Neural networks are changing the Internet. Inspired by the networks of neurons inside the human brain, these deep mathematical models can learn discrete tasks by analyzing enormous amounts of data. They’ve learned to recognize faces in photos, identify spoken commands, and translate text from one language to another. And that’s just a start. They’re also moving into the heart of tech giants like Google and Facebook. They’re helping to choose what you see when you query the Google search engine or visit your Facebook News Feed.
All this is sharpening the behavior of online services. But it also means the Internet is poised for an ideological confrontation with the European Union, the world’s single largest online market.
In April, the EU laid down new regulations for the collection, storage, and use of personal data, including online data. Ten years in the making and set to take affect in 2018, the General Data Protection Regulation guards the data of EU citizens even when collected by companies based in other parts of the world. It codifies the “right to be forgotten”, which lets citizens request that certain links not appear when their name is typed into Internet search engines. And it gives EU authorities the power to fine companies an enormous 20 million euro—or four percent of their global revenue—if they infringe.
But that’s not all. With a few paragraphs buried in the measure’s reams of bureaucrat-speak, the GDPR also restricts what the EU calls “automated individual decision-making.” And for the world’s biggest tech companies, that’s a potential problem. “Automated individual decision-making” is what neural networks do. “They’re talking about machine learning,” says Bryce Goodman, a philosophy and social science researcher at Oxford University who, together with a fellow Oxford researcher, recently published a paper exploring the potential effects of these new regulations.
The regulations prohibit any automated decision that “significantly affects” EU citizens. This includes techniques that evaluate a person’s “performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.” At the same time, the legislation provides what Goodman calls a “right to explanation.” In other words, the rules give EU citizens the option of reviewing how a particular service made a particular algorithmic decision.
Both of these stipulations could strike at the heart of major Internet services. At Facebook, for example, machine learning systems are already driving ad targeting, and these depend on so much personal data. What’s more, machine learning doesn’t exactly lend itself to that “right of explanation.” Explaining what goes on inside a neural network is a complicated task even for the experts. These systems operate by analyzing millions of pieces of data, and though they work quite well, it’s difficult to determine exactly why they work so well. You can’t easily trace their precise path to a final answer.
Viktor Mayer-Schönberger, an Oxford expert in Internet governance who helped draft parts of the new legislation, says that the GDPR’s description of automated decisions is open to interpretation. But at the moment, he says, the “big question” is how this language affects deep neural networks. Deep neural nets depend on vast amounts of data, and they generate complex algorithms that can be opaque even to those who put these systems in place. “On both those levels, the GDPR has something to say,” Mayer-Schönberger says.
Goodman, for one, believes the regulations strike at the center of Facebook’s business model. “The legislation has these large multi-national companies in mind,” he says. Facebook did not respond to a request for comment on the matter, but the tension here is obvious.