The unspoken link between the GDPR and the AIA.

The unspoken link between the GDPR and the AIA.

Mark Sherwood-Edwards Mark Sherwood-Edwards

Mark Sherwood-Edwards

Cutting Edge Lawyering for B2B SaaS

发布日期: 2024年5月24日
+ 关注

There’s an unspoken link between the AIA and the GDPR.

One of the key elements of the GDPR is the accountability principle. Article 5.2 of the GDPR states that the “controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).”

Article 5.1 then sets out the key principles of the GDPR: the processing of personal data has to be lawful, fair, transparent, accurate, purpose-limited and purpose-proportionate.

The accountability principle is great in theory, but it’s very hard to enforce in practice.

Then along comes the AIA. The AIA is not just about AI systems using personal data (it has provision for deep fakes, misinformation, critical infrastructure, systemic risk and so on), but most of it is. The prohibited practices are all about personal data, and 5 of the 6 high risk activities are about personal data.

The AIA then sets out obligations in relation to risk-management, data and data governance, human oversight, cyber security, corrective actions, and so on. And if the AI system doesn’t comply with these obligations, it can’t appear in the EU market.

That all comes pretty close to enforcement of the GDPR’s accountability principle.

?

?

AI Legal AI Legal

AI Legal

1,044 位关注者

订阅

要查看或添加评论,请登录

Mark Sherwood-Edwards的更多文章

  • 3 types of HRAIS, and "intended purpose".
    2024年5月13日

    3 types of HRAIS, and "intended purpose".

    This is number 4 of a series of bite-sized chunks on the AIA. A previous edition of AI Legal explained that the AIA is…

  • Automated Decision Making
    2024年5月1日

    Automated Decision Making

    Automated Decision Making Both the GDPR and the AIA (despite being primarily a set of rules about product safety) give…

  • Publicly Available is not the same as Free To Use
    2024年4月24日

    Publicly Available is not the same as Free To Use

    LLMs need a lot of data on which to train. But just because material is publicly available on the internet doesn’t mean…

    4 条评论
  • It's all about product safety
    2024年4月22日

    It's all about product safety

    This issue is part of a series: the AI Act in bite-sized chunks. A lot of people think that the AIA is like the GDPR…

  • When you use an LLM, who owns your output? Is it you?
    2024年4月19日

    When you use an LLM, who owns your output? Is it you?

    LLMs create content, as we know. Who owns the content that they create? There’s two levels to this question (leaving…

    3 条评论
  • The AIA is extra-territorial
    2024年4月11日

    The AIA is extra-territorial

    One of the things I’m going to do in AI Legal is explain the EU AI Act in bite-sized, easy to digest, chunks. Here’s…

  • Will OpenAI be lawful in the EU?
    2024年4月9日

    Will OpenAI be lawful in the EU?

    One of the provisions of the AIA is that providers of general purpose AI systems – like OpenAI’s LLM – must “put in…

    7 条评论
  • GDPR, Schrems 2 and the rule of law
    2022年2月2日

    GDPR, Schrems 2 and the rule of law

    In a recent post (ICO fines Cabinet Office £500,000) I wrote how cheering it was to see the rule of law implemented…

    3 条评论
  • Wirecard, Outsourcing & OpRes
    2020年8月11日

    Wirecard, Outsourcing & OpRes

    When Wirecard collapsed, a number of companies that had outsourced their payments processing to it found themselves in…

  • Software development contracts – the good, the bad, and the ugly.
    2020年8月3日

    Software development contracts – the good, the bad, and the ugly.

    I recently helped a client put in a place a software development contract. It was one of those least worst-case…

    1 条评论

社区洞察

其他会员也浏览了