Image of man holding a tablet and an electronic brain projected above showing the concerns of AI and algorithms for EU GDPR compliance


I am not out to confuse you. GDPR – General Data Protection Regulation – is very well known at this stage. For a quick primer on the same, see here. It goes into effect May 2018 and for the first time codifies the rights of individuals and the responsibilities of corporations in a (relatively) easy to understand language. With that out of the way, let’s shift our focus to GIPR, GPPR and GAPR.

But first I have a confession to make – these are terms I just made up so don’t Google them, it might take you to places that I will not have on my conscience for providing encouragement. JK! Let me explain each of them. But before we go there I want to explain the easiest definition of AI, Machine Learning and Data Science that I have ever encountered. Data Science leads to Insights, Machine Learning leads to Predictions, AI leads to Actions. Insights → Predictions → Actions. Maybe you guessed where I am going with this.

  • GIPR – General Insight Protection Regulations
  • GPPR – General Prediction Protection Regulations
  • GAPR – General Action Protection Regulations

Really taking the goodness of what GDPR has provided as it relates to data protection and extending it into the future (actually it is present with AI really all around us). And that means that looking at regulations that GDPR has set forth and extrapolating that NOW so that we have an ethical and fair playing field when it comes to AI. Digging a little bit more into the three aspects

  • GIPR – General Insight Protection Regulations – An amazing thing is happening – thanks to GDPR. Since there is right to access, right to be forgotten and right to portability – the providers are forced to provide attribution of data to the source. Not easy. Which is actually causing some providers to radically minimize the data collection duration from years to months to weeks. So, the ‘insight’ from data science is no longer about, we will collect all the data in the world for eons and derive some amazing insight at some point in the future. No – gather the minimum amount of data for the minimum amount of time – and then get rid of the data. Wow – what a positive change that would be.
  • GPPR – General Prediction Protection Regulations – This is where all the machine learning comes into bear. For instance, your connected toothbrush app (if you don’t believe me, see here), could predict that you are not brushing properly and could be in for gum surgery in the next year or so. And your insurance company could save a ton by upselling a higher insurance bracket where the cost of surgery could be covered by the higher premium if they can convince you to do so now. Need a framework on what is ethical or not based on the insights.
  • GAPR – General Action Protection Regulations – This is trickier. If your ‘mobile psycho-therapy’ app is seeing warning signs of depression – does it notify your parents, doctor or health care worker? But this needs to be codified now. Because actions are happening as a result of all the machine learning predictions on the data gathered and the insights. For non-believers, see Roomba, Vizio and Cayla. So, some sort of basic ethical framework for every vertical – healthcare, finance, education, marketing ….

So that’s GIPR, GPPR and GAPR in a nutshell. If you thought codifying GDPR and implementing it is hard, this is much more complex. But if we don’t do it now, it may be too late. Every business that collects data will have the Insights, Prediction, Action dilemma it confronts. And for that we need a regulatory framework to set boundaries. Am I allowed to dream on? Let’s not wait for regulations. An industry sponsored consortium putting consumer rights and privacy front and center. As a ‘cyber moralist’ I have every right to fight for the good cause, right?