Data Protection and Notions of Information: A Conceptual Exploration
25 Pages Posted: 9 Dec 2018 Last revised: 4 Sep 2019
Date Written: June 11, 2018
The aim of this paper is to make a detour through the notion of information (e.g., Adriaans, van Benthem, 2008) in order to explore whether it can bring useful insights concerning the regulation of algorithms and machine learning from a data protection law perspective.
The notion of information is central both to data protection law (which defines personal data as “any information relating to an identified or identifiable natural person”), and to algorithms/machine learning, which are predicated upon the possibility of extracting information from data, pursuant to the canonical DIKW (data, information, knowledge, wisdom) pyramid, as first conceptualized by Ackoff (1989). It is this centrality that gives the impressions that algorithms and machine learning processes are just yet another data processing operation to be regulated. However, current debates around the data protection law-oriented regulation of algorithms show that there are still broad interrogations concerning the protection afforded thereby (see Bygrave, 2017; Wachter, Mittelstadt, Floridi, 2017). More radical critics argue that data protection is simply ill-suited for such regulatory purpose (see de Vries, 2016; Gurses, van Hoboken, 2017).
This contribution echoes this last strand of criticism insofar as it argues that the under-explored meaning of information might account for such inadequacy. Albeit mobilized by both practices (data protection law and machine learning), it seems that information and its meaning are taken for granted, and in so doing justify the regulatory reach of data protection in the first place. Yet, as it transpires from debates in data protection law (see Bygrave, 2014; Hallinan and De Hert, 2016), the meaning of personal data and information (which is a core component of the latter) are far from being clear. Furthermore, the present conceptual exploration shows that the meaning of information as it is deployed in algorithms/machine learning is in any case dissimilar therefrom. Therefore, in unpacking how both practices frame and mobilise different notions of information, this contribution aims at showing that data protection law may not necessarily be the most adequate framework for regulating algorithms and machine learning; and possibly at showing some alternative way(s) forward.
Keywords: data protection, information theory, machine learning, algorithmic regulation
Suggested Citation: Suggested Citation