TY - GEN
T1 - Fairness and Data Protection Impact Assessments
AU - Kasirzadeh, Atoosa
AU - Clifford, Damian
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/7/21
Y1 - 2021/7/21
N2 - In this paper, we critically examine the effectiveness of the requirement to conduct a Data Protection Impact Assessment (DPIA) in Article 35 of the General Data Protection Regulation (GDPR) in light of fairness metrics. Through this analysis, we explore the role of the fairness principle as introduced in Article 5(1)(a) and its multifaceted interpretation in the obligation to conduct a DPIA. Our paper argues that although there is a significant theoretical role for the considerations of fairness in the DPIA process, an analysis of the various guidance documents issued by data protection authorities on the obligation to conduct a DPIA reveals that they rarely mention the fairness principle in practice. Our analysis questions this omission, and assesses the capacity of fairness metrics to be truly operationalized within DPIAs. We conclude by exploring the practical effectiveness of DPIA with particular reference to (1) technical challenges that have an impact on the usefulness of DPIAs irrespective of a controller's willingness to actively engage in the process, (2) the context dependent nature of the fairness principle, and (3) the key role played by data controllers in the determination of what is fair.
AB - In this paper, we critically examine the effectiveness of the requirement to conduct a Data Protection Impact Assessment (DPIA) in Article 35 of the General Data Protection Regulation (GDPR) in light of fairness metrics. Through this analysis, we explore the role of the fairness principle as introduced in Article 5(1)(a) and its multifaceted interpretation in the obligation to conduct a DPIA. Our paper argues that although there is a significant theoretical role for the considerations of fairness in the DPIA process, an analysis of the various guidance documents issued by data protection authorities on the obligation to conduct a DPIA reveals that they rarely mention the fairness principle in practice. Our analysis questions this omission, and assesses the capacity of fairness metrics to be truly operationalized within DPIAs. We conclude by exploring the practical effectiveness of DPIA with particular reference to (1) technical challenges that have an impact on the usefulness of DPIAs irrespective of a controller's willingness to actively engage in the process, (2) the context dependent nature of the fairness principle, and (3) the key role played by data controllers in the determination of what is fair.
KW - algorithmic fairness
KW - data protection impact assessments
KW - ethics of artificial intelligence
KW - fairness principle
KW - general data protection regulation
KW - regulation of artificial intelligence
UR - http://www.scopus.com/inward/record.url?scp=85112428454&partnerID=8YFLogxK
U2 - 10.1145/3461702.3462528
DO - 10.1145/3461702.3462528
M3 - Conference contribution
AN - SCOPUS:85112428454
T3 - AIES 2021 - Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society
SP - 146
EP - 153
BT - AIES 2021 - Proceedings of the 2021 AAAI/ACM Conference on AI, Ethics, and Society
PB - Association for Computing Machinery, Inc
T2 - 4th AAAI/ACM Conference on Artificial Intelligence, Ethics, and Society, AIES 2021
Y2 - 19 May 2021 through 21 May 2021
ER -