On the more local level, as the law firm Clifford Chance pointed out in a seminar last week, it is what kind of regulation should be put in place to control the “behaviour” of algorithms which are already having a profound effect on people’s lives.
At the simplest level if a person is racist in their treatment of an employee this is likely to be noticed; if an algorithm was racist would it not be harder, if not impossible, to tell? “The computer says no” is already a cliché. But where does that leave us if the reasons the computer says no would be illegal if they were uttered instead or underpinned a decision by a live person?
A partner from Clifford Chance said last week that if he were to construct an algorithm to screen potential recruits on how well they appeared to match the qualities, qualifications and background of the firm’s present top earners it would probably break all the rules.
But that kind of analysis is fundamental to the uses to which businesses are already putting big data. Perhaps, therefore, there should be a code of conduct which determines how these programs are developed, or some aspect of supervision, human over-ride or redress.
No one wants to stifle an emerging industry but equally, given the impact that artificial intelligence and machine learning will have on the way we live, there has to be some form of accountability and legal framework.
A regulatory structure which gives certainty without stifling is something the innovators, politicians, regulators and lawyers need to develop together — and soon.
Why leaving the EU potentially complicates things for Britain is that at present the European Union and the United States have different philosophical approaches. On our own we risk belonging to and being compatible with neither.
In one corner, the US is not too worried about individual privacy but is very engaged when the issues affect national security and it is way ahead of Europe in this aspect of intrusive control. In Europe the emphasis is the other way round, largely as a result of what happened in the Thirties and the Second World War. Here the individual’s right to privacy and freedom from state or business supervision commands far more respect and attention.
After a slow start, there is a growing assertiveness in European regulation which seeks to protect the rights of individuals and the use of their data, to the extent that if Google and Amazon were just starting today it is unlikely they would have been allowed to develop as they have.
We are getting to the point that data centres in the United States will have to be compliant and organised in a way which follows the specifications of European Union regulation if they wish to store any data relating to European citizens. If they fail to be compliant and are found to have European data on their systems, then they are potentially open to prosecution and fines by the European authorities.
Once the UK becomes a third country outside the European Union, then British business will be in a similar position. European regulation is developing and changing fast.
It is unlikely — even if it wanted to — that a separate UK could keep pace and stay aligned. That raises the possibility of restricting what data can be held and accessed — and even prosecutions.
Thus the free movement of data has the potential to become as contentious as the free movement of people.
