Skip to main content


AI Literacy: An IAPP KnowledgeNet Session on AI Governance

June 10th, 2024

MyData-TRUST often send DPOs to attend the IAPP KnowledgeNet sessions, such as the one held on 28th May 2024. One of our DPO, Dewan Tauhida Akther, will share in this Blog her analysis and feedback about this session, which delved into the intricacies of the latest legislative development on Artificial Intelligence (“AI”): The EU AI Act. Like many participants, she was keen on understanding the implications behind this framework, particularly on how to prepare for the business challenges and opportunities that AI governance presents.

Crucially, the presenter opened the session by drawing a stark distinction between the EU AI Act and the GDPR. In essence, the former is aimed towards product safety, whereas the latter concerns individual rights. Regardless, both aim to safeguard fundamental rights. While the AI Act shares similarities with the GDPR, there are notable differences, particularly between the GDPR’s transparency principle and the AI Act’s literacy principle.


Under the GDPR, the notion of ‘transparency’ concerns informing data subjects about how their personal data is processed. Conversely, the ‘AI Literacy’ principle diverges, significantly. Notably, the AI Act does not mandate disclosing the specifics of AI training models, as this could reveal trade secrets. This distinction was emphasized by a senior policy officer involved in drafting the AI Act.

Article 4 of the AI Act holds that: “Providers and deployers of AI systems shall take measures to ensure, to their best extent, a sufficient level of AI literacy of their staff and other persons dealing with the operation and use of AI systems on their behalf, taking into account their technical knowledge, experience, education and training and the context the AI systems are to be used in, and considering the persons or groups of persons on whom the AI systems are to be used.” This is highly indicative of AI Literacy’s cruciality. This extends to various parties, ranging from providers and deployers to staff in various scenarios.

The speakers outlined essential skills required to manage AI-related risks. This extends to interdisciplinary fields which includes policy and compliance, product management, technical knowledge, data management, cybersecurity, privacy, and fundamental rights. Although the full impact of the AI Act on privacy professionals is yet to be seen, it was clear that the Act would pose significant challenges. These challenges include implementation, coordination among Member States, and interaction with other legislations.


To conclude, the session was highly productive, providing valuable insight into the EU AI Act. One key take-away was highlighting the importance of knowledge surrounding AI Literacy. Moreso, concerned parties require a comprehensive understanding of their obligations throughout the product life cycle. This includes pre-emptive preparation (both technical and regulatory) to navigate the ever-evolving landscape of AI governance.

MyData-TRUST is here to support you on any question related to GDPR or AI Act. Feel free to contact us if you have any question or for any kind of collaboration on events such as this one.


Dewan Tauhida Akther

Data Protection Manager Associate


Jake Camilleri

Data Protection Lawyer