Gábor Erdélyi

Gábor Erdélyi, Olivia J. Erdélyi, Andreas W. Kempa-Liehr

This paper focuses on some shortcomings in current privacy and data protection regulations' ability to adequately address the ramifications of AI-driven data processing practices, in particular where data sets are combined and processed by AI systems. We raise attention to two regulatory anomalies related to two fundamental assumptions underlying traditional privacy and data protection approaches: (1) Only Personally Identifiable Information (PII) and Personal Data (PD) require privacy protection: Privacy and data protection regulations are only triggered with respect to PII/PD, but not anonymous data. This is not only problematic because determining whether data falls in the former or latter category is no longer straightforward, but also because privacy risks associated with data processing may exist whether or not an individual can be identified. (2) Given sufficient information provided in a transparent and understandable manner, individuals are able to adequately assess the privacy implications of their actions and protect their privacy interests: However, relying on human privacy expectations fails to address important privacy threats, because those expectations are at odds with the actual privacy implications of data processing practices, as most people lack the necessary technical literacy to understand the sophisticated technologies at play, and to correctly assess their privacy implications. To tackle these anomalies we recommend regulatory reform in two directions: (1) Abolishing the distinction between personal and anonymized data for the purposes of triggering the application of privacy and data protection regulations and (2) developing methods to prioritize regulatory intervention based on the level of privacy risk posed by individual data processing actions.

Gábor Erdélyi, Olivia J. Erdélyi, Vladimir Estivill-Castro

As \emph{artificial intelligence} (AI) systems are increasingly involved in decisions affecting our lives, ensuring that automated decision-making is fair and ethical has become a top priority. Intuitively, we feel that akin to human decisions, judgments of artificial agents should necessarily be grounded in some moral principles. Yet a decision-maker (whether human or artificial) can only make truly ethical (based on any ethical theory) and fair (according to any notion of fairness) decisions if full information on all the relevant factors on which the decision is based are available at the time of decision-making. This raises two problems: (1) In settings, where we rely on AI systems that are using classifiers obtained with supervised learning, some induction/generalization is present and some relevant attributes may not be present even during learning. (2) Modeling such decisions as games reveals that any -- however ethical -- pure strategy is inevitably susceptible to exploitation. Moreover, in many games, a Nash Equilibrium can only be obtained by using mixed strategies, i.e., to achieve mathematically optimal outcomes, decisions must be randomized. In this paper, we argue that in supervised learning settings, there exist random classifiers that perform at least as well as deterministic classifiers, and may hence be the optimal choice in many circumstances. We support our theoretical results with an empirical study indicating a positive societal attitude towards randomized artificial decision-makers, and discuss some policy and implementation issues related to the use of random classifiers that relate to and are relevant for current AI policy and standardization initiatives.