Seite - 210 - in Intelligent Environments 2019 - Workshop Proceedings of the 15th International Conference on Intelligent Environments

sessment of meaningfulness.) Furthermore, transparency, as what the developers under- stand under it and present information (to the data controller) may not be understood the same way, which generates more complications especially for people without technical background knowledge [15]. On the other hand, a generic explanation may not be un- derstood clearly by every data subject in a similar way (as it might leave room for am- biguity). The question of how to measure data subjects’ understanding especially when they interact with AI systems only via a screen or during a natural talk, erects another obstacle to assess the operability of the meaningfulness concept in practice. Whether it is a duty of data controllers to ensure each data subjects’ understanding, which is obviously not the case according to the GDPR, carries the discussion to another dimension. Based on this loophole, data controllers like the tech-giants (e.g. Google, Facebook, Amazon) which provide their services based on algorithmic calculations, do not pay attention to whether the users would be able to easily understand the information provided and track and control their data within the system. This problem is related to the existence of insufficient regulations and difficulties to regulate diverse populations that AI systems serve [16]. For example, data controllers may tend to circumvent the stress of fulfilling their legal obligations and as a result, provide explanations that are not accurate. Data controllers fearing the loss of their users trust or unwilling to disclose shortcomings to the competitors may prefer not to reveal privacy losses (data breaches) within the system to the users transparently, even if they implement PETs or other technological solutions such as differential privacy which also has its own technical shortcomings in the implementation. [17] 2.1.3. Intelligible Form One may claim that the EU lawmaker already took the possibility into account and repeated in the GDPR the intelligible form requirement for data con- trollers to better fulfill transparency and consent principles. The Court of Justice of the European Union (CJEU) received several questions regarding the form of the explana- tion that would meet the transparency requirement at the time when Directive 95/46 was in force. Articles 12 and 7 of the GDPR, just as Article 12 of Directive 95/46, further put obligations on data controllers to provide information to the data subjects about process- ing in an intelligible form, which as the CJEU states is a form which allows [them] to become aware of those data and to check that they are accurate and processed in compli- ance with that directive, so that [they] may, where relevant, exercise [their] rights [18]. This statement is particularly related to data subjects’ right to obtain information on what data is being processed about them, and then right to request an update in case it is inac- curate. In another case [19], CJEU refers to specific rights which data subjects should be able to exercise in line with the right to access data concerning them. The Court stated that the data subject has a right to have the data communicated to him in an intelligible form, so that he is able, to exercise his rights to rectification, erasure and blocking of the data. In the GDPR, Articles 13 and 14 seem complementary to these statements and may give a clue on what an intelligible form is since types of information to be delivered by data controllers to data subjects are listed. However, none of the listed information orders data controllers to ensure understandability of the information they present. The requirement that information be intelligible means that it should be understood by an average member of the intended audience. Intelligibility is closely linked to the requirement to use clear and plain language. An accountable data controller will have G.GultekinVarkonyi /Operability of theGDPR’sConsent Rule in Intelligent Systems210