It’s still common to hear stories where privacy is supposedly in conflict with other objectives. I’ve been writing for years about how that’s not the case in security or access management. This morning’s ICO webinar on Security and Data Minimisation in Artificial Intelligence came up with a counter-example in that field, too…
You might think that the more training data you give to a Machine Learning algorithm, the better it will get. Humans get better with more practice, after all. But that’s not typically how ML works. For a while, more training datapoints will indeed improve the algorithm’s ability to derive general patterns. But if you give it too much training data, then it will tend to simply memorise datapoints. This is called “over-fitting”, where the algorithm gets so good at explaining the points it has already seen that it actually becomes worse at explaining any new ones.
So it turns out that the GDPR’s data minimisation principle – that data shall be adequate, relevant and limited to what is necessary – is the right way to train a Machine Learning algorithm, too!
A recording of the webinar should be in the ICO’s YouTube channel soon.