Machine Learning algorithms are based on large amounts of data that need to be processed for the algorithm to learn. GDPR requires companies to comply with regulations that will secure consumer data. But questions have been raised about how this regulation will address automation in analytics as the AI and machine learning market grows. GDPR outlines six data protection principles, and according to Norwegian Data Protection Authority, AI is facing four of them.
When an IT company acts as a service provider, it can either be in the position of Data Processor or Data Controller. In any case, the preferred position for any entity is to be a data processor because there are fewer GDPR obligations for data processors.