Mending Lacunas in the EU’s GDPR and Proposed Artificial Intelligence Regulation

Brown, Rafael; Truby, Jon; Ibrahim, Imad Antoine

doi:10.2478/eustu-2022-0003

Abstract

The European Union (EU) is leading in the regulation of data privacy and artificial intelligence through the General Data Protection Regulation (GDPR), the proposed European Commission (EC) regulation, and the proposed European Parliament (EP) regulations concerning Artificial Intelligence (AI). The EU also regulates AI through ethical aspects and Intellectual Property Rights as well as the Council of Europe’s conclusions concerning the use of sandboxes regulations and experimentation clauses. This article highlights the EU’s missed opportunities to create synergies between the GDPR and the proposed AI regulations, given that in several instances they deal with issues that must be regulated from an AI perspective, while simultaneously ensuring data protection of EU citizens. In particular, the EU’s ad hoc approach to AI regulation creates lacunas because of its failure to fully integrate the essential components of AI data and algorithm within a regulatory framework.

References

ADADI, A., BERRADA, M. Peeking Inside the Black-Box: A Survey on Explainable Artificial Intelligence (XAI). IEEE Access. 2018, vol. 6, pp. 52138–52160.
Search in Google Scholar Back to article
BHAIMIA, S. The General Data Protection Regulation: the Next Generation of EU Data Protection. Legal Information Management. 2018, vol. 18, no. 1, pp. 21–28.
Search in Google Scholar Back to article
BROUDE, T. Keep Calm and Carry On: Martti Koskenniemi and the Fragmentation of International Law. Temple International & Comparative Law Journal. 2013, vol. 27, no. 2, pp. 279–292.
Search in Google Scholar Back to article
BROWN, R. Property Ownership and the Legal Personhood of Artificial Intelligence. Information & Communications Technology Law. 2021, vol. 30, no. 2, pp. 208–234.
Search in Google Scholar Back to article
Commission Regulation 2016/679 of Apr. 27, 2016, On the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), 2016 O.J. (L 119). [online]. Available at: https://op.europa.eu/s/omni [GDPR].
Search in Google Scholar Back to article
Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions. Artificial Intelligence for Europe {SWD(2018) 137 final}.
Search in Google Scholar Back to article
Council of the European Union, Council Conclusions on Regulatory sandboxes and experimentation clauses as tools for an innovation-friendly, future-proof and resilient regulatory framework that masters disruptive challenges in the digital age, Brussels, Nov. 16, 2020.
Search in Google Scholar Back to article
DE HERT, P., PAPAKONSTANTINOU, V. The Right to Data Portability in the GDPR: Towards User-Centric Interoperability of Digital Services. Computer Law & Security Review. 2018, vol. 34, no. 2, pp. 193–203.
Search in Google Scholar Back to article
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995.
Search in Google Scholar Back to article
European Commission, AI-HLEG, High-Level Expert Group on Artificial Intelligence. A definition of AI: Main capabilities and Scientific Disciplines [online]. Available at: https://ec.europa.eu/digital-single-market/en/news/definition-artificial-intelligence-main-capabilities-and-scientific-disciplines
Search in Google Scholar Back to article
European Commission, Fundamental Rights [online]. Available at: https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en
Search in Google Scholar Back to article
European Commission Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts (2021/0106) (COD) COM (2021) 206 Final.
Search in Google Scholar Back to article
European Data Protection Supervisor, The History of the General Data Protection Regulation. [online]. Available at: https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en [hereinafter History of GDPR].
Search in Google Scholar Back to article
European Parliament Resolution of 20 October 2020 with recommendations to the Commission on a civil liability regime for artificial intelligence (2020