In this special guest feature, Joseph E. Mutschelknaus, a director in Sterne Kesslers Electronics Practice Group, addresses some of the top data privacy compliance issues that startups dealing with AI and ML applications face. Joseph prosecutes post-issuance proceedings and patent applications before the United States Patent & Trademark Office. He also assists with district court litigation and licensing issues. Based in Washington, D.C. and renown for more than four decades for dedication to the protection, transfer, and enforcement of intellectual property rights, Sterne, Kessler, Goldstein & Fox is one of the most highly regarded intellectual property specialty law firms in the world.
Last year, the Federal Trade Commission (FTC) hit both Facebook and Google with record fines relating to their handling of personal data. The California Consumer Privacy Act (CCPA), which is widely viewed the toughest privacy law in the U.S., came online this year. Nearly every U.S. state has its own data breach notification law. And the limits of the EUs General Data Protection Regulation (GDPR), which impacts companies around the world, are being tested in European courts.
For artificial intelligence (AI) startups, data is king. Data is needed to train machine learning algorithms, and in many cases is the key differentiator from competitors. Yet, personal data, that is, data relating to an individual, is also subject an increasing array of regulations.
As last years $5 billion fine on Facebook demonstrates, the penalties for noncompliance with privacy laws can be severe. In this article, I review the top five privacy compliance issues that every AI or machine learning startup needs to be aware of and have a plan to address.
1. Consider how and when data can be anonymized
Privacy laws are concerned with regulating personally identifiable information. If an individuals data can be anonymized, most of the privacy issues evaporate. That said, often the usefulness of data is premised on being able to identify the individual that it is associated with, or at least being able to correlate different data sets that are about the same individual.
Computer scientists may recognize a technique called a one-way hash as a way to anonymize data used to train machine learning algorithms. Hash operations work by converting data into a number in a manner such that the original data cannot be derived from the number alone. For example, if a data record has the name John Smith associated with it, a hash operation may to convert the name John Smith into a numerical form which is mathematically difficult or impossible to derive the individuals name. This anonymization technique is widely used, but is not foolproof. The European data protection authorities have released detailed guidance on how hashes can and cannot be used to anonymize data.
Another factor to consider is that many of these privacy regulations, including the GDPR, cover not just data where an individual is identified, but also data where an individual is identifiable. There is an inherent conflict here. Data scientists want a data set that is as rich as possible. Yet, the richer the data set is, the more likely an individual can be identified from it.
For example, The New York Times wrote an investigative piece on location data. Although the data was anonymized, the Times was able to identify the data record describing the movements of New York City Mayor Bill de Blasio, by simply cross-referencing the data with his known whereabouts at Gracie Mansion. This example illustrates the inherent limits to anonymization in dealing with privacy compliance.
2. What is needed in a compliant privacy policy
Realizing that anonymization may not be possible in the context of your business, the next step has to be in obtaining the consent of the data subjects. This can be tricky, particularly in cases where the underlying data is surreptitiously gathered.
Many companies rely on privacy policies as a way of getting data subjects consent to collect and process personal information. For this to be effective, the privacy policy must explicitly and particularly state how the data is to be used. Generally stating that the data may be used to train algorithms is usually insufficient. If your data scientists find a new use for the data youve collected, you must return to the data subjects and get them to agree to an updated privacy policy. The FTC regards a companys noncompliance with its own privacy policy as an unreasonable trade practice subject to investigation and possible penalty. This sort of noncompliance was the basis for the $5 billion fine assessed against Facebook last year.
3. How to provide a right to be forgotten
To comply with many of these regulations, including the GDPR and CCPA, you must provide not only a way for a data subject to refuse consent, but also a way to for a data subject to withdraw consent already given. This is sometimes called a right to erase or a right to be forgotten. In some cases, a company must provide a way for subjects to restrict uses of data, offering data subjects a menu of ways the company can and cannot use collected data.
In the context of machine learning, this can be very tricky. Some algorithms, once trained, are difficult to untrain. The ability to remove personal information has to be baked into the system design at the outset.
4. What processes and safeguards need to be in place to properly handle personal data
Privacy compliance attorneys need to be directly involved in the product design effort. In even big sophisticated companies, compliance issues usually arise when those responsible for privacy compliance arent aware of or dont understand the underlying technology.
The GDPR requires certain companies to designate data protection officers that are responsible for compliance. There also record-keeping and auditing obligations in many of these regulations.
5. How to ensure that data security practices are legally adequate
Having collected personal data, you are under an obligation to keep it secure. The FTC regularly brings enforcement actions against companies with unreasonably bad security practices and has detailed guidelines on what practices it considers appropriate.
