Developers of AI applications and specifically machine learning that use personal data for derivative decisions need to comply with EU’s General Data Protection Regulation (GDPR). The GDPR would be applicable to all the automated individual decision making and profiling devices that are currently the most common applications of Artificial Intelligence (AI). The GDPR has defined any type of data mining using the automated processing of personal data that uses the personal data of the individual to evaluate the personal aspect of a natural person. The personal data can analyze different aspects like performance at work, economic situation, health, personal preferences, behavior, location, reliability or movement. One of the major problems with current AI applications they are a complete black box rather than the old style rule-based expert system. The compliance with GDPR requirements on subjects of transparency and accountability is quite impossible, putting the data subject in the control of the data.

Accountability of data collected from the subjects is the underlying principle of GDPR and it’s one of the biggest problems each machine learning algorithm, especially the upcoming tools such as deep learning and automated feature extraction face. Most of the tools use different subject data to evaluate but these tools under GDPR will have to know about the difference between personal data and public data.

GDPR is also applicable to data controllers outside the EU that process the personal data of the European citizens. The problem with GDPR is the limitation of its jurisdiction and complex compliance policy for the organizations. In Asia and the United States, most of the data collected from the subject become the property of the company means the data can be reused and resold.