The impact of GDPR
On 25th May 2018, all member states of the European Union will adopt the new General Data Protection Regulations (also called GDPR) which tightens up rules on the collection, management and usage of personal data. The new regulations have wide-ranging implications on the way consumer data is collated, how it must be stored and protected, and how it is able to be used.
No longer will organisations be able to collect copious amounts of data about consumers for multi-faceted analysis – there’s now a requirement for data controllers to minimise processing of personal data, effectively limiting activity to only what’s necessary for a specific purpose. Moreover, that purpose must be clearly communicated to the individual whose data is being processed, and requirements for gaining consent must be far more explicit. So those unwieldy and obfuscated Terms and Conditions that we’re all familiar with will become inappropriate: companies processing personal data must instead be transparent in explaining what data they collect, clearly describing why it’s necessary and how they intend to use it.
Another important consideration is that GDPR gives individuals who have agreed to their data being processed the right to withdraw consent at any time. Notably, it becomes mandatory for data controllers to advise people of this right; they must also provide simple methods for people to revoke consent, and then ensure the data is deleted within a reasonable timeframe. This alone represents a fundamental change in data processing regulations with potentially massive implications.
Companies that cannot adequately demonstrate compliance to GDPR theoretically face substantial fines; as such, data privacy and protection has just become a whole lot more important to them. This is driving organisations and service providers to profoundly reconsider their data collection and processing arrangements.
Introducing artificial intelligence
Given the repercussions of getting GDPR compliance wrong, businesses could be forgiven for not wanting to collect any data about individuals at all. But a flow of data between businesses and consumers is essential and, whilst it can be minimised to just what is necessary to provide service, it cannot be avoided.
So how might artificial intelligence (AI) help? Let’s examine some potential scenarios and our interpretation of how introducing AI may mitigate some of the risks.
Behavioural targeting for security
Consider a busy airport where thousands of people traverse the concourses and terminals every day, under constant surveillance by video recording equipment. The cameras create a constant stream of video data which are aggregated and monitored in the security control room before being stored for archive purposes. These videos contain millions of frames of data, each containing hundreds of images of people, their faces, activities and also their route through the airport facilities. It’s a challenge to monitor all the various video feeds effectively, even with experts trained to watch for suspicious activities, but more importantly, these systems are creating and archiving vast amounts of data, the majority of which is largely mundane and unnecessary.
Under GDPR, encryption of the video feeds between camera and control room becomes essential to protect the data feeds as they traverse the network infrastructure; indeed this basic element of security should already be in place. But by introducing AI capabilities into the camera units themselves we can improve on this still further: in this instance, neural network processors within the video signal processing chip would be programmed to anonymously identify people and objects within each scene, but only flag suspicious behaviours or anomalies when they are detected. An example might be spotting a person entering an area with two items of luggage but leaving with only one, despite not having visited a check-in desk, then automatically recording just the relevant portions of the video. Further analytics can them identify the individuals involved, with all other people in the associated video frames remaining anonymous. So not only can AI significantly reduce the amount of data needing to be processed, it can also help anonymise data at the source.
AI in autonomous driving
The airport example illustrates a potentially obvious situation where AI can be applied, but one in which people expect to be monitored and are considered to be within airport private property. A more succinct example is in vehicles where cameras are employed in ADAS systems. In these circumstances, cameras are constantly capturing images of the public highway while the vehicle is in motion. It’s clearly impossible to gain data processing consent from all road users, drivers and pedestrians along the route.
Employing neural networking technology in ADAS systems can help by processing all relevant data “at the edge” on the camera or sensor itself. The output from a camera may not necessarily be an image that humans can recognise; instead, using AI within the image processing pipelines, it may instead become a digital stream of metadata. An example may be a road-sign recognition system that interprets speed limits, where only the numerals and distance to the sign are important: the output from an AI-enabled camera might simply be data representing “70kph in 50m”. Of course, this is a simplified example – actual road-sign recognition systems are far more complex – but it serves to illustrate how AI and neural network processing on the SoC can significantly reduce the amount of data being processed downstream.
On-chip neural networks offer a solution
In any data processing application where consent cannot be easily demonstrated, especially where mass assimilation of identifiable personal data cannot be avoided, adding neural networks into the silicon chips to create platforms capable of artificial intelligence can offer a unique solution.
Elements of neural networking technology are already being integrated into smartphone SoCs for applications such as face recognition and payment security. Likewise, we expect AI running on neural inference engines to revolutionise autonomous driving; it will lead to consumer electronics devices capable of natural human conversation; it will become central to a new generation of smart home and IoT devices. Indeed, we expect AI will become all pervasive.
GDPR is no doubt one of the major catalysts for a wholesale review of data protection and processing requirements. Ultimately, we interpret these new regulations as yet another influence that will drive innovation in the way that electronic devices themselves collate and process information. And we foresee this trend penetrating across a wide range of applications, potentially even a world in which it’s expected for AI to “know” but for humans “not to know” in order to comply fully with the new data protection laws.
Our website contains more information on how PowerVR’s advanced Neural Network Accelerator technologies can help you design your next SoC, and you can also contact Imagination for further details.
You can also keep up to date with Imagination on Twitter at @ImaginationTech and @PowerVRInsider and also on LinkedIn, Facebook and Google+.