Europe’s new privacy rules risk becoming outdated less than five months after being put in place, the chairman of Nokia warned today as he urged policymakers to update legislation as more companies invest in artificial intelligence (AI) technology.
Speaking at an AI event in Finland, Risto Siilasmaa warned that the EU’s General Data Protection Regulation (GDPR) was “largely designed before anyone in Brussels had heard the term machine learning”.
“We need to regularly update the rules and make sure they are cutting-edge and respond to these new needs,” he said.
“I was talking to a large number of commissioners and director generals about machine learning last autumn, and I gave them a lesson in how machine learning works. I told them: ‘You need to update GDPR’ and they were a bit shocked, they said: ‘We haven’t even launched it yet and now you’re saying we need to update it’. That was not a very popular statement but I believed it then and I believe it now,” he said.
GDPR came into effect in May of this year, although leading up to the cut-off date, companies had had around two years to prepare for the legislation.
The EU-wide set of rules sets standards for how people’s data can be used, allowing them to request their data be deleted and requiring companies to specify exactly why someone’s data is being collected.
However, there are major shortcomings when applying these rules to artificial intelligence technology. For example, once someone’s data becomes part of a larger bank, it can be difficult to work out exactly what their data is being used for, and if a computer is making an automated decision based on personal data, then companies can struggle to explain the logic behind that decision.
There are many areas where it is not yet clear how the legislation will apply to AI, although GDPR dictates that data would have to be de-identified as soon as companies got access to it, and that AI cannot be the only decision-maker when companies are assessing whether to make choices, such as give out loans.
Mr Siilasmaa said there were “many small things to fix” in GDPR and said, while they were “not necessarily dramatic changes, when you combine a lot of small changes they have a big impact”.
However, he was not confident that his advice would prompt the European Commission to update the legislation anytime soon.
“The problem with politics is when your term nears its end you cannot do anything anymore, and we all know that the term of the commission is getting closer to the end and they feel that they don’t need to do that much anymore ,” he said. – Telegraph