Machine Learning Algorithms
Nearly all online businesses collect data from customers and website visitors. Often, these businesses use a form of artificial intelligence (AI) to analyse the data. Recent developments in AI have focused on using machine learning algorithms (MLA) to model and make accurate consumer predictions. While businesses may welcome these technological advancements, there are legal considerations when using specific AI integrations. This article explains the legal implications of businesses using MLAs in Australia.
What Are Machine Learning Algorithms?
AI learning systems evolve as they learn from experience and examples. MLAs are a form of AI that can turn large data sets into models and predictions. In this process, a neural network system attempts to mimic the way humans make decisions. For example, programmers might train a neural network to identify dogs by inputting hundreds of animal photographs. Unlike other classification approaches that might identify specific features of a canine, a neural network system is taught to recognise a dog with human-like instinct rather than through the catalogue of features.
Businesses frequently implement MLAs to:
- Verify customer identity;
- Determine customer preference in online stores; and
- Determine a customer’s potential maximum credit limits.
A business that collects personal information for an MLA needs to understand its legal obligations. There are Australian laws that regulate machine learning algorithms and the collection of personal information. If the algorithm uses personal information to make automated decisions, the business must abide by Australian privacy laws.
The federal Privacy Act 1988 introduced thirteen Australian Privacy Principles (APP) to regulate data collection, usage and disclosure. According to the Privacy Act, personal information is data and opinions about an identifiable person, whether it is true or not and exists in material form. A business might hold personal information on a customer’s age, location, contact details and preferences. Personal information does not include de-identified information. For instance, a business can collect location information about website visitors as long as it is in aggregate format and not tied to identifiable individuals.
These APPs only apply to “APP entities”, which includes any business that:
- Has an annual turnover of $3 million or more;
- Is a health service provider;
- Trades in personal information; or
- Has a contract with the Australian Commonwealth government.
An Australian online business may also need to abide by additional international laws. A business that intends to trade in Europe or the UK must comply with laws that address automated decision making. For example, the European Union’s General Data Protection Regulation and the United Kingdom’s General Data Protection Regulation regulate businesses that use automated processing decisions and machine profiling. Individuals have the right to contest the decision of an MLA or obtain a human review of the judgment.
Businesses should be aware that there can be negative consequences when an MLA does not function as intended because of inaccurate or incomplete data programming. Businesses must be vigilant to avoid an MLA breaching Commonwealth anti-discriminatory legislation, such as the Racial Discrimination Act 1975, Sex Discrimination Act 1984, Age Discrimination Act 2004, or relevant provisions of the Fair Work Act 2009.
A salutary example is Amazon’s use of MLA in its recruitment activities. In 2018, the multinational stopped using its artificial intelligence after it was discovered that it had taught itself to discriminate against female job applicants. The AI was not rating candidates for technical posts in a gender-neutral way. The MLA was modelled off recruitment patterns from the previous decade when male employees dominated the tech industry.
It is particularly problematic when a government organisation uses MLAs. Governments should be transparent, accountable and provide due procedural fairness. An AI can overlook these obligations in pursuit of efficiencies. A notable example of government use of MLAs is Centrelink’s much vilified “Robodebt” AI. Under this system, one in five recipients wrongly received debt collection notices. Incidents like this have led to calls for greater legal oversight and regulation of MLAs. There are already several independent standards that businesses can choose to meet when using machine learning algorithms.