Scenario

You are the lead engineer for a major social networking company that utilizes neural networks in its personalization algorithms. Personalization plays a major role in your business model. The company is an industry leader in user experience and your customers expect the software to anticipate their needs in terms of recommended posts, recommendations for friends requests, groups to join based on shared interests, news articles they may be interested in, discussions they may want to join, games they may want to play, and other features available on the site. This experience is monetized through targeted advertising. Your sales reps claim a click-through rate that is double that of your closest competitor because you know everything there is to know about your users.

To achieve these results, the company collects user data in the form of mouse clicks, site navigation, links followed, time spent on a page, location data, and so on. Everything a user does within the app is stored and fed into multiple neural networks that create models designed to personalize the users experience on the site. In a nutshell, these algorithms are designed to create a personalized user experience that will maximize the time a user spends on the site and the number of ads they click on. An EU regulator has brought to the companys attention that you may be violating some aspects of the GDPR law. Specifically, they are concerned that your business model may not conform to some or all of the following principles defined by the law:

1. Transparency: The company must make it clear how they are using data.
2. Purpose limitation: Data may be gathered for pre-specified purposes, not archived and reused for any future use.
3. Data minimization: Only the data gathered for those pre-determined purposes may be gathered, not more.
4. Accuracy: Companies have a responsibility to keep data up-to-date and accurate, and must fix inaccuracies as soon as possible.
5. Storage limitation: Data may only be retained as long as it is applicable to the purposes noted above; it cannot just be stored indefinitely.
6. Confidentiality: Data must be kept secure and confidential to a reasonably expected degree.
7. Accountability: Companies may be held responsible for following these principles and can be penalized if they do not.

You have been asked to write a white paper that addresses the regulators concerns. Your white paper will be presented to an interdepartmental team of systems engineers, software developers, AI experts, and members of the legal team, so that they can move forward with bringing your company into GDPR compliance.

Directions

White Paper

Using your knowledge of how neural networks work and the GDPR principles outlined above, write a white paper that addresses the regulators concerns. Recommend changes where necessary and defend existing practices where applicable. Note that proposing remedies to one principle may violate another. In order to adequately address each aspect of the prompt, you will need to support your ideas with research from your readings. You must include citations for sources that you used.

1. Explain the basics of neural networks and how they work by addressing the following:
   1. Provide a brief explanation of how neural networks work. How do the input layer, hidden layer, and output layer interact to classify objects? Consider the fact that your target audience may have limited technical knowledge.

2. Evaluate how neural networks are used to create personalization by addressing the following:
   1. How are neural networks utilized to aid in the personalization of the user experience?
   2. What ethical concerns can this raise? Consider hidden biases that may arise in using a black box classification system, where the algorithms are unknown to the user.

3. Analyze how portions of the GDPR affect personalization by addressing the following:
   1. Summarize the portions of the GDPR that affect personalization. Be sure to consider at least four of the following in your answer: transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and accountability.

4. Assess how the GDPR is affecting the companys practices by addressing the following:
   1. What specific legal concerns may arise from your companys use of neural networks as a classifier to personalize the user experience?
   2. Is not collecting data a possibility for the companys business model? Defend your answer.

5. Propose adaptations to the companys practices to act in compliance with the GDPR by addressing the following:
   1. What are the current trends (best practices) in artificial intelligence and machine learning aimed at preserving privacy?
   2. What changes to the way the company collects, stores, and employs user data do you propose to comply with GDPR? Defend existing practices where applicable.