TY - GEN
T1 - Fairness and Data Protection Impact Assessments
AU - Kasirzadeh, Atoosa
AU - Clifford, Damian
N1 - Funding: This project was supported by the Humanizing Machine Intelligence Grand Challenge at the Australian National University.
PY - 2021/7
Y1 - 2021/7
N2 - In this paper, we critically examine the effectiveness of the requirement to conduct a Data Protection Impact Assessment (DPIA) in Article 35 of the General Data Protection Regulation (GDPR) in light of fairness metrics. Through this analysis, we explore the role of the fairness principle as introduced in Article 5(1)(a) and its multifaceted interpretation in the obligation to conduct a DPIA. Our paper argues that although there is a significant theoretical role for the considerations of fairness in the DPIA process, an analysis of the various guidance documents issued by data protection authorities on the obligation to conduct a DPIA reveals that they rarely mention the fairness principle in practice. Our analysis questions this omission, and assesses the capacity of fairness metrics to be truly operationalized within DPIAs. We conclude by exploring the practical effectiveness of DPIA with particular reference to (1) technical challenges that have an impact on the usefulness of DPIAs irrespective of a controller's willingness to actively engage in the process, (2) the context dependent nature of the fairness principle, and (3) the key role played by data controllers in the determination of what is fair.
AB - In this paper, we critically examine the effectiveness of the requirement to conduct a Data Protection Impact Assessment (DPIA) in Article 35 of the General Data Protection Regulation (GDPR) in light of fairness metrics. Through this analysis, we explore the role of the fairness principle as introduced in Article 5(1)(a) and its multifaceted interpretation in the obligation to conduct a DPIA. Our paper argues that although there is a significant theoretical role for the considerations of fairness in the DPIA process, an analysis of the various guidance documents issued by data protection authorities on the obligation to conduct a DPIA reveals that they rarely mention the fairness principle in practice. Our analysis questions this omission, and assesses the capacity of fairness metrics to be truly operationalized within DPIAs. We conclude by exploring the practical effectiveness of DPIA with particular reference to (1) technical challenges that have an impact on the usefulness of DPIAs irrespective of a controller's willingness to actively engage in the process, (2) the context dependent nature of the fairness principle, and (3) the key role played by data controllers in the determination of what is fair.
KW - ethics of artificial intelligence
KW - regulation of artificial intelligence
KW - fairness principle
KW - algorithmic fairness
KW - general data protection regulation
KW - data protection impact assessments
U2 - 10.1145/3461702.3462528
DO - 10.1145/3461702.3462528
M3 - Conference contribution
T3 - Proceedings of the AAI/ACM Conference on AI, Ethics, and Society
SP - 146
EP - 153
BT - AEIS '21
PB - Association for Computing Machinery (ACM)
T2 - 2021 AAAI/ACM Conference on AI, Ethics, and Society
Y2 - 19 May 2021 through 21 May 2021
ER -