In the event of a data breach does occur, you should immediately contact a lawyer. Every U.S. state has its own laws governing data breach notification and imposes different requirements in terms of notification and possibly remuneration.
Collecting personal data is essential part of many machine learning startups. Lack of a well-constructed compliance program can be an Achilles heel to any business plan. It is a recipe for an expensive lawsuit or government investigation that could be fatal to a young startup business. So, a comprehensive compliance program has to be an essential part of any AI/ML startups business plan.
Sign up for the free insideBIGDATAnewsletter.
View post:
- Classic reasoning systems like Loom and PowerLoom vs. more modern systems based on probalistic networks - November 8th, 2009 [November 8th, 2009]
- Using Amazon's cloud service for computationally expensive calculations - November 8th, 2009 [November 8th, 2009]
- Software environments for working on AI projects - November 8th, 2009 [November 8th, 2009]
- New version of my NLP toolkit - November 8th, 2009 [November 8th, 2009]
- Semantic Web: through the back door with HTML and CSS - November 8th, 2009 [November 8th, 2009]
- Java FastTag part of speech tagger is now released under the LGPL - November 8th, 2009 [November 8th, 2009]
- Defining AI and Knowledge Engineering - November 8th, 2009 [November 8th, 2009]
- Great Overview of Knowledge Representation - November 8th, 2009 [November 8th, 2009]
- Something like Google page rank for semantic web URIs - November 8th, 2009 [November 8th, 2009]
- My experiences writing AI software for vehicle control in games and virtual reality systems - November 8th, 2009 [November 8th, 2009]
- The URL for this blog has changed - November 8th, 2009 [November 8th, 2009]
- I have a new page on Knowledge Management - November 8th, 2009 [November 8th, 2009]
- N-GRAM analysis using Ruby - November 8th, 2009 [November 8th, 2009]
- Good video: Knowledge Representation and the Semantic Web - November 8th, 2009 [November 8th, 2009]
- Using the PowerLoom reasoning system with JRuby - November 8th, 2009 [November 8th, 2009]
- Machines Like Us - November 8th, 2009 [November 8th, 2009]
- RapidMiner machine learning, data mining, and visualization tool - November 8th, 2009 [November 8th, 2009]
- texai.org - November 8th, 2009 [November 8th, 2009]
- NLTK: The Natural Language Toolkit - November 8th, 2009 [November 8th, 2009]
- My OpenCalais Ruby client library - November 8th, 2009 [November 8th, 2009]
- Ruby API for accessing Freebase/Metaweb structured data - November 8th, 2009 [November 8th, 2009]
- Protégé OWL Ontology Editor - November 8th, 2009 [November 8th, 2009]
- New version of Numenta software is available - November 8th, 2009 [November 8th, 2009]
- Very nice: Elsevier IJCAI AI Journal articles now available for free as PDFs - November 8th, 2009 [November 8th, 2009]
- Verison 2.0 of OpenCyc is available - November 8th, 2009 [November 8th, 2009]
- What’s Your Biggest Question about Artificial Intelligence? [Article] - November 8th, 2009 [November 8th, 2009]
- Minimax Search [Knowledge] - November 8th, 2009 [November 8th, 2009]
- Decision Tree [Knowledge] - November 8th, 2009 [November 8th, 2009]
- More AI Content & Format Preference Poll [Article] - November 8th, 2009 [November 8th, 2009]
- New Planners Solve Rescue Missions [News] - November 8th, 2009 [November 8th, 2009]
- Neural Network Learns to Bluff at Poker [News] - November 8th, 2009 [November 8th, 2009]
- Pushing the Limits of Game AI Technology [News] - November 8th, 2009 [November 8th, 2009]
- Mining Data for the Netflix Prize [News] - November 8th, 2009 [November 8th, 2009]
- Interview with Peter Denning on the Principles of Computing [News] - November 8th, 2009 [November 8th, 2009]
- Decision Making for Medical Support [News] - November 8th, 2009 [November 8th, 2009]
- Neural Network Creates Music CD [News] - November 8th, 2009 [November 8th, 2009]
- jKilavuz - a guide in the polygon soup [News] - November 8th, 2009 [November 8th, 2009]
- Artificial General Intelligence: Now Is the Time [News] - November 8th, 2009 [November 8th, 2009]
