Presented By O’Reilly and Cloudera
Make Data Work
21–22 May 2018: Training
22–24 May 2018: Tutorials & Conference
London, UK

How will the GDPR impact machine learning?

Andrew Burt (Immuta)
11:1511:55 Wednesday, 23 May 2018
Data science and machine learning, Law, ethics, and governance
Location: Capital Suite 12 Level: Non-technical
Secondary topics:  Security and Privacy

Who is this presentation for?

  • Data scientists, lawyers, and anyone with an interest in ML and regulation

What you'll learn

  • Understand how the GDPR will affect ML, along with larger regulatory challenges created by so-called “black box” models like deep neural nets
  • Explore other similar regulations that have addressed these same challenges, particularly within the financial sector in the EU and the US
  • Feel confident deploying ML within your organization while understanding the consequent regulatory risk


The Strata Data conference in London takes place during one of the most important weeks in the history of data regulation, as the General Data Protection Regulation (GDPR) begins to be enforced. Andrew Burt explores the effects of the GDPR on deploying machine learning models in the EU.

The GDPR contains a host of forward leaning data provisions, but none are thornier than the so-called “right to explainability” and the constraints the GDPR imposes on machine learning. With fines of up to four percent of global revenue, organizations using EU data will literally not be able to afford to ignore these issues. Questions created by the GDPR include:

  • What types of explanations are required for ML models?
  • What rights do data subjects have when ML models user their data?
  • What types of documentation will data scientists need to provide when deploying ML within the EU?
  • What exactly constitutes “automated decision making” under the GDPR?

Andrew focuses on the specific challenges created by the GDPR, the ambiguities around ML that regulators have left unaddressed, and what this means for every phase of the ML creation, testing, and deployment lifecycle.

Photo of Andrew Burt

Andrew Burt


Andrew Burt is chief privacy officer and legal engineer at Immuta, the data management platform for the world’s most secure organizations. He is also a visiting fellow at Yale Law School’s Information Society Project. Previously, Andrew was a special advisor for policy to the head of the FBI Cyber Division, where he served as lead author on the FBI’s after-action report on the 2014 attack on Sony. The leading authority on the intersection between machine learning, regulation and law, Andrew has published articles on technology, history and law in the Financial Times, the Los Angeles Times, Slate, the Yale Journal of International Affairs, and most recently, the New York Times, with his article “The End of Privacy.” His book, American Hysteria: The Untold Story of Mass Political Extremism in the United States, was called “a must-read book dealing with a topic few want to tackle” by Nobel laureate Archbishop Emeritus Desmond Tutu. Andrew holds a JD from Yale Law School and a BA from McGill University. He is a term-member of the Council on Foreign Relations, a member of the Washington, DC, and Virginia State Bars, and a Global Information Assurance Certified (GIAC) cyber incident response handler.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)