Analysis
AI Act vs GDPR: A Brief Overview
June 10th, 2024
MyData-TRUST often send DPOs to attend the IAPP KnowledgeNet sessions, such as the one held on 28th May 2024. One of our DPO, Dewan Tauhida Akther, will share in this Blog her analysis and feedback about this session, which delved into the intricacies of the latest legislative development on Artificial Intelligence (“AI”): The EU AI Act. Like many participants, she was keen on understanding the implications behind this framework, particularly on how to prepare for the business challenges and opportunities that AI governance presents.
GDPR Vs AI Act
The AI Act has a broad territorial scope and impacts operators both inside and outside of the EU, much as the EU General Data Protection Regulation. It highlights severe repercussions, including hefty penalties and an efficient regulatory enforcement system.however, the EU AI Act is a product safety legislation, whereas the GDPR focuses on the rights of individuals. Despite this distinction, both pieces of legislation prioritize fundamental rights.
While the AI Act shares similarities with the GDPR, there are notable differences, particularly between the GDPR’s transparency principle and the AI Act’s literacy principle.
Under the GDPR, transparency pertains to informing data subjects about how their data is processed. However, the AI literacy principle in the AI Act diverges significantly. It does not mandate disclosing the specifics of AI training data, as this could reveal trade secrets.
Among 113 articles and 68 defenitions of the EU AI Act, Article 4 of the EU AI Act states: “Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used.” This indicates that AI literacy is crucial for everyone involved, from providers and deployers to staff in various contexts.
Conclusion
Although the full impact of the AI Act on privacy professionals is yet to be seen, it was clear that the act would pose significant challenges. These challenges include implementation, coordination among member states, and interaction with other legislations.