This whitepaper shows that in fact machine learning (ML) and data protection requirements, including principles like data minimization, are compatible. It thus clears the path towards effective implementation of DPbD by offering data scientists a set of best practices.
The framework suggested to operationalize DPbD in the context of ML comprises three key stages: setting forth a DPbD workflow, identifying failure modes for the whole ML model lifecycle and selecting controls for each failure mode. It is therefore risk-based and fully consistent with the GDPR approach, including Article 25, and the requirement that all controls be effective.