Artificial Intelligence within Financial Services -In Relation to Data Privacy Regulation

Abstract: Background: The data that is processed about individuals is increasing rapidly, which is one contributing factor to the increased usefulness of Artificial Intelligence (AI) within today’s businesses. However, this extensive processing of personal information has become heavily debated, and is an area that the General Data Protection Regulation (GDPR) aims to regulate. At the same time, it has been argued that the formulation of the GDPR is infeasible with AI technology. One industry where an extensive amount of data about customers is processed, including automated processing based on AI technology, is financial services. Purpose and Research Question: The purpose of this research is to examine what impact the GDPR has on AI applications within financial services, and thereby the research question stated is: What is the potential impact of the GDPR on Artificial Intelligence applications within the financial services industry? Methodology: To fulfil the purpose of this research, a qualitative research strategy was applied, including semi-structured interviews with experts within the different fields of examination: law, AI technology and financial services. The findings were analysed through performing a thematic analysis, where coding was conducted in two steps. Findings: AI has many useful applications within financial services, which currently mainly are of the basic form of AI, so-called rule-based systems. However, the more complicated machine learning systems are used in some areas. Based on these findings, the impact of the GDPR on AI applications is assessed by examining different characteristics of the regulation. The GDPR initially imposes both an administrative and compliance burden on organisations within this industry, and is particularly severe when machine learning is used. These burdens foremost stem from the general restriction of processing personal data and the data erasure requirement. However, in the long term, these burdens instead contribute to a positive impact on machine learning. The timeframe until enforcement contributes to a somewhat negative impact in the short term, which is also true for the uncertainty around interpretations of the GDPR requirements. Yet, the GDPR provides flexibility in how to become compliant, which is favourable for AI applications. Finally, GDPR compliance can increase company value, and thereby incentivise investments into AI models of higher transparency. Conclusion: The impact of the GDPR is quite insignificant for the basic forms of AI applications, which are currently most common within financial services. However, for the more complicated applications that are used, the GDPR is found to have a more severe negative impact in the short term, while it instead has a positive impact in the long term. Contribution: This research makes a theoretical contribution to the field of research about the feasibility of the GDPR with technology, by examining how this regulation will impact one specific technology, that is, Artificial Intelligence. This study also makes a practical contribution by reducing the ambiguities for companies about how the GDPR will impact AI applications.