AI, Automated Decision-Making, and Data Privacy: Overcoming Unacceptable Excuses for Organizations

The "Automated Decision Making" (ADM) concept has emerged as a pivotal force reshaping industries in the era of technology-driven decision-making. ADM empowers organizations to utilize technology for tasks once the domain of human judgment. However, the unchecked deployment of automated systems can pose regulatory risks and even harm to individuals if not guided by human oversight. This article explores the relationship between AI, ADM, and Data Privacy risks. We also delve into three common but unacceptable excuses organizations make when implementing ADM and provide strategies to overcome them.

Understanding Automated Decision Making (ADM)

Automated Decision Making, often abbreviated as ADM, is the capacity of organizations to delegate tasks typically performed by humans to technology-driven systems. Yet, the absence of human judgment and oversight in automated decisions can elevate regulatory risks and potentially harm individuals affected by these decisions.

The Significance of AI in ADM Risks

While ADM can be accomplished without AI, recent advancements and widespread usage of AI technologies have amplified the stakes for organizations. AI is pivotal in high-stakes hiring, housing, credit, health, and finance. Regulators are increasingly concerned about the potential for privacy violations and discrimination when AI is employed without appropriate human oversight and judgment.

Automated Decision-Making in Data Privacy Laws

The activities related to "Automated Decision Making" are enshrined in various laws and regulations, including the EU's General Data Protection Regulation (GDPR), Brazil's Lei Geral de Proteção de Dados (LGPD), Québec, Canada's Bill 64, the California Consumer Privacy Act (CCPA) as amended by the CPRA, Virginia's Consumer Data Protection Act (CDPA),  The Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA),  and The New York City Local Law 144  AI Hiring Tools Regulation.

Common Unacceptable Excuse #1 - Blaming AI

One prevalent but unacceptable excuse is attributing decisions solely to AI, absolving humans of responsibility. Recognizing that AI is a tool created and controlled by humans is crucial. Regulators focus on organizations and their management of AI systems. Key considerations include:

• Evaluate the level of risk posed by ADM in specific use cases

• Determine the presence of human oversight in decision-making

• Document processes and provide evidence to demonstrate the implementation of proper guardrails

Common Unacceptable Excuse #2 - Lack of Understanding

Another excuse is the claim that no one within the organization comprehends how AI operates, which is deemed acceptable. However, this is not a valid excuse. Explainability is paramount in showcasing an organization's understanding of its ADM system and the potential human harm associated with its decisions. Key considerations include:

• Defining the purpose of Automated Decision-Making Technology

• Ensuring individuals impacted by ADM are informed about the decision-making process

• Promoting transparency in both human and automated components of the decision-making process

Common Unacceptable Excuse #3 - Ignoring Unexpected AI Results

Organizations sometimes dismiss unexpected AI results as non-issues. However, this approach is flawed. Human management and use of these systems require clarity regarding AI's objectives and the ability to monitor results. When results deviate unexpectedly, revisiting the process's inception and identifying corrective actions is essential. Key considerations include:

• Defining the tasks assigned to the Automated Decision Making Technology and designating responsible humans for result monitoring

• Conducting privacy audits or assessments for the automated Decision Making Technology

• Establishing effective communication channels to relay ADM results to affected individuals

While organizations are eager to harness the innovations of AI and technology for automated decision-making, they must comprehend the associated benefits and risks. Responsible ADM practices ensure compliance with Data Privacy laws and position privacy as a competitive advantage in the modern business landscape. Embracing human oversight, accountability, explainability, and transparency in ADM processes is essential for organizations to successfully navigate AI's complex terrain and make Data Privacy a business advantage.