AI Trends For 2024 - EU DPAS Will Apply Requirements Of The EU AI ACT

Marijn Storm, Alex van der Wolk, Marian Waldmann Agarwal
MoFo Tech
Contact
LinkedIn
Facebook
X
Send
Embed

MoFo Tech

 

EU data protection authorities (DPAs) will likely start enforcing the requirements of the EU AI Act, the world’s first comprehensive AI regulation, despite the Act likely not entering into full force until 2026.

The AI Act is designed to apply in addition to the EU General Data Protection Regulation (GDPR), extending the reach of requirements by covering AI systems trained with data that is not subject to GDPR and scenarios where providers don’t qualify as “controllers” under GDPR. Despite these differences, many of the AI Act’s risk management obligations cover the same topics as those in the GDPR, but in a more specific manner. This creates a synergy that enables DPAs to interpret the GDPR in a manner consistent with the requirements of the upcoming AI Act, on topics such as:

  • Impact assessment: The AI Act’s requirement for a risk management system is akin to the GDPR’s data protection impact assessment (DPIA), focusing on preemptive risk identification and mitigation;

  • Data governance: The AI Act’s data governance requirements, including the appropriate use of training datasets, aligns with the GDPR’s requirements of fair and lawful use of personal information;

  • Human oversight: The AI Act requires ensuring appropriate human oversight, which shows similarities to the (negatively formulated) prohibition on automated decision-making (with limited exceptions) under the GDPR.

Recent developments already show that the DPAs are not waiting for the AI Act to enter into force. For example, in July 2023, the French DPA stated that it will focus on entities processing personal information to develop, train, or deploy AI systems to ensure these entities have met GDPR requirements, including by carrying out data protection impact assessments, adequately informing individuals, and allowing people to exercise privacy rights. The Spanish DPA recently provided guidance on the distinction between “transparency” under the GDPR and the use of the same term in the AI Act, and the Italian DPA is investigating the online collection of personal information to train AI algorithms.

[View source.]

Written by:

MoFo Tech
MoFo Tech
Contact
more
less

MoFo Tech on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide