Thoughts on the GDPR and AI

By Veronica Blatt

Today’s guest blogger is Martin Snyder, Main Sequence Technology. Founded in 1998, Main Sequence Technology creates talent acquisition technology solutions wherever and however organizations are built. PCRecruiter is the solution of choice for thousands of third party recruitment, corporate, and outsourced staffing teams across economic models and around the world. PCRecruiter provides comprehensive CRM and ATS functionality converged into database, voice, and email interfaces to empower recruiters to do what they do best with accessible, cost effective technology. Main Sequence is proud to serve the NPA organization and our many individual NPA affiliated customers. To learn more, please visit

Greetings to the NPAworldwide community in this unsettled autumn of 2017. It’s a pleasing task to create some content for NPAworldwide; I hope you find it modestly informative and entertaining.

To the PCRecruiter sub-community: a simple thanks and a simple report from Cleveland; we are energized and productive despite the mystifying collapse of our baseball team and the un-mystifying second place finish in NBA basketball. We don’t talk about football, much.

We do talk about the two most apparent looming changes appearing on the horizon of HR tech: the changing data regulations/climate in Europe, and the apparent depth of the hype-cycle around Artificial Intelligence.

The legal name of a new EU law scheduled for full-effect in May, 2018 is EU Directive 016/679, headed “General Data Protection Regulation.” In HR tech, everyone calls it GDPR.

GDPR is a vast assembly of principles related to every aspect of handling information electronically. As such, it’s also essentially a political document, because value judgements, pie slicing, and plain ambiguity permeate all parts of the process, from the drafting of the rule, to the markups; the ratification process, the pre-enforcement wrangling, and finally the evolution of the actual enforcement facts-on-the-ground.

The rule also developed in light of the previous rule and the political process that unfolded over the previous decade. Unfortunately, the international political environment has not been positive for virtually all of that time.

It’s not controversial to observe that the EU was very agitated by the behavior of both the Bush and Obama administrations when it came to government access of personal data. It’s also hardly controversial to say that the current US administration is not steeped in internationalism.

Internationalism is exactly the domain, because the sticking points are subjecting firms with varying interests, assets, and exposures to sovereigns all around the world to working, compelling dispute and behavior enforcement mechanisms.

So far, these have taken the form of quasi-treaties. One that was heavily relied upon was called “Safe Harbor.” Safe Harbor was built around a memo of understanding between vendors and US government agencies that the vendors would reasonably respond to EU data protection authority demands. Eventually, the EU judiciary did not find that strong enough, and in ruling C-362/14, determined that Safe Harbor would no longer suffice for compliance with EU Data Authority rules.

This decision created immediate disruption and uncertainty for hundreds of cloud vendors and thousands of customers. In response to that pressure, the EU executive body (EU Commission) issued COM 566 (November 2015), stating that Data Exporters who had executed contracts with Data Importers containing unmodified EU provided standard Model Contract Clauses (and appropriate appendices, would be compliant until further notice). These contract terms are explicit and comprehensive, although serious enforcement remains situational.

Along with the new rule, a successor to Safe Harbor was created. More expensive; different words, more mouths-to-feed, but the same concept. It’s called Privacy Shield. I’m not convinced that the program will last beyond its first encounter with the EU Judiciary. If history is a guide, the model contract terms may be the once and future fallback.

The entire upshot of the enforcement appears to be the question of where the data must be hosted. If it must be hosted in the EU, it will be a huge boon to Microsoft and Amazon. The economics won’t allow for much protectionism in cloud provisioning. The EU will have mixed feelings about that, and may prefer in the end to not take that step. PCRecruiter is prepared either way; we have always offered self-hosted versions which makes third-party hosting much more practical.

It was difficult to tell the story of the GDPR effectively in fewer than 500 words, which means only a few thoughts about AI, for what they may be worth. The first is that, for now, it’s something in the eye of the beholder. Everyone has their own definition, and there are no standard definitions beyond suggesting enhancement or simulation of human cognition.

My personal definition is “stacked algorithms,” which suggests a sequence of conditional algorithms glued together with some insight or learning/teaching mechanism. The second is that it will probably not unfold as people expect, and when it does, it will underwhelm at first and mature to a life-changing force. In our business, I see it applying in a portfolio of ways, likely with the most important being a much more abstract relationship between users and applications.

We are all going to have electronic middlemen everywhere–all of different capacities and uses. Can you wait for it?

I’m pretty stoked by the whole thing, but then again, I have a non-trivial opportunity to gain greatly from it. I think recruiters will too, because while the auspices may change, the biological reality of switching tribes means quality person-to-person communication, and AI will not probably be there before I am well on my way to whatever is next.

button to subscribe to NPA blog

No Comments Yet

You can be the first to comment!

Leave a comment

Your connection to premier independent recruiting firms across 6 continents

Site Designed and Hosted by The Imagination Factory

Some images ©

© 2018 NPAworldwide - Privacy Policy