YAPAY ZEKA KARŞISINDA KİŞİSEL VERİLERİN KORUNMASI VE REVİZYON İHTİYACI

Büyük verilerin insan müdahalesi ve denetimi olmaksızın salt algoritmalar tarafından işlenmesiyle elde edilen bireysel kararlar, bunların hukuki niteliği ve muhtemel sonuçları tartışılan en güncel konulardan biridir. Algoritmaların yaygın kullanımı, kişisel verilerin usulsüz şekilde depolanmasına, işlenmesine, paylaşılmasına, bu şekilde temel hakların zedelenmesine ve özelikle ayrımcılığa yol açmaktadır. Bu olumsuz etkilerin ortadan kaldırılması, Türkiye’deki mevcut veri koruma düzenlemelerinde ciddi bir revizyonu gerekli kılmaktadır. Çünkü, algoritma tarafından işlenen salt veri gibi görünmekle birlikte, aslında analize konu edilen çoğu zaman veri öznesinin temel haklarıdır. 6698 sayılı Kişisel Verilerin Korunması Kanunu bazı alanlarda yenilikçi çözümler sunmakla birlikte, ne temel hakların salt algoritmik bireysel kararlarla zedelenmesini engelleyici önlemlere ilişkin, ne de bu tip kararlar sonucunda ortaya çıkan zararların telafisine ilişkin bir hüküm içermektedir. Değerli hocamız Profesör Abdülkadir Arpacı için kaleme aldığım bu makalenin amacı, algoritmik bireysel kararların olumsuz sonuçların mümkün olduğunca önlenmesine ve meydana gelebilecek zararların telafisine yönelik Kanun’da yapılabilecek bir revizyona rehberlik etmek ve değişiklik gerçekleşene kadar mevcut kanun hükümleri ışığında çözümler önermektir.

Anahtar Kelimeler:

KVKK, kişisel veri, yapay zeka, algoritmalar, otomatik bireysel kararlar, ayrımcılık, kusursuz sorumluluk

DATA PROTECTION IN THE ERA OF ARTIFICIAL INTELLIGENCE AND THE NEED FOR REVISION

The legal and ethical implications of the use of algorithms in automated decisions made without any human involvement are among the most controversial topics. Indeed, the widespread use of algorithm-based artificial intelligence gives rise to illegal storage, processing and sharing of personal data, and consequently to the violation of fundamental rights, particularly by way of discrimination. The elimination of these negative effects requires a radical revision of the current data protection regulation in Turkey. Although at first glance it seems that algorithms simply process personal data, fundamental rights are actually at stake. While the Law on the Protection of Personal Data No. 6698 presents innovative solutions to several problems of data management, it fails to provide any legal provision designed to prevent the violation of fundamental rights by fully automated individual decisions. Neither does the Law answer the question of how to compensate losses arising out of such decisions. The purpose of this article, which I wrote in this liber amicorum for my highly esteemed colleague Professor Abdülkadir Arpacı, is to provide a guide showing how to change the Law to align it with more progressive models avoiding, to the extent possible, the negative outcomes of algorithmic decision-making, and to suggest solutions based on the existing rules to be used until the Law is modified.

Keywords:

LPPD, personal data, AI, algorithms, automated individual decisions, discrimination, strict liability,

