If the algorithm is implemented by a third party, the AI developers should communicate the results of the validation and monitoring system employed and offer their collaboration to continue monitoring the validation of the results. It would also be advisable to establish this kind of coordination with third parties from whom they acquire databases or any other relevant component in the life cycle of the system. If this involves data processing by a third party, the controller must ensure that access is provided within a legal basis.
It is necessary to offer real time information to the end user about the values of accuracy and/or quality of the inferred information at each stage (see the “Accuracy” section in the “Principles” chapter). When the inferred information does not reach minimum quality thresholds, it must be explicitly indicated that this information has no value.[1] This requirement often implies that developers should provide detailed information about the training and validation stages. Information about the datasets used for those purposes is particularly important. Otherwise, the use of the solution might bring disappointing results to the end users, who are left speculating on the cause.
References
1AEPD (2020) Adecuación al RGPD de tratamientos que incorporan Inteligencia Artificial. Una introducción. Agencia Espanola Proteccion Datos, Madrid, p.35. Available at: www.aepd.es/sites/default/files/2020-02/adecuacion-rgpd-ia.pdf (accessed 15 May 2020). ↑