With the right to privacy the subject of significant regulation, AI analytics will be under increasing scrutiny. Experts say companies using AI with personal data must focus on GDPR and HIPAA, but long term, companies can expect governments and people affected to increasingly push for audits and explanations of AI decisions.
According to an article by Grant Gross in Hewlett-Packard Enterprise, business use of cognitive and artificial intelligence is expected to skyrocket in the coming years, with global spending on the technology reaching $19.1 billion in 2018, a 54% increase over last year, according to IDC.
But as businesses embrace AI to help with all kinds of tasks, they face a complex set of regulations that limit what personal data they can collect and use. Many AI systems don’t collect personal data, of course: A business using AI to predict when its own factory machinery needs maintenance has little to fear from regulations.
Only a handful of significant regulations in the United States and the European Union restrict what personal data businesses can collect — and potentially what AI systems can use — from customers and other people.
The EU’s General Data Protection Regulation (GDPR) requires companies using personal information to get explicit consent before collecting and using personal information, including names, home addresses, email addresses, bank details, social networking posts, and computer IP addresses.
A similar data protection and privacy law went into effect in China May 1, although it has received less attention from US and European companies, because of the limited number of US and European companies operating in the country.
The US has less comprehensive privacy regulations than the EU, with a patchwork of laws covering some industries and technologies. Most AI experts see the Health Insurance Portability and Accountability Act (HIPAA), the 1996 law governing medical data privacy, as the US regulation that companies need to pay the most attention to.
As with GDPR, opinions are mixed, with industry sources arguing that the regulation has held back AI advances in medicine. “If all medical data could be shared and centralised, algorithm capacity for the prediction and cure of diseases would grow exponentially,” one says.
But HIPAA and GDPR may not be the last of the regulations affecting AI. With Facebook’s recent data leak involving Cambridge Analytica, companies using AI should expect more government scrutiny.