Presented By O’Reilly and Cloudera
Make Data Work
21–22 May 2018: Training
22–24 May 2018: Tutorials & Conference
London, UK

How Will the GDPR Impact Machine Learning?

Andrew Burt (Immuta)
11:1511:55 Wednesday, 23 May 2018
Data science and machine learning, Law, ethics, and governance
Location: Capital Suite 12 Level: Non-technical
Secondary topics:  Security and Privacy

Who is this presentation for?

Data scientists, lawyers, anyone with an interest in ML and regulation

Prerequisite knowledge

Interest in the practicality of deploying ML amidst increasing global regulation.

What you'll learn

The audience will leave with a thorough understanding of how the GDPR will affect ML, along with larger regulatory challenges created by so-called “black box” models like deep neural nets. They’ll be able to reference other, similar regulations that have addressed these same challenges - particularly within the financial sector in the EU and the US - and be able to confidently deploy ML within their organization while understanding the consequent regulatory risk.


The General Data Protection Regulation contains a host of forward leaning data provisions, but none are thornier than the so-called “right to explainability” and the constraints the GDPR imposes on machine learning. With fines of up to four percent of global revenue, organizations using EU data will literally not be able to afford to ignore these issues. Questions created by the GDPR include:

  • What types of explanations are required for ML models?
  • What rights do data subjects have when ML models user their data?
  • What types of documentation will data scientists need to provide when deploying ML within the EU?
  • What, exactly, constitutes “automated decision-making” under the GDPR?

This talk will focus on the specific challenges created by the GDPR, the ambiguities around ML that regulators have left unaddressed, and what this means for every phase of the ML creation, testing, and deployment lifecycle.

Photo of Andrew Burt

Andrew Burt


Andrew is the leading authority on the intersection between machine learning, regulation and law. Prior to joining Immuta, Andrew served as Special Advisor for Policy to the head of the FBI Cyber Division, where he served as lead author on the FBI’s after-action report for the 2014 attack on Sony. He is also a visiting fellow at Yale Law School’s Information Society Project, most recently participating in an expert discussion on how to structure a basic framework for governing machine learning and AI.

An author and former reporter, Andrew has been published in the Financial Times, The Los Angeles Times, Slate, The Yale Journal of International Affairs, and most recently, The New York Times for an article titled, “The End of Privacy.” His book, American Hysteria: The Untold Story of Mass Political Extremism in the United States (Lyons Press, 2015), was called “a must read book dealing with a topic few want to tackle” by Nobel laureate Archbishop Emeritus Desmond Tutu.

Andrew earned his J.D. from Yale Law School, and B.A. from McGill University. He is a term-member of the Council on Foreign Relations, a member of the Washington, D.C. and Virginia State Bars, and a Global Information Assurance Certified (GIAC) cyber incident response handler.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)