Project 1 CS 370

Competencies

In this project, you will demonstrate your mastery of the following competencies:

• Explain the basic concepts and techniques that pertain to artificial intelligence and intelligent systems
• Analyze current trends and emerging technologies in Computer Science for their impacts on society

Scenario

You are the lead engineer for a major social networking company that utilizes neural networks in its personalization algorithms. Personalization plays a major role in your business model. The company is an industry leader in user experience and your customers expect the software to anticipate their needs in terms of recommended posts, recommendations for friends requests, groups to join based on shared interests, news articles they may be interested in, discussions they may want to join, games they may want to play, and other features available on the site. This experience is monetized through targeted advertising. Your sales reps claim a click-through rate that is double that of your closest competitor because you know everything there is to know about your users.

To achieve these results, the company collects user data in the form of mouse clicks, site navigation, links followed, time spent on a page, location data, and so on. Everything a user does within the app is stored and fed into multiple neural networks that create models designed to personalize the user’s experience on the site. In a nutshell, these algorithms are designed to create a personalized user experience that will maximize the time a user spends on the site and the number of ads they click on. An EU regulator has brought to the company’s attention that you may be violating some aspects of the GDPR law. Specifically, they are concerned that your business model may not conform to some or all of the following principles defined by the law:

Transparency: The company must make it clear how they are using data.

Purpose limitation: Data may be gathered for pre-specified purposes, not archived and reused for any future use.

Data minimization: Only the data gathered for those pre-determined purposes may be gathered, not more.

Accuracy: Companies have a responsibility to keep data up-to-date and accurate, and must fix inaccuracies as soon as possible.

Storage limitation: Data may only be retained as long as it is applicable to the purposes noted above; it cannot just be stored indefinitely.

Confidentiality: Data must be kept secure and confidential to a reasonably expected degree.

Accountability: Companies may be held responsible for following these principles and can be penalized if they do not.

You have been asked to write a white paper that addresses the regulator’s concerns. Your white paper will be presented to an interdepartmental team of systems engineers, software developers, AI experts, and members of the legal team, so that they can move forward with bringing your company into GDPR compliance.

Directions

White Paper

Using your knowledge of how neural networks work and the GDPR principles outlined above, write a white paper that addresses the regulator’s concerns. Recommend changes where necessary and defend existing practices where applicable. Note that proposing remedies to one principle may violate another. In order to adequately address each aspect of the prompt, you will need to support your ideas with research from your readings. You must include citations for sources that you used.

1. Explain the basics of neural networks and how they work by addressing the following:Provide a brief explanation of how neural networks work. How do the input layer, hidden layer, and output layer interact to classify objects? Consider the fact that your target audience may have limited technical knowledge.

1. Evaluate how neural networks are used to create personalization by addressing the following:How are neural networks utilized to aid in the personalization of the user experience?What ethical concerns can this raise? Consider hidden biases that may arise in using a “black box” classification system, where the algorithms are unknown to the user.

1. Analyze how portions of the GDPR affect personalization by addressing the following:Summarize the portions of the GDPR that affect personalization. Be sure to consider at least four of the following in your answer: transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and accountability.

1. Assess how the GDPR is affecting the company’s practices by addressing the following:What specific legal concerns may arise from your company’s use of neural networks as a classifier to personalize the user experience?Is not collecting data a possibility for the company’s business model? Defend your answer.

1. Propose adaptations to the company’s practices to act in compliance with the GDPR by addressing the following:What are the current trends (best practices) in artificial intelligence and machine learning aimed at preserving privacy?What changes to the way the company collects, stores, and employs user data do you propose to comply with GDPR? Defend existing practices where applicable.

What to Submit

To complete this project, you must submit the following:

White PaperYour submission should be a 3– to 5–page Word document with 12-point Times New Roman font, double spacing, and one-inch margins. Sources should be cited according to APA style.

Supporting Materials

The following resource(s) may help support your work on the project:

Website:

Guide to the General Data Protection Regulation (GDPR)

This website will provide you with a summary of the principles behind the GDPR laws. Begin by reviewing the first page so that you understand the purpose of the guide. Then be sure to concentrate on each of the pages under the “Principles” section. Concentrate on each of the pages under the “Principles” section as they are outlined in the guide to the general data protection regulation. As you read, be sure to consider how each principle would impact the company’s business model for your project.

Reading:

AI and the Janus Face of the GDPR – Chance or Challenge?

This reading discusses several impacts of the GDPR on Artificial Intelligence (AI), including challenges as well as opportunities to create a stronger, more reliable AI. As you read, consider the following questions:

• What are the potential positive and negative impacts of the standard of transparency for AI?
• What are the potential positive and negative impacts of the standard of data minimization for AI?

Reading:

How GDPR Can Undermine Personalization and User Experience

This reading discusses some of the challenges that the GDPR creates for businesses that use personalization and advertising. It also provides a few suggestions for how businesses can move forward in productive ways while still being GDPR-compliant. As you read, consider the following questions:

• What principle(s) of the GDPR have affected mailing lists for companies? How are these mailing lists related to personalization?
• What are the benefits and drawbacks of gaining the user’s consent to store cookies when visiting a website?
• What are some of the proposed solutions to help balance the customer’s right to privacy and companies’ desire to provide a personalized user experience?

Reading:

How to Develop Artificial Intelligence That Is GDPR-friendly

This reading describes the impact of the GDPR on artificial intelligence, specifically the potential impacts on machine learning algorithms. The reading then suggests some possible methods that can be used to help protect user data and enhance compliance with the GDPR. As you read, consider the following questions:

• What is the main conflict between the GDPR and machine learning algorithms?
• What are the specific complications with “black box” algorithms?
• Why is considering potential biases of data sets important? How can biases be addressed?
• What are some of the principles for good data protection?

Reading:

Rethinking Data Privacy: The Impact of machine learning

This reading provides more detail about data sets and the difficulties in maintaining privacy for users. It also discusses how machine learning exacerbates these difficulties, as well as describing possible solutions in more detail. As you read, consider the following questions:

• What is the basic structure of a data set? What are de- and re-identification, and why are they important in thinking about data privacy?
• What are some of the specific challenges for AI and machine learning with regard to data privacy?
• What are the emerging trends to preserve privacy? How might they be applicable to the scenario for this project?

Website:

General Data Protection Regulation (GDPR) – Official Legal Text

This website contains the full text of the GDPR. Some of the other readings in the Supporting Materials mention specific subsections of the law. For additional context about these sections, refer to the relevant sections of the GDPR. Note: You are not required to read the entirety of the GDPR official legal text. This website has been included as a reference.