Data Analytics and GDPR

After a few decades of producing digital content, we finally started to understand how to use the massive amount of data gathered and increase the precision of our marketing campaigns, discover patterns for our security intelligence or embed human behavior in our customer experience.

And after we just started to understand the potential of Big Data, we have a new set of rules on how to handle it. Do we get stuck? Is Data Science going to die? Not really…we just need to add some more hygiene to our data handling process.

If profiling customers is helping you make better decisions concerning your services and products, make sure this is transparent to the customers, and get explicit consent from them. Check out how profiling is being defines in GDPR

“any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements”.

Data Analytics makes great use of private data and it brings us patterns by connecting details of human behavior, psychology and financial transactions that us humans would never think of associating. We build these algorithms to understand customers’ personal interests, their ambitions and predict their future decisions. And you would think you take the emotions, tiredness and human error away from your decision making process and let artificial intelligence do the job, but then GDPR comes to ask if your predictive model unfairly discriminates against people. Which…you might not have considered to measure when you were calculating the performance or the confidence level of your model.

You have to take this into account as well. And if you were thinking to speed up your processes by adding some automated rules on filtering candidates or if you’re using AI to reject or approve one’s application to an online credit..then take a closer look at Recital-71 in GDPR. You can still do it, just be transparent, and give your customer the right to be handled by humans if the decision affects them and they don’t want it made by some intelligent algorithm. (So…no, robots are not taking all our jobs! They still need us, humans, to take some decisions)

We know that data analytics can be intrusive and a threat to once’s privacy, we also know the pr. So in order to stay compliant and ethical in your next projects, double check the following:

  • You understand what data you use (don’t forget to include the data you took from Facebook or from your business partner)
  • You understand how data is being used. Don’t get lost in machine learning algorithms and have a clear view on the logic behind the decision making process and check for potential bias, discrimination and error.
  • Your customers understand it too and have granted their consent
  • Data is secured.
  • If you get the same results anonymising data, then use that in your analysis.
  • You have an alternatives to support your customer’s rights

And…stay informed about GDPR compliance, it’s important that you and your team are well aware of all implications. This is how you know you can still focus on your Data Science project, but still respect human’s data privacy.

Check out this comprehensive paper on Big Data, AI and machine learning implications for data privacy, published by ICO UK .

Share This Post

Leave a Reply