Legal Briefing

Protection of personal data in the age of artificial intelligence and machine learning

The In-House Lawyer Logo

Disruptive tech | 08 May 2018

pdf-download-button

Disruptive technology has been a favourite subject for more than a decade. It had quite an affect on decision making in businesses but the pace at which technological advances are made today makes disruptive technology even a hotter topic for all industries.

AI (artificial intelligence), big data and machine learning are the corners of today’s disruptive technology and will continue to be in the coming decades. The increase in computation power and the number of tech giants and startups that work on these fields is a testament of that. Computing costs are continuing to shrink, and computers have the ability to self-learn by processing big data which is widely available today.

Therefore, it is possible to say that we are living in the age of rapid technological disruption. To give you an idea about the current and future computing power, in his book The Singularity Is Near, Ray Kurzweil predicts that by 2020, a computer worth $1,000 will be able to emulate human-brain functionality. By 2030, it would take around 1,000 human brains to match the computing power of a $1,000 computer and by 2050 the computing power of a $1,000 computer will exceed the brain power of all human beings on the Earth.

So when you add big data and machine learning into that equation, it is clear that we must be ready for change. In the coming decades, or as some may argue even today, companies that work together with these technologies will get a competitive edge and those that ignore it, no matter what industry they operate in, will face the risk of extinction.

These technologies are very capable and in good hands can help businesses in creating new markets and lines of work. But the capabilities of these technologies, especially AI, bring along many concerns that we will have to face and regulate. It is a reality that AI can beat the best human players in many games such as Go or chess, can replace human workers and can be used as weapons in warfare. These are the examples, which were nothing more than science fiction a little more than 20 years ago, are what we will have to deal with and regulate.

There are many concerns and questions around AI, big data and machine learning but a more pressing concern relevant to today is protection of personal data. These technologies are becoming widespread and the amount of data being collected is increasing both in variety and volume. Data collected from various sources is being used to develop AI using machine learning and deep learning algorithms and as a result data has become the food for the AI.

Do you trust this computer?

‘Trust this computer?’ is the question that iTunes asks you when you connect your iPhone to you PC before initiating data transfer. This is a very good question because ‘trust’ is the fundamental feeling behind entrusting someone with something that belongs to you. But how can an individual trust a system, database or AI? We believe the best way to create this trust is to put in place clear regulations that protect personal data.

Big data vs personal data protection

With AI’s increasing need for data and widespread use of big data, concerns and issues start to form as to whether we will be able to protect our personal data. We believe this is an understandable concern, but we do not believe that AI and big data must always be on the opposite side to protection of personal data. AI and big data can co-exist with our right to privacy if we can embed privacy and data protection principles into these technologies.

Data protection principles and rules are not barriers against AI and big data and can be used by people working in these fields as guidance to increase data security, data quality and data volume/variety by gaining trust of individuals. Therefore, a legislative framework on personal data is a must for controlled development of these technologies.

Current legal framework in Turkey

Turkey, with a population of over 80,000,000 and with over 50,000,000 internet users, is a big personal data market. Further, there are over 16,000,000 people in Turkey who are between ages 15-24 that spent their childhood in the age of internet and startups. As a result, there is an important number of people that work on these technologies and this requires a legal framework on how personal data can be processed.

Companies that work with technology will get a competitive edge and those that ignore it, no matter what industry they operate in, will face the risk of extinction.

There is no legislation specific to big data, AI or machine learning in Turkey. However, Turkey enacted its first data protection law two years ago, on 7 April 2016. The Law on Protection of Personal Data w no 6698 was drafted in line with the 95/46/EC Directive with a number of changes. The law applies to natural and legal persons that process personal data collected from Turkey, therefore similar to the GDPR, the law has extraterritorial application.

The Law on Protection of Personal Data is a modern legislation that protects personal data while allowing applications of big data, AI and machine learning to progress. The law is based on the same data protection principles as set out in the 95/46/EC Directive. Therefore, Turkey offers a familiar and predictable environment for companies that would like to develop technologies that work with or rely on personal data. However, compliance is a key for anyone that process personal data collected from Turkey because non-compliance may lead to severe administrative fines and imprisonment.