PDF

___

Allan G. King/Marko J. Mrkonich, “Big Data” and the Risk of Employment Discrimination, Oklahoma Law Review 2015-2016, s. 555-584.
Anupam Chander, The Racist Algorithm?, Michigan Law Review 2017, s. 1023-1045.
Betsy Anne Williams/Catherine F. Brooks/Yotam Shmargad, How Algorithms Discriminate Based on Data They Lack: Challenges, Solutions, and Policy Implications, Journal of Information Policy 2018, s. 78-115.
Brenda Reddix Smalls, Credit Scoring and Trade Secrecy: An Algorithmic Quagmire or How the Lack of Transparency in Complex Financial Models Scuttled the Finance Market, U.C. Davis Business Law Journal 2011, s. 87-124.
Brent D. Mittelstadt/Patrick Allo/Mariarosaria Taddeo/Sandra Wachter/Luciano Floridi, The Ethics of Algorithms: Mapping the Debate, Big Data & Society 2016, s. 1-68.
Cavit Yantaç/Mete Özgür Falcıoğlu, Yapay Zeka, İnsan ve Hukuk, Beykent Üniversitesi Hukuk Fakültesi Dergisi 2020, s. 31-56.
Céline Castets-Renard, Accountability of Algorithms in the GDPR and Beyond: A European Legal Framework on Automated Decision-Making, Fordham Intellectual Property, Media & Entertainment Law Journal 2019, s. 91-137.
Daithí Mac Síthigh/Mathias Siems, The Chinese Social Credit System: A Model For Other Countries?, EUI Working Paper LAW 2019/01.
Diana Sancho, Automated Decision-Making under Article 22 GDPR: Towards a More Substantial Regime for Solely Automated Decision-Making, in: Martin Ebers/Susana Navas (edit.), Algorithms and Law, Cambridge 2020, s. 136-156.
Emre Kıyak, Büyük Veri ve Yapay Zekâ Teknolojileri ile Adım Adım Zeki Uyap (Ulusal Yargı Ağı Projesi) Ekosistemine Doğru, Dokuz Eylül Üniversitesi Hukuk Fakültesi Dergisi 2020, s. 79-121.
Erdem Büyüksagis, Responsabilité pour les systèmes d’intelligence artificielle, REAS/HAVE 2021, s. 12-24.
Erdem Büyüksagis, Décisions algorithmiques: mieux vaut responsabiliser qu’informer, REAS/HAVE 2020, s. 225-242.
Erdem Büyüksagis, Towards a Transatlantic Concept of Data Privacy, Fordham Intell. Prop. Media & Ent. L.J. 2019, s. 139-221.
Florent Thouvenin/Alfred Früh, Automatisierte Entscheidungen: Grundfragen aus der Perspektive des Privatrechts, SZW 2020, s. 3-17.
Frank Pasquale, Restoring Transparency to Automated Authority, Journal on Telecommunications and High Technology Law 2011, s. 235-254.
Frank Pasquale, The Black Box Society, The Secret Algorithms That Control Money and Information, Cambridge 2015.
Frederike Kaltheuner/Elettra Bietti, Data is Power: Towards Additional Guidance on Profiling and Automated Decision-Making in the GDPR, Journal of Information Rights, Policy & Practice 2018, s. 1-17.
Gamze Aşçıoğlu Öz, Corona (Covid 19) Gölgesinde Geleceğin Hukuku ve Dijital Ekonomi Çağında Rekabet Hukuku, Ankara Üniversitesi Hukuk Fakültesi Dergisi 2020, s. 40-56.
Gerhard Wagner, Produkthaftung für autonome Systeme, Archiv für die civilistische Praxis 2017, s. 707-765.
Gianclaudio Malgieri, Automated Decision-making in the EU Member States: The Right To Explanation and Other “Suitable Safeguards” in the National Legislations, Computer Law & Security Review 2019, s. 1-26.
Giovanni Comandé, Multilayerd (Accountable) Liability for Artificial Inteligence, in: Sebastian Lohsse/Reiner Schulze/Dirk Staudenmayer (edit.), Liability for Artificial Intelligence and the Internet of Things, Baden-Baden 2019, s. 165-183.
Isak Mendoza/Lee A. Bygrave, The Right Not to Be Subject to Automated Decisions Based on Profiling, in: Tatiani Synodinou/Philippe Jougleux/Christiana Markou/Thalia Prastitou (edit.), EU Internet Law: Regulation and Enforcement, Cham 2017, s. 77-98.
Jean-Benoît Hubin/Hervé Jacquemin/Benoît Michaux, Le juge et l’algorithme: juges augmentés ou justice diminuée ?, Brüksel 2019.
Jérôme Gurtner, Les nouvelles technologies et la responsabilité des avocats. La cybersécurité et l’intelligence artificielle, in: Christine Chappuis/Bénédict Winiger (edit.), Responsabilité civile et nouvelles technologies, Journée de la responsabilité civile 2018, Cenevre 2019, s. 45-104.
Karen Li Xan Wong/Amy Shields Dobson, We’re Just Data: Exploring China’s Social Credit System in Relation to Digital Platform Ratings Cultures in Westernised Democracies, Global Media and China 2019, s. 220-232.
Lilian Edwards/Michael Veale, Slave to the Algorithm? Why a “Right to an Explanation” Is Probably Not the Remedy You Are Looking for, Duke Law & Technology Review 2017, s. 18-84.
Necmiye Cömertler/Muhsin Kar, Türkiye’de Suç Oranının Sosyo-Ekonomik Belirleyicileri: Yatay Kesit Analizi, Ankara Üniversitesi SBF Dergisi 2007, s. 37-57.
Nicholas Diakopoulos, Algorithmic Accountability Reporting: On the Investigation of Black Boxes, Tow Centre for Digital Journalism 2013, s. 1-33.
Paul Voigt/Axel von dem Bussche, The EU General Data Protection Regulation (GDPR), Cham 2017.
Pauline T. Kim, Auditing Algorithms for Discrimination, University of Pennsylvania Law Review Online 2017, s. 189-203.
Peter Rott, A Consumer Perspective on Algorithms, in: Lucila de Almeida et al. (edit.), The Transformation of Economic Law, Essays in Honour of Hans-W. Micklitz, Oxford 2019, s. 43-64.
Robert H. Sloan/Richard Warner, Beyond Bias: Artificial Intelligence and Social Justice, Virginia Journal of Law and Technology 2020, s. 1-32.
Rolf H. Weber, Automatisierte Entscheidungen: Perspektive Grundrechte, SZW 2020, s. 18-26.
Rolf H. Weber/Susan Emmenegger, Berner Kommentar, Die Wirkung der Obligationen: Die Folgen der Nichterfüllung, Art. 97-109 OR, 2. bası, Bern 2020.
Sinan Sami Akkurt, Kişisel Veri Kavramının Hukuki Niteliğine İlişkin Yaklaşımlara Mukayeseli Bir Bakış, Kişisel Verileri Koruma Dergisi 2020/2. s. 20-32.
Talia B. Gillis/Jann L. Spiess, Big Data and Discrimination, University of Chicago Law Review 2019, s. 459-487.
Toon Calders/Indrė Žliobaitė, Why Unbiased Computational Processes Can Lead to Discriminative Decision Procedures, in: Bart Custers et al. (edit.), Discrimination and Privacy in the Information Society, Berlin 2013, s. 43-57.
Ugo Pagallo, Apples, Oranges, Robots: Four Misunderstandings in Today's Debate on the Legal Status of AI Systems, Philosophical Transactions of The Royal Society 2018, s. 1-39.
Yann LeCun/Yoshua Bengio/Geoffrey Hinton, Deep Learning, Nature 2015, s. 436-444.
Yuval Feldman/Yotam Kaplan, Big Data and Bounded Ethicality, Cornell Journal of Law and Public Policy 2019, s. 39-93.