in the work with health, the economic situation, and “personal preferences” and interest. According to article 29, profiling aims to classify the person into several categories of group sharing features. Profiling involves the ability to perform the task, likely behavior and interests AI and big data analytics with the combination have the availability with extensive computer resources that increase the opportunity for profiling and machine learning based approaches can be described often as interference along with the classification, decision and prediction for individual data concerning.
Article 4(11): Consent
Consent should be given freely with specific information and with a clear affirmative action. The consent of the data subject should be informed with the unambiguous by the specific statement or by affirmative action. Consent should cover all the activities that are carried out for some aspect or multiple purpose and consent should be given for all activities.
Freedom
Freedom is the other issue that can be also referred to as the freedom of consent and it should not have valid legal ground but can have the personal data processing with specific cases where imbalance between data subject and controller occurs.
According to the EU white paper on artificial intelligence is the collection of different technologies that combined with the machine learning and computing power to increase availability of the data that have industrial strength and with a regulatory framework.
In the European society for citizens new benefits with individual rights and when the AI system processes the personal data it shall be without prejudice and for example human oversight can have the access of monitoring the AI system operating for a purpose and the ability of intervening in the real time as well as deactivation. Under the GDPR processing must take place with the EU mentioned law with the limited ground. With the legislation some proposed rules are addressed in the GDPR process with different articles and situations.
According to the “Bundesverband der Verbraucherzentralen und Verbraucherverbände – Verbraucherzentrale Bundesverband eV v Planet49 Gm case” the german company called planet 49 organized in their webpage an online lottery possess and significantly participants enter their name and personal data as per requirement. There are two checkboxes. First one required acceptance from the user to be contacted for promotional offers. Then it shows some checkbox that shows the tick action. One participant needs to tick either one checkbox. The Federation of “German consumer organizations” initiated a court process against the company that it does not consider as the freely given consent[7]. Under both the directive 95/46 EC and the GDPR court assessed the consent requirement and as the court notes it becomes under the EPrivacy that the sending as consent under the directives and the GDPR.
another case C-13/ 16 the request for ruling the concern with the interpretation of article 7 and “directive of 95/46/ec” article 1 state that in accordance with the directives individual should protect the rights and freedom of natural person and in particular they have the right of privacy for processing the personal data.
Secondly this law states that members should never restrict the personal data flow.
Article 2 of the same directives states that personal data can be any information relating to the identifiable natural persona and other processes that are already mentioned above regarding the AI process system.
The EAIB the regulation divided several systems of AI which can be classified as the “Unacceptable risk AI system”, “high risk AI system” and “limited and minimal risk AI system”. This framework can develop risk based technologies. The limited and minimal risk AI includes the application of AI chatbots, AI powered inventory management. Once it is deployed then authorities can take the charge for surveillance and human oversight in the palace.
Conclusion
This report discussed the role of AI and big data analytics that are related with the Data protection law in the European framework. Several articles and case studies are discussed in the report to clear the background and with the valid processing purpose of European society that affect the individual rights of European people and with various evidence and examples the GDPR process is discussed here.
Bibliography
Journals
Abigail Goldsteen and others, ‘Data Minimization For GDPR Compliance In Machine Learning Models’ [2021] AI and Ethics.
Abigail Goldsteen and others, ‘Data Minimization For GDPR Compliance In Machine Learning Models’ [2021] AI and Ethics.
Athina Ioannou, Iis Tussyadiah and Graham Miller, ‘That’S Private! Understanding Travelers’ Privacy Concerns And Online Data Disclosure’ (2020) 60 Journal of Travel Research.
Bessen, J.E., Impink, S.M., Reichensperger, L. and Seamans, R., ‘GDPR and the Importance of Data to AI Startups’ [2020]
Daniela Nicklas and others, ‘IEEE International Conference On Pervasive Computing And Communications (Percom) 2020’ (2021) 77 Pervasive and Mobile Computing.
Erdem Balcı, ‘Overview Of Intelligent Personal Assistants’ (2019) 3 Acta INFOLOGICA.
Felzmann, H., Villaronga, E.F., Lutz, C. and Tamò-Larrieux, A., ‘Transparency you can trust: Transparency requirements for artificial intelligence between legal norms and contextual concerns’ [2019]
Hairong Li, ‘Special Section Introduction: Artificial Intelligence And Advertising’ (2019) 48 Journal of Advertising.
Heike Felzmann and others, ‘Transparency You Can Trust: Transparency Requirements For Artificial Intelligence Between Legal Norms And Contextual Concerns’ (2019) 6 Big Data & Society.
Himanshu Arora, ‘Grounds For Lawful Processing Of Personal Data In GDPR And Personal Data Protection Bill 2018, India (PDPB): Section – I: Consent.’ [2019] SSRN Electronic Journal.
Ioannou, A., Tussyadiah, I. and Miller, G., ‘That’s private! Understanding travelers’ privacy concerns and online data disclosure’ [2021]
[1] Bessen, J.E., Impink, S.M., Reichensperger, L. and Seamans, R., GDPR and the Importance of Data to AI Startups’ (2020).
[2]Timan, T. and Mann, Z., ‘Editorial: Data Protection in the Era of Artificial Intelligence: Trends, Existing Solutions and Recommendations for Privacy-Preserving Technologies. In The Elements of Big Data Value (pp. 153-175). Springer, Cham’ (2021)
[4] Marelli, L., Lievevrouw, E. and Van Hoyweghen, I., ‘Editorial: Fit for purpose? The GDPR and the governance of European digital health. Policy studies, 41(5), pp.447-467’ (2020)
[5] Truby, J. and Brown, R., 2021. Human digital thought clones ‘Editorials: the Holy Grail of artificial intelligence for big data’ (2021)
[6] Ioannou, A., Tussyadiah, I. and Miller, G., ‘Editorials: That’s private! Understanding travelers’ privacy concerns and online data disclosure’ (2021)
[7] Goldsteen, A., Ezov, G., Shmelkin, R., Moffie, M. and Farkash, A., ‘Editorials: Data minimization for GDPR compliance in machine learning models’ (2021)
………………………………………………………………………………………………………………………..
Know more about UniqueSubmission’s other writing services: