AI guidance begins to emerge

As reported in our lead story, France’s CNIL has been active in issuing guidance on Artificial Intelligence (AI) to clarify how it should be dealt with from the GDPR perspective, and as we were going to print, Belgium’s privacy authority also issued its advice. Other active DPAs in this field include the UK’s ICO and Ireland’s Data Protection Commission, for example. The European Data Protection Board is of the view that the national DPAs should also become AI authorities. However, fragmentation will take place as some countries, such as Spain, will appoint a separate entity as their Market Surveillance Authority.

The EU’s AI Board, which consists of representatives from each EU Member State and is supported by the AI Office within the European Commission, held its first meeting on 10 September. It is the key advisory body that was created by the AI Act, and its task is to provide advice and assistance with implementing the AI Act.

The EU has also launched a voluntary AI pledge and now over 100 companies have signed up to it. The signatories include Amazon Europe, Google, Hewlett Packard, Lenovo, Mastercard, Nokia, Orange and Salesforce, to name a few. The Commission is working together with the participants to support them in applying the principles of the AI Act, for example by helping to build internal processes, prepare staff and self-assess AI systems.

What is now of paramount importance is promoting AI awareness and understanding of its use among staff.

Our second lead story is to do with international transfers, a topic that is never away from the headlines as DPAs and companies have different interpretations. The EU will soon start consultation on a new set of Standard Contractual Clauses aimed at facilitating data transfers to controllers and processors in third parties and directly subject to the GDPR. As the European Commission is due to issue its report on the functioning of the EU-US Data Privacy Framework by the end of this year, and UK EU adequacy will be evaluated in 2025, this space is still an area that needs international businesses’ constant attention.

Laura Linkomies
Editor, Privacy Laws & Business

October 2024

Previous

Contents

Next