The Role of GDPR in Artificial Intelligence, the Collection of Sensitive Personal Data and the Big Data.

Abstract

Without a doubt, artificial intelligence in today's era has made tremendous progress, it is all around us in various forms and automation. It is constantly evolving and the goal is to reach a level where it will be very close to human thought and logic and will be able to perform processes that were time-consuming, complex, or thought impossible until now. To implement all of the above, sophisticated algorithms and a large collection of data, known as Big Data, are required in order to extract the necessary information to be used later by the algorithms. All countries of the world do not apply the same policy to protect their citizens' personal data, some countries apply a strict policy and other countries do not apply any personal data protection policy. Big Data and artificial intelligence, unfortunately, do not discriminate between countries and the laws applied by the country, Big Data is collected from different sources, in different ways, and the way of processing varies. Given the above, it is impossible to apply the GDPR to limit and control the personal data of European citizens living in the European Union. Citizens of the European Union do not have the possibility to give their consent or not to the personal data collected and processed by third parties. It should be noted that the GDPR regulation is opt-in / opt-out which means that the European citizen should always give his/her consent to the collection, storage, and processing of personal data, he/she is also given the possibility to request the deletion of his/her personal data. This is a problem with Big Data, as there is no consent from the citizen. The European citizen, when he/she becomes aware of the leakage of his personal data, can do little to secure his personal data that has been leaked, he/she can report the leak to the competent authority for the protection of personal data, and the citizen himself can contact the company/organization directly from which it realized the projection of its personal data, can contact non-governmental organizations that deal with the protection of personal data, or proceed to third-party organizations that may be available in each country. It is true that the citizen has minimal capabilities, and his/her personal data that has been published and that he/she does not know to the real extent exists in data centers around the world, the citizen detected a specific leak of personal data, does not mean this are the unique personal data that exist for the specific citizen, there may be other personal data that either have not yet been processed or have not yet been identified by the algorithms.