- Apply AI 2007 Roundtable Report [News] - November 8th, 2009 [November 8th, 2009]
- What Would You do With 80 Cores? [News] - November 8th, 2009 [November 8th, 2009]
- Software Finds Learning Language Child's Play [News] - November 8th, 2009 [November 8th, 2009]
- Artificial Intelligence in Games [Article] - November 8th, 2009 [November 8th, 2009]
- Artificial Intelligence Resources - November 8th, 2009 [November 8th, 2009]
- Alan Turing: Mathematical Biologist? - April 25th, 2012 [April 25th, 2012]
- BBC Horizon: The Hunt for AI ( Artificial Intelligence ) - Video - April 30th, 2012 [April 30th, 2012]
- Can computers have true artificial intelligence" Masonic handshake" 3rd-April-2012 - Video - April 30th, 2012 [April 30th, 2012]
- Kevin B. Korb - Interview - Artificial Intelligence and the Singularity p3 - Video - April 30th, 2012 [April 30th, 2012]
- Artificial Intelligence - 6 Month Anniversary - Video - April 30th, 2012 [April 30th, 2012]
- Science Breakthroughs - April 30th, 2012 [April 30th, 2012]
- Hitman: Blood Money - Part 49 - Stupid Artificial Intelligence! - Video - April 30th, 2012 [April 30th, 2012]
- Research Members Turned Off By HAARP Artificial Intelligence - Video - April 30th, 2012 [April 30th, 2012]
- Artificial Intelligence Lecture No. 5 - Video - April 30th, 2012 [April 30th, 2012]
- The Artificial Intelligence Laboratory, 2012 - Video - April 30th, 2012 [April 30th, 2012]
- Charlie Rose - Artificial Intelligence - Video - April 30th, 2012 [April 30th, 2012]
- Expert on artificial intelligence to speak at EPIIC Nights dinner - May 4th, 2012 [May 4th, 2012]
- Filipino software engineers complete and best thousands on Stanford’s Artificial Intelligence Course - May 4th, 2012 [May 4th, 2012]
- Vodafone xone™ Hackathon Challenges Developers and Entrepreneurs to Build a New Generation of Artificial Intelligence ... - May 4th, 2012 [May 4th, 2012]
- Rocket Fuel Packages Up CPG Booster - May 4th, 2012 [May 4th, 2012]
- 2 Filipinos finishes among top in Stanford’s Artificial Intelligence course - May 5th, 2012 [May 5th, 2012]
- Why Your Brain Isn't A Computer - May 5th, 2012 [May 5th, 2012]
- 2 Pinoy software engineers complete Stanford's AI course - May 7th, 2012 [May 7th, 2012]
- Percipio Media, LLC Proudly Accepts Partnership With MIT's Prestigious Computer Science And Artificial Intelligence ... - May 10th, 2012 [May 10th, 2012]
- Google Driverless Car Ok'd by Nevada - May 10th, 2012 [May 10th, 2012]
- Moving Beyond the Marketing Funnel: Rocket Fuel and Forrester Research Announce Free Webinar - May 10th, 2012 [May 10th, 2012]
- Rocket Fuel Wins 2012 San Francisco Business Times Tech & Innovation Award - May 13th, 2012 [May 13th, 2012]
- Internet Week 2012: Rocket Fuel to Speak at OMMA RTB - May 16th, 2012 [May 16th, 2012]
- How to Get the Most Out of Your Facebook Ads -- Rocket Fuel's VP of Products, Eshwar Belani, to Lead MarketingProfs ... - May 16th, 2012 [May 16th, 2012]
- The Digital Disruptor To Banking Has Just Gone International - May 16th, 2012 [May 16th, 2012]
- Moving Beyond the Marketing Funnel: Rocket Fuel Announce Free Webinar Featuring an Independent Research Firm - May 23rd, 2012 [May 23rd, 2012]
- MASA Showcases Latest Version of MASA SWORD for Homeland Security Markets - May 23rd, 2012 [May 23rd, 2012]
- Bluesky Launches Drones for Aerial Surveying - May 23rd, 2012 [May 23rd, 2012]
- Artificial Intelligence: What happened to the hunt for thinking machines? - May 25th, 2012 [May 25th, 2012]
- Bubble Robots Move Using Lasers [VIDEO] - May 25th, 2012 [May 25th, 2012]
- UHV assistant professors receive $10,000 summer research grants - May 27th, 2012 [May 27th, 2012]
- Artificial intelligence: science fiction or simply science? - May 28th, 2012 [May 28th, 2012]
- Exetel taps artificial intelligence - May 29th, 2012 [May 29th, 2012]
- Software offers brain on the rain - May 29th, 2012 [May 29th, 2012]
- New Dean of Science has high hopes for his faculty - May 30th, 2012 [May 30th, 2012]
- Cognitive Code Announces "Silvia For Android" App - May 31st, 2012 [May 31st, 2012]
- A Rat is Smarter Than Google - June 5th, 2012 [June 5th, 2012]