dc.description.abstract | Background: The data that is processed about individuals is increasing rapidly, which is one
contributing factor to the increased usefulness of Artificial Intelligence (AI) within today’s
businesses. However, this extensive processing of personal information has become heavily
debated, and is an area that the General Data Protection Regulation (GDPR) aims to regulate.
At the same time, it has been argued that the formulation of the GDPR is infeasible with AI
technology. One industry where an extensive amount of data about customers is processed,
including automated processing based on AI technology, is financial services.
Purpose and Research Question: The purpose of this research is to examine what impact the
GDPR has on AI applications within financial services, and thereby the research question
stated is: What is the potential impact of the GDPR on Artificial Intelligence applications
within the financial services industry?
Methodology: To fulfil the purpose of this research, a qualitative research strategy was
applied, including semi-structured interviews with experts within the different fields of
examination: law, AI technology and financial services. The findings were analysed through
performing a thematic analysis, where coding was conducted in two steps.
Findings: AI has many useful applications within financial services, which currently mainly
are of the basic form of AI, so-called rule-based systems. However, the more complicated
machine learning systems are used in some areas. Based on these findings, the impact of the
GDPR on AI applications is assessed by examining different characteristics of the regulation.
The GDPR initially imposes both an administrative and compliance burden on organisations
within this industry, and is particularly severe when machine learning is used. These burdens
foremost stem from the general restriction of processing personal data and the data erasure
requirement. However, in the long term, these burdens instead contribute to a positive impact
on machine learning. The timeframe until enforcement contributes to a somewhat negative
impact in the short term, which is also true for the uncertainty around interpretations of the
GDPR requirements. Yet, the GDPR provides flexibility in how to become compliant, which
is favourable for AI applications. Finally, GDPR compliance can increase company value,
and thereby incentivise investments into AI models of higher transparency.
Conclusion: The impact of the GDPR is quite insignificant for the basic forms of AI
applications, which are currently most common within financial services. However, for the
more complicated applications that are used, the GDPR is found to have a more severe
negative impact in the short term, while it instead has a positive impact in the long term.
Contribution: This research makes a theoretical contribution to the field of research about
the feasibility of the GDPR with technology, by examining how this regulation will impact
one specific technology, that is, Artificial Intelligence. This study also makes a practical
contribution by reducing the ambiguities for companies about how the GDPR will impact AI
applications. | sv |