Taking AI Personally: How the E.U. Must Learn to Balance the Interests of Personal Data Privacy & Artificial Intelligence


Technology is continuously evolving to create a smart, autonomous world. At the forefront of this technological revolution is the innovation of artificial intelligence (“AI”). As stated by Russian President Vladimir Putin, “[w]hoever becomes the leader in [artificial intelligence] will become the ruler of the world.” President Putin’s words express the breadth of concern to which many have over the rapid expansion of this sort of super-intelligence. However, whether or not AI is a concern, its exponential development and use may soon stall as the European Union (“E.U.”) prepares to implement its General Data Protection Regulation (“GDPR”) on May 25, 2018. 1GDPR Portal: Site Overview, EU GDPR, http://bit.do/EUGDPR (last visited Oct. 2, 2017) [hereinafter GDPR Portal].

While AI is subject to different definitions, it is generally understood to consist of machine learning, based on algorithms that collect, process, and adapt to data from the real world. AI cannot thrive without a steady supply of data to expand its knowledge base. To supplement its development, controllers collect vast amounts of consumer personal data to enable algorithms to learn. Algorithms cannot accurately learn from its environment without large amounts of personal data. Instead, companies collect, store, process, and maintain large sets of consumer data. As a result, data privacy and protection have become cause for greater concerns for companies and governments alike. Enter the E.U.’s GDPR.

The GDPR emphasizes consumer control over personally identifiable information (“PII”), which creates stricter legal and operational obstacles for those seeking to control and process it. The GDPR codifies several E.U. consumer rights in PII that cannot coexist with AI, including: the requirement of explicit consent, the right of erasure, the right to explanation of automated decisions, and data portability rights.6 While these aforementioned rights are only afforded to E.U. citizens, the territorial scope of the GDPR applies to those processing this protected data, wherever they may be located or established. As a result, business leaders and legislatures across the globe must address these compliance issues to determine whether they can lawfully sustain AI development under the GDPR. To remain competitive within the AI field, the E.U. must find a way to balance its interest in data privacy against those in the advancement of AI.

Part I of this Comment provides an overview of what AI is and how it utilizes personal data to develop. Contained within Part I is also a brief overview of the current international AI situation and how the E.U.’s relevance is rapidly declining. Part II discusses data privacy and AI law within the European Union, and how new regulations may adversely impact sustained algorithmic development under the current AI model. Part III proposes two courses of action on how the E.U. should adapt its views on data privacy and protection to better facilitate the use and development of AI.