European Papers (Sep 2020)

AI Regulation Through the Lens of Fundamental Rights: How Well Does the GDPR Address the Challenges Posed by AI?

  • Fabienne Ufert

DOI
https://doi.org/10.15166/2499-8249/394
Journal volume & issue
Vol. 2020 5, no. 2
pp. 1087 – 1097

Abstract

Read online

(Series Information) European Papers - A Journal on Law and Integration, 2020 5(2), 1087-1097 | European Forum Insight of 20 September 2020 | (Table of Contents) I. Introduction. - I.1. AI and the need for a system of governance. - I.2. Introduction to AI and the risks it poses to fundamental rights. - II. An assessment of the Commission's concerns surrounding the EU's primary legal framework's suitability to address the risks posed by AI to fundamental rights. - III. An analysis of how well the GDPR addresses the challenges posed by AI to the fundamental rights of privacy, personal data protection, and non-discrimination. - IV. Conclusion. | (Abstract) In early 2020, the European Commission published a White Paper on artificial intelligence (AI) regulation, in which it highlighted the need to review the EU's legislative framework with a view to making it fit for the cur-rent technological developments. The aim of this Insight is to carry out such review from the perspective of fundamental rights. The Insight briefly assesses the Commission's concerns surrounding the suitability of the Union's primary legal framework to address the risks posed by AI. More specifically, the analysis is focused on the question concerning how well the GDPR addresses the challenges posed by AI to the fundamental rights of privacy, personal data protection, and non-discrimination - which are the three main intersections between AI and fundamental rights. The perspective adopted in the present study is particularly relevant because the need to regulate AI through the lens of fundamental rights law is still largely underdeveloped. Fundamental rights concerns are mainly triggered when the development and use of AI concern the processing of personal data and thus fall within the scope of application of the GDPR. In this Insight, it is argued that the GDPR is well equipped to disruptively challenge actual or potential undesirable uses and applications of AI but some deficiencies are also clearly visible. In particular, in relation to the concept of specific consent, the scope of the data subject's right to information, and on how best to conduct data protection impact assessments when it comes to guaranteeing a trustworthy fundamental rights compliance of the technology.

Keywords