Recital 45(a) of the proposed draft AI Act broadly outlines the intended way in which the GDPR and the AI Act will interact with each other:
“The right to privacy and to data protection must be guaranteed throughout the entire lifecycle of the AI system. In this regard, the principles of data minimisation and data protection by design and by default, as set out in Union data protection laws, are essential when the processing of data involves significant risks to the fundamental rights of individuals.”
CEDPO’s opinion paper seeks to draw out the significance of the above recital, and to discuss the critical points at which the AI Act and the GDPR will interact, with particular emphasis on how this new more complex legislative environment will potentially impact the role of the data protection officer.
CEDPO has some concerns about the numerous legislative initiatives that the EU is enacting under the umbrella of its Data Strategy, and, specifically, how these new laws will inter-face with the role and responsibilities of the data protection officer, a role which already has a busy and demanding brief under the tenets of the GDPR.
From CEDPO’s perspective, it is a central contention that the role of the DPO should be supported and not burdened by the enactment of multiple pieces of complex legislation in the digital space. With these concerns in mind, this paper looks at the impact of the AI Act for the DPO.
You can download the opinion paper here.