by Eduardo Magrani, Senior Consultant in the TMT practice area
Recommender systems ("RS") are now widely implemented in multiple dimensions of the digital reality. Due to these growing numbers, recommender systems have become indispensable and omnipresent tools, and are currently used to personalise choices and rank content on online platforms and applications.
RSs are algorithms that select - what they identify as - relevant information, customising it for individual users through data processing and artificial intelligence ("AI") techniques. In this way, RS are used for the most diverse purposes, recommending relevant news, new friends or targeted and behavioural advertising content, among many other possibilities.
In view of the increasing importance of these systems, regulations and regulatory proposals are emerging to address the multifaceted challenges generated by RS. Many of these proposed legal rules are drawn from ethical guidelines, based on values such as transparency, justice, non-maleficence, beneficence, accountability, privacy, freedom, autonomy, dignity, and solidarity, in order to mitigate any negative effects brought about by RSs.
Within the regulatory context, the General Data Protection Regulation (GDPR) represents a key regulatory framework to address many of the risks posed by RSs. As data is the engine of this technology, the GDPR introduces a positive structure, favouring a greater user control over their data by establishing a series of rights, principles, and requirements for the processing of personal data, including in the case of automated decisions and profiling.
In addition to the GDPR, in Europe, the Digital Services Act (DSA) and the Artificial Intelligence Act (AI Act or AIA) also play an important role in regulation and regulatory trends applicable to RSs.
The DSA aims to establish clear rules and accountability parameters for digital service providers in order to ensure user safety, combat the spread of illegal content and ensure transparency in content moderation practices. In this sense, the DSA, when addressing the transparency of RSs, establishes that the providers of online platforms using RSs should insert in their terms and conditions, in clear and intelligible language, the main parameters used in their RSs, as well as any options that allow recipients of the service to change or influence these parameters. In addition, providers should explain why certain information is suggested to the recipient of the service, including at least: (i) the most significant criteria for determining the information suggested to the recipient of the service; (ii) the reasons for the relative importance of these parameters.
The AI Act, in turn, which is considered an important regulatory trend, focused on the specific topic of AI, mentions the topic of RSs too. The AIA aims to establish harmonised rules for the development, placing on the market and use of AI systems in the European Union, with the aim of ensuring that the systems are reliable, and to facilitate the development of a single market for legitimate and safe systems.
By proposing a risk-based regulation, the AIA establishes minimum compliance requirements based on transparency, explainability and human oversight, especially for AIs considered as high-risk. In one of the most recent amendments to the text of the proposal, the European Parliament has defined precisely the RSs used by social media platforms as susceptible to be considered high-risk systems.
RSs are extremely valuable in helping users find the information that they need and that interests them, more quickly. However, along with its enormous potential, it is important to pay attention to the regulatory trend that points to the need for greater compliance by companies using this type of technology, in order to mitigate risks and possible damages associated with RSs.