Page 57 - FIGI - Big data, machine learning, consumer protection and privacy
P. 57
169 GDPR, Article 17. See Kelly & Satola, “The Right to Be Forgotten”, University of Illinois Law Review, Vol. 1, 2017.
California’s new Consumer Privacy Act requires certain businesses to meet a consumer’s request to delete personal
information unless the information is necessary for the business to perform certain functions. California Consumer
Privacy Act of 2018, Cal. Cov. Code, §178.105.
170 GDPR, Article 17.
171 Case C-131/12, Google Spain v. Agencia de Protección de Datos (AEPD), 2014 EUR-Lex (May 13, 2014). A Spanish
national complained to the Spanish Data Protection Agency (AEPD) about Internet stories linking his name with
attachment proceedings in a real-estate auction related to recovery of social security debts. Mr Costeja González
requested that the newspaper remove or alter the pages, or that Google Spain or Google Inc remove or conceal the
personal data in search results. Google objected to the Spanish National High Court, which requested a decision of the
European Court of Justice (ECJ), which found that Google was a data controller against which the right to be forgotten
could be exercised, and thus Mr. Costeja had the right to make the request and have it reviewed by the AEPD. See Kelly
& Satola, The Right to Be Forgotten, University of Illinois Law Review, Vol. 1, 2017.
172 Ibid, §178.105.
173 See, e.g., Gianclaudio Malgieri, ‘Trade Secrets v Personal Data: A Possible Solution for Balancing Rights’ (2016) 6
International Data Privacy Law 102, 115.
174 Finale Doshi-Velez and others, ‘Accountability of AI Under the Law: The Role of Explanation’ [2017] arXiv preprint
arXiv: 1711 .01134.
175 See Ethically Aligned Design, at footnote 224 at p160.
176 Jenna Burrell, ‘How the Machine “Thinks:” Understanding Opacity in Machine Learning Algorithms’ [2016] Big Data &
Society.
177 See Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard
University Press (2015).
178 Stanford Univ., Machine Learning, COURSERA, https:// www .coursera .org/ learn/ machine -learning/ home/ info [https://
perma .cc/ L7KF -CDY4]
179 See Accountable Algorithms, at footnote 129.
Paul Ohm and David Lehr, Playing with the Data: What Legal Scholars Should Learn About Machine Learning, Univ. of
CA, Davis Law Review, 2017, available at https:// lawreview .law .ucdavis .edu/ issues/ 51/ 2/ Symposium/ 51 -2 _Lehr _Ohm .pdf.
180 Chris Anderson, The End of Theory: The Data Deluge Makes the Scientific Method Obsolete, Wired, 23 June 2008,
https:// www .wired .com/ 2008/ 06/ pb -theory/
181 Hildebrandt, Mireille, Preregistration of machine learning research design. Against P-hacking in: BEING PROFILED:
COGITAS ERGO SUM, ed. Emre Bayamlıoğlu, Irina Baraliuc , Liisa Janssens, Mireille Hildebrandt Amsterdam University
Press 2018 (forthcoming) (September 27, 2018). Available at SSRN: https:// papers .ssrn .com/ sol3/ papers .cfm ?abstract
_id = 3256146
182 Kroll JA. 2018 The fallacy of inscrutability. Phil. Trans. R. Soc. A 376, 20180084. (doi: 10 .1098/ rsta .2018 .0084)
183 Sandra Wachter, Brent Mittelstadt and Luciano Floridi, ‘Why There Is No Right to Explanation in the General Data
Protection Regulation’ [2017] International Data Privacy Law https:// papers .ssrn .com/ sol3/ papers .cfm ?abstract _id =
2903469.
184 Article 22.
185 GDPR, Articles 13-15.
186 Article 29 Data Protection Working Party, ‘Guidelines on Automated Individual Decision Making and Profiling for the
Purposes of Regulation 2016/679’, see footnote 56, at p28-29.
187 Future of Privacy Forum, Beyond Explainability: A Practical Guide to Managing Risk in Machine Learning Models (2018).
188 See Wachter & Mittelstadt, at footnote 57.
189 See Wachter & Mittelstadt, at footnote 57.
190 E.g., Central Bank of Kenya, Guideline on Consumer Protection, Section 3.2.1(c)(iv), requires that banks not: take
advantage of a consumer who is not able to understand the character or nature of a proposed transaction. [A bank]
shall therefore inquire of the consumer’s specific needs and shall provide suitable products or services relevant to
those needs. While Section 3.2.2(i) of the Guideline states “Depending on the nature of the transaction and based
on information provided by a customer, [a bank] should assess and understand the needs of the customer before
rendering a service.” In addition, Section 3.2.4(a)(ii) also requires banks, when giving advice to customers, ensure that
“any product or service which the institution recommends to a consumer to buy is suitable for the consumer.”
Big data, machine learning, consumer protection and privacy 55