Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Artificiell intelligens – ett hot mot den personliga integriteten? - Om efterlevnaden av enskildas rättigheter föreskrivna i GDPR vid profilering och automatiserat beslutsfattande ur ett integritetsperspektiv

Persson, Lina LU (2020) JURM02 20202
Department of Law
Faculty of Law
Abstract
The technical development in artificial intelligence (AI), machine learning algorithms and data collection has made profiling and automated decision-making possible. Individuals are exposed to AI on a daily basis. Profiling and automated decision-making consist of techniques, including the use of algorithms in order to extract knowledge from large amounts of data. Profiling is an automated processing of personal data that aims to assess an individual’s characteristics, behaviour and personal preferences. Furthermore, automated decision-making is made by AI systems without human intervention. Automated decision-making can take place with or without profiling.

As a result of profiling and automated decision-making, compliance with the... (More)
The technical development in artificial intelligence (AI), machine learning algorithms and data collection has made profiling and automated decision-making possible. Individuals are exposed to AI on a daily basis. Profiling and automated decision-making consist of techniques, including the use of algorithms in order to extract knowledge from large amounts of data. Profiling is an automated processing of personal data that aims to assess an individual’s characteristics, behaviour and personal preferences. Furthermore, automated decision-making is made by AI systems without human intervention. Automated decision-making can take place with or without profiling.

As a result of profiling and automated decision-making, compliance with the protection of personal integrity in today’s digitalised and technology-developed environment is faced with challenges. Problems and consequences seen from an integrity perspective of profiling and automated decision-making are discovered. This essay underlines that lack of algorithmic transparency occurs when AI is involved. Article 12–15 General Data Protection Regulation (GDPR) states that controllers must ensure clear and unambiguous explanations to individuals on how the profiling or automated decision-making process is carried out. Such explanation is impossible when the logic behind the profiling process and the automated decision-making are performed by non-transparent algorithms. The problems of non-transparency are therefore a limited compliance with the regulation in GDPR, which leads to a reduced awareness among individuals about controllers’ access to their personal data and their additional rights in the context.

Furthermore, problems arise as a result of intrusive data collection and the creation of new personal data in the profiling process. Extensive personal data collection and processing of data often takes place without the individual's understanding or knowledge. This occurs on a daily basis when individuals connect to the internet. Without an awareness of the processing of personal data processing, the possibility for individuals to invoke the right to rectification, erasure and restriction provided in Articles 16-18 GDPR is restricted. This issue also risks compliance with individual rights in the GDPR. To summarize, the presented difficulties can lead to invasion of privacy. The right of individuals to self-determination and the right to independently make their own unaffected choices is jeopardized.

The solution to the problems and consequences presented varies. The European Commission has this year presented a strategy on artificial intelligence, which proposes measures and solutions to reduce potential problems resulting from the use of AI. Only time can tell the importance of the European Commission's strategy. However, the strategy emphasizes the importance of the fundamental European values in the future development and use of AI. The protection of the individual, the end consumer of AI applications, is highlighted through the strategy in order to strengthen personal integrity. The solutions have the combination of legal and technical tools in common, both from the European Commission and researchers in the field. Compliance with individuals' rights in AI-controlled profiling and automated decision-making requires practical solutions to actually benefit, especially to strengthen the protection of personal integrity. Solutions such as the integration of individuals' rights and transparency standards into technical systems are practical solution with real benefits. (Less)
Abstract (Swedish)
Den tekniska utvecklingen inom artificiell intelligens (AI), maskininlärda algoritmer och datainsamling har möjliggjort den profilering och det automatiserade beslutsfattandet enskilda dagligen exponeras för. Profilering och automatiserat beslutsfattande består av en uppsättning tekniker, inklusive användning av algoritmer i syfte att utvinna kunskaper ur stora datamängder. Profilering är en automatiserad personuppgiftsbehandling som avser att framkalla information om en enskild persons egenskaper, beteende och personliga preferenser. Vidare är automatiserat beslutsfattande beslut som fattas av AI-system utan mänsklig inblandning. Automatiserat beslutsfattande kan ske med eller utan profilering.

Som ett resultat av profilering och... (More)
Den tekniska utvecklingen inom artificiell intelligens (AI), maskininlärda algoritmer och datainsamling har möjliggjort den profilering och det automatiserade beslutsfattandet enskilda dagligen exponeras för. Profilering och automatiserat beslutsfattande består av en uppsättning tekniker, inklusive användning av algoritmer i syfte att utvinna kunskaper ur stora datamängder. Profilering är en automatiserad personuppgiftsbehandling som avser att framkalla information om en enskild persons egenskaper, beteende och personliga preferenser. Vidare är automatiserat beslutsfattande beslut som fattas av AI-system utan mänsklig inblandning. Automatiserat beslutsfattande kan ske med eller utan profilering.

Som ett resultat av profilering och automatiserat beslutsfattande ställs efterlevnaden av skyddet för den personliga integriteten i samtidens digitaliserade och teknikutvecklade miljö inför utmaningar. Problem och konsekvenser sett ur ett integritetsperspektiv vid profilering och automatiserat beslutsfattande uppdagas. Redogörelsen visar att bristande algoritmisk transparens uppstår när AI involveras. De algoritmer som används och dess arbetsgång ska enligt dataskyddsförordningen (GDPR) kunna framställas begripligt för den enskilde i enlighet med informationskravet i artiklarna 12–15 GDPR. Detta är inte möjligt när logiken och förklaringen bakom profileringsprocessen och det automatiserade beslutsfattande utförs av icke-transparenta algoritmer. Problemen av bristande algoritmisk transparens är således en begränsad möjlig efterlevnad av informationskravet, vilket sedermera leder till en minskad medvetenhet hos enskilda om hanteringen av deras personuppgifter samt deras ytterligare rättigheter i sammanhanget.

Vidare uppstår problem till följd av ingripande datainsamling och profileringsprocessens skapande av nya personuppgifter. En omfattande personuppgiftsinsamling och bearbetning av data sker inte sällan utan enskilde individens förståelse eller vetskap. Detta inträffar exempelvis dagligen vid enskildas uppkoppling till internet. Utan en medvetenhet av personuppgiftshanteringens existens begränsas enskildas möjlighet att åberopa rätten till rättelse, radering och begränsning som föreskrivs i artiklarna 16–18 GDPR. Även denna problematik riskerar efterlevnaden av enskildas rättigheter i GDPR. Sammantaget kan de presenterade problemen verka integritetskränkande för enskilda individen. Enskildas självbestämmanderätt äventyras samt rätten att självständigt företa egna opåverkade val i livet undermineras.

Lösningen på de problem och konsekvenser som presenteras varierar. EU-kommissionen har i år utarbetat en strategi om AI, vilken föreslår åtgärder och lösningar för att minska potentiella problem till följd av AI-användningen. Betydelsen av EU-strategin får framtiden utvisa. Det som strategin framhäver är däremot vikten av att värna och upprätthålla de grundläggande europeiska värdena vid den framtida utvecklingen och användningen av AI. Skyddet för den enskilda individen, slutkonsumenten av AI-applikationer, framhävs genom strategins åtgärdsförslag i syfte att stärka den personliga integriteten. Gemensamt för lösningsåtgärderna från både EU-kommissionen och forskare inom området är en kombination av rättsliga och tekniska verktyg. Efterlevnaden av enskildas rättigheter vid AI utförd profilering och automatiserat beslutsfattande kräver praktiska lösningar för att få faktiskt nytta, särskilt för att stärka skyddet för den personliga integriteten. Lösningar likt integrering av enskildas rättigheter och transparensnormer i tekniska system är en sådan praktisk lösning med faktiskt nytta. (Less)
Please use this url to cite or link to this publication:
author
Persson, Lina LU
supervisor
organization
alternative title
Artificial intelligence - a threat to personal integrity? - Compliance with individuals' rights on profiling and automated decision-making within GDPR from an integrity perspective
course
JURM02 20202
year
type
H3 - Professional qualifications (4 Years - )
subject
keywords
EU-rätt, IT-rätt, GDPR, AI, profilering, automatiserat beslutsfattande, personlig integritet
language
Swedish
id
9034062
date added to LUP
2021-01-25 11:16:12
date last changed
2021-01-25 11:16:12
@misc{9034062,
  abstract     = {{The technical development in artificial intelligence (AI), machine learning algorithms and data collection has made profiling and automated decision-making possible. Individuals are exposed to AI on a daily basis. Profiling and automated decision-making consist of techniques, including the use of algorithms in order to extract knowledge from large amounts of data. Profiling is an automated processing of personal data that aims to assess an individual’s characteristics, behaviour and personal preferences. Furthermore, automated decision-making is made by AI systems without human intervention. Automated decision-making can take place with or without profiling.

As a result of profiling and automated decision-making, compliance with the protection of personal integrity in today’s digitalised and technology-developed environment is faced with challenges. Problems and consequences seen from an integrity perspective of profiling and automated decision-making are discovered. This essay underlines that lack of algorithmic transparency occurs when AI is involved. Article 12–15 General Data Protection Regulation (GDPR) states that controllers must ensure clear and unambiguous explanations to individuals on how the profiling or automated decision-making process is carried out. Such explanation is impossible when the logic behind the profiling process and the automated decision-making are performed by non-transparent algorithms. The problems of non-transparency are therefore a limited compliance with the regulation in GDPR, which leads to a reduced awareness among individuals about controllers’ access to their personal data and their additional rights in the context. 

Furthermore, problems arise as a result of intrusive data collection and the creation of new personal data in the profiling process. Extensive personal data collection and processing of data often takes place without the individual's understanding or knowledge. This occurs on a daily basis when individuals connect to the internet. Without an awareness of the processing of personal data processing, the possibility for individuals to invoke the right to rectification, erasure and restriction provided in Articles 16-18 GDPR is restricted. This issue also risks compliance with individual rights in the GDPR. To summarize, the presented difficulties can lead to invasion of privacy. The right of individuals to self-determination and the right to independently make their own unaffected choices is jeopardized. 

The solution to the problems and consequences presented varies. The European Commission has this year presented a strategy on artificial intelligence, which proposes measures and solutions to reduce potential problems resulting from the use of AI. Only time can tell the importance of the European Commission's strategy. However, the strategy emphasizes the importance of the fundamental European values in the future development and use of AI. The protection of the individual, the end consumer of AI applications, is highlighted through the strategy in order to strengthen personal integrity. The solutions have the combination of legal and technical tools in common, both from the European Commission and researchers in the field. Compliance with individuals' rights in AI-controlled profiling and automated decision-making requires practical solutions to actually benefit, especially to strengthen the protection of personal integrity. Solutions such as the integration of individuals' rights and transparency standards into technical systems are practical solution with real benefits.}},
  author       = {{Persson, Lina}},
  language     = {{swe}},
  note         = {{Student Paper}},
  title        = {{Artificiell intelligens – ett hot mot den personliga integriteten? - Om efterlevnaden av enskildas rättigheter föreskrivna i GDPR vid profilering och automatiserat beslutsfattande ur ett integritetsperspektiv}},
  year         = {{2020}},
}