CEDPO AI Working Group
16 June 2023
This guidance has been prepared by the Confederation of European Data Protection Organization’s AI and Data Working Group. It is aimed at data protection officers and answers, for them, the fundamental questions that will arise as their work inevitably intersects more and more with artificial intelligence and machine learning software.
Artificial intelligence and machine learning technologies are growing rapidly and exponentially, and although they do not always process personal data, when they do, it is often on a vast scale and level of complexity.
This introduces new risks for data subjects as well as new challenges for the DPO who, typically, may not necessarily have a computer science background, but will nonetheless be expected to analyse and understand the inner workings and implications of these technologies. DPOs have a twin challenge: they are faced with a steep learning curve, and in a dynamic area of technology that is evolving daily before their eyes.
Although there is an existing onus on DPOs to apply data protection principles to artificial intelligence, already a complex task, (and something which this guidance explains), new regulation is also on the horizon.
The EU’s Artificial Intelligence Act is making its way through the EU legislative machinery, with an anticipated enactment date in 2024. Once in law, this Act will overlap with the GDPR in important ways, leading to additional obligations for DPOs. This guidance seeks to point out the junctures between these two major, and connected pillars of the EU’s regulatory framework.
Companies and public bodies are moving fast to understand and implement artificial intelligence solutions to achieve all manner of efficiencies and opportunities for revenue growth. The DPO has no choice but to keep pace; technology will not wait. This guidance, therefore, represents a starting point for DPOs to begin navigating the increasingly critical and complex world of artificial intelligence.
You can download the paper here: