Post by Arispat Technologies, July 7, 2020.

The General Data Protection Regulation is a set of regulations designed to ensure that the rights and privacy of countries belonging to the European Union is protected. The purpose of this paper is to understand the essence of the General Data Protection Regulation, examine how Artificial Intelligence works, the threats GDPR imposes on the development of AI and how impractical it is for Businesses to comply with.

The main essence of the coming into force of the General Data Protection Regulation (GDPR) is/was to provide a set of standardised data protection laws across all countries belonging to the European Union (EU). The creation of GDPR was to ensure that companies that deals with processing of data safeguard the rights and privacy of member countries. GDPR clearly outlines what organisations must do to safeguard the rights and privacy of theirmember countries. Lawfulness, fairness and transparency, Purpose of Limitation, Data minimization, Accuracy, Storage Limitation, Integrity and Confidentiality, and Accountability are the seven sets of key principles outlined in the GDPR. Its detailed transparency requirements make it more demanding and it clarifies what companies must do to ensure the protection of European data subjects’ rights.

Research has shown that AI and Machine Learning is widely used by Firms in the world. Industries, Organizations, and other areas in the world are recording higher breakthrough due to the application of AI and Machine Learning. Artificial Intelligence (AI) and Machine Learning is having positive impacts in almost every sphere of life, such as in the banking sector, tourism, education, entertainment, commerce and many more. Over the last decade, there has been a data explosion caused by the exponential increase of data generated through progressive digitization of virtually every aspect of everyday life. As a result, more data have been created in the past two years in the entire history of mankind.

Artificial Intelligence has the power to predict factors responsible for problems and state clearly the extent to which these factors affect these problems. A practical scenario described in this paper I believe will give a clear picture of the vital role AI plays in our daily lives. AI and Machine learning comes up with statistical models and algorithms to solve our everyday problems. These models are built on the analysis of a comprehensive data. AI is used in the navigation and travel industry. Most of us travel from time to time and use the navigation on almost a daily basis. When using Google or Apple Maps for navigating, or calling an Uber, or booking a flight ticket, you are using AI. Both Google and Apple along with other navigation services use artificial intelligence to interpret hundreds of thousands of data point that they receive to give you real-time traffic data. When you are calling an Uber, both the pricing and the car that matches your ride request is decided by AI. As you can see, AI plays a significant role in how we reach from one point to another.

The General Data Protection Regulation in a very high extent supress the use of Artificial Intelligence in the Advancement and the simplification of our everyday lives and Businesses. Machine learning—the basis of what we call AI—involves algorithms that progressively improve themselves. They do this by feasting on data. The more they consume, the better they get at spotting patterns: speech patterns that make it easier for a bot to sound like a human; visual patterns that help an autonomous car system recognize objects on the road; customer behaviour patterns that train a bank’s AI systems to better spot fraud. All the while, the algorithms evolve themselves beyond the understanding of the people who created them, and the data gets combined with other data in new and mysterious ways. The General DataProtection Regulation makes us understand that when companies collect personal data,companies have to say what it will be used for, and not use it for anything else. It also says that companies are supposed to minimize the amount of data they collect and keep, limiting it to what is strictly necessary for those purposes—they’re supposed to put limits on how long they hold that data, too. Companies are required to be able to tell people what data they hold on them, and what’s being done with it. Companies are also charged to alter or get rid of people’s personal data if requested. If personal data is used to make automated decisions about people, companies must be able to explain the logic behind the decision-making process. If companies are required to do all the above stated, how do they achieve their objective which is fraud detection in this case? These creates restrictions on AI making it difficult for AI and Machine Learning Firms to achieve their objective, hence, becoming impractical for businesses to comply with. Big data is completely opposed to the basis of data protection,” said Lilian Edwards, a law professor at the University of Strathclyde in Glasgow, Scotland. “I think people have been very glib about saying we can make the two reconcilable, because it’s very difficult.”

AI cannot adjust to GDPR enforcements on its own. One of the way forward that maintains compliance is by human programmers altering the way information is collected and how it is fed into machine learning. The next phase of development in regards to citizens of the EU will have to involve AI systems being built to integrate consent actions into their processes.

Before data even reaches that level, organizations must change their processes to ascertain where and from who data is being collected, and make sure it is in line with GDPR standards.

How many customers will refuse to grant consent? No one knows. But organizations must also be prepared to deal with a greater chance of flawed analysis. If only 3/4th of a company’s customers give consent to have their data used, companies must account for the missing 1/4th and how their lack of information will make for less perfect analysis going forward.

All AI systems that operate using unsupervised machine learning—those that improve themselves, without outside help, by learning from the data they process—will be required to “remember” all the data they used to train themselves in order to sustain rules derived from that data. However, erasing data that underpins key rules in an AI system’s behaviour can both make it less accurate and limit its benefit to other data subjects—or even break it entirely.

Article 6 of the GDPR imposes a general prohibition on using data for any purposes other than that for which it was first collected, thus making it difficult for firms to innovate using data.

The same article 6 of the GDPR states that ‘Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data’. This imposes a general prohibition on using data for any purposes other than that for which it was first collected, thus making it difficult for firms to innovate using data. Seth Redmore indicated that ‘While some aspects of the GDPR may be open to vague interpretation, others aren’t – and the stakes are high. Fines of up to 4% of global turnover apply to those who fall afoul of GDPR, and the first enforcement actions are being taken. Since the roll-out of the GDPR, some 59,000 data breach notifications have been served, with 91 fines issued – the largest being a EU50 million fine leveled against Google.’ This has created serious restrictions on AI making it difficult for AI and Machine Learning Firms to achieve their objective, hence, becoming impractical for businesses to comply with.

This restriction will limit the ability of companies developing or using AI in the EU to experiment with new functions that could improve their ‘center for data innovation services’. As a result, EU consumers and businesses will be slow to receive the benefits of the latest innovations in AI. GDPR’s raises the cost of using AI and would be very difficult if not impossible to be complied by most companies. Firms would need specialised personnel and technology to make sure they act accordingly to the GDPR’s standards, thus raising the cost of AI and preventing its usage. Violation of the General Data Protection Regulation would amount to serious repercussions in which most companies are avoiding hence, deterring them from using AI.

Conclusively, it is imperative for government agencies, organisations, and Businesses to come up with practical solutions to curb the numerous problems the General Data Protection Regulation has caused. It is our hope that we can fully generate feasible solution that would reduce problems the GDPR has resulted and still protect and safeguard the data of countries belonging to the European Union so as to boost businesses and an advancement in our technologies. Artificial Intelligence experts cannot fully operate within the zone of the General Data Protection Regulation, hence, overly restricting the development of Artificial Intelligence and been difficult if not impossible to be practically complied with by Businesses.


  1. Guidelines on the Right to Data Portability,” (Article 29 Data Protection Working Party, December 13, 2016), 16/EN WP 242, accessed December 19, 2017, 6- 51/wp242_en_40852.pdf.
  2. Daniel C, Alan Mc. AI Offers Opportunity to Increase Privacy for Users. IAPP, January 12, 2018), opportunity-to-increase-privacy-for-users
  3. Nick Wallace and Daniel Castro, ‘The Impacts of EU’s New Data Protection Regulation on AI’, (Center for Data Innovation, March 27, 2018)
  4. Regulation 2016/679 (General Data Protection Regulation), Article 83, (see page L 119/82-83), accessed December 20, 2017,
  5. Seth Redmore, ‘Privacy, a year Later: How The GDPR has Affected AI-Powered Marketing’( MarketingLand, May 13, 2019)
  6. Rachit Agarwal, ‘Examples of AI you’re Using in Daily Life’ (Milestone, September 21, 2018) intelligence/