A Formal Model for Integrating Consent Management Into MLOps

Abstract

Read online

In the artificial intelligence (AI) era, data has become increasingly essential for learning and analysis. AI enables automated decision-making that may lead to violation of the General Data Protection Regulation (GDPR). The GDPR is the data protection law within the European Union (EU) that allows individuals (‘data subjects’) to control their personal data. According to the law, automated decision-making can be permitted where data subjects give explicit consent. Therefore, consent management (CM) has become an essential software component for managing data subjects’ data lifecycle and their consent. Bringing machine learning (ML) into production needs machine learning operations (MLOps). MLOps is a set of processes for delivering ML artifacts reliably and efficiently. However, current MLOps frameworks neglect the integration of CM into their processes, leading to the risk of GDPR violations. This research proposes a formal model for integrating CM into MLOps that takes upfront privacy by design (PbD). Finally, we provided a mapping from the formal model to a class diagram as guidelines to integrate CM into MLOps and demonstrated how to apply the proposed class diagram to existing ML developments, such as machine unlearning, in conjunction with the Purchase dataset.

Keywords

• GDPR
• AI act
• consent management
• event-B
• AI governance
• MLOps