Balancing privacy with datacrunching AI

The EU AI Act will soon be reality, and we watch with interest which regulators will be given the task to enforce the Act at national level. The EU AI Office will coordinate enforcement action across the EU on prohibited and high-risk AI systems. Will it function in a similar fashion to the European Data Protection Board (EDPB) in its efforts to ensure consistency in Member States? Its AI Board with Member States’ representatives may conduct joint investigations, but will not have direct enforcement powers.

Meanwhile, the EU Commission is evaluating how the GDPR is working in practice. Results are expected by this summer. A topic that has gained much attention is legal bases for behavioural advertising and the so-called Pay or Consent model. The EU DPAs are soon to issue an opinion on this subject. Italy’s Data Protection Authority, the Garante, is actively enforcing the GDPR in relation to OpenAI, the company behind ChatGPT’s AI platform. Also, the EDPB has a taskforce on this issue. Both of these topics will be discussed in detail at our International Conference in July, with Meta, the EU Commission, the Garante, EDPB and OpenAI speaking.

AI-aided surveillance will be in action at the Paris 2024 summer Olympic Games. Our second article from France looks at the CNIL’s €32 million fine on Amazon Logistique for its employee data processing. In this issue, we also bring you AI developments from the Asia-Pacific region, our first in-depth analysis of 20 Caribbean privacy laws, stronger regulatory powers in Ontario, Canada and new international transfer rules in Türkiye. Read an analysis of Israel’s renewed EU adequacy decision, and the implications of a CJEU ruling on automated decision-making by a credit scoring agency.

Laura Linkomies
Editor, Privacy Laws & Business

April 2024