Decades ago, it was difficult to imagine a reality in whichartificial intelligence (AI) could penetrate every corner of our lives tomonitor our innermost selves for commercial interests. Within just afew decades, the private sector has seen a wild proliferation of AIsystems, many of which are more powerful and penetrating thananticipated. In many cases, AI systems have become “the powerbehind the throne,” tracking user activities and making fatefuldecisions through predictive analysis of personal information. Despitethe growing power of AI, proprietary algorithmic systems can betechnically complex, legally claimed as trade secrets, andmanagerially invisible to outsiders, creating an opacity that hindersoversight of AI systems. Accordingly, many AI-based services andproducts have been found to be invasive, manipulative, and biased,eroding data privacy rules, human rights, and democratic norms inmodern society.
The emergence of AI systems has thus generated a deep tensionbetween algorithmic secrecy and data privacy. Yet, in today’s policydebate, algorithmic transparency in a privacy context is an equallyimportant issue that is nonetheless managerially disregarded,commercially evasive, and legally unactualized. This Note is the firstto illustrate how regulators should rethink strategies regarding dataprivacy through the interplay of human rights, algorithmicdisclosures, and whistleblowing systems. As the world increasingly looks to the European Union’s (EU) data protection law—the GeneralData Protection Regulation (GDPR)—as a regulatory frame ofreference, this piece assesses the effectiveness of the GDPR’s responseto data protection issues raised by opaque AI systems. Based on a casestudy of Google’s AI applications and privacy disclosures, this piecedemonstrates that even the EU fails to enforce data protection rules toaddress issues caused by algorithmic opacity.
This Note argues that as algorithmic opacity has become aprimary barrier to oversight and enforcement, regulators in the EU,the United States, and elsewhere should not overprotect the secrecy ofevery aspect of AI applications that implicate public concerns. Rather,policymakers should consider imposing a duty of algorithmicdisclosures through sustainability reporting and whistleblowerprotection on firms deploying AI to maximize effective enforcement ofdata privacy laws, human rights, and other democratic values.