The following writeup is the second of few based on my learnings about the impact of Machine Learning / AI on business strategy from MIT Sloan School of Management & MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). The first article on how to get started with Enterprise AI was widely reviewed and shared, which encourages me to dive into a difficult topic of ethics.This helps me validate my understanding of the subject and its impact. Hope this is useful for senior execs starting to think of implementing AI in their business processes.


As I write this, the CEO of Facebook, Mark Zuckerberg is finishing 2 days of grueling Q&A with about 100 US lawmakers, on Facebook’s data collection and sharing practices and how that had influenced the election outcomes of world’s oldest democracy and reduced the trust between Facebook and its members. However I try to slice it, the importance of harvesting and synthesizing data in todays business will always be understated. Facebook, Amazon, Microsoft, Google, and Alibaba (FAMGA) — all offer their free services in exchange for your data. Going by the trend, I can surely predict that in the near future, there will be more companies collecting our data and offering us services because they would find a business model around how to meaningfully use our data to serve us better. We expect those companies to be ethical in their treatment of our data and the insights they draw from them. Hence regulations (laws) around data collection and usage is an ardent necessity.


General Data Protection Regulation (GDPR) is a EU specific regulation focused on data protection and privacy for all individuals in the EU. It is set to kick-in on 25 May, 2018.


Based on the Facebook — Cambridge Analytica episode, GDPR seems like the most apt regulatory response to big-tech data-monopolies treating consumer data unethically and benefitting from it without any remorse. To be honest, GDPR will provide all EU businesses a clear legal framework around right data usage.

  • Controllers (those who state how and why personal data is processed) must ensure that personal data is processed lawfully, transparently, and with clearly stated purpose. Once the purpose is fulfilled, it must now be deleted.
  • The controllers need to keep a record of how and when the individual provided consent, allow withdrawal of said consent at any time, and permit access to the data at “reasonable intervals”.
  • The controllers must also describe what is occurring with regards to data in plain language so that an understanding is accessible to everyone.
  • Further, EU citizens can now request for correction of data if its found to be incomplete or incorrect and have their data deleted (right to be forgotten) if they believe it is no longer necessary or being used for different purposes for what it was collected.

WHAT WILL BE THE IMPACT? Explainable AI is a research topic that is still not ready for primetime. GDPR will push this research out to marketplace quicker than we all initially anticipated


If your organization is collecting data about EU citizens, you need to be prepared for GDPR as it defines and strengthens data protection for consumers and harmonizes data security rules within the EU.

Stay tuned!

If you like what you read and want to use this content for any presentation or business case or anything that makes sense for you, please let me know how you plan to use it. Open to listening to critical comments and constructive suggestions.

Polymath: dad, husband, co-founder, strategist, Computer Vision enthusiast, visual thinker and dog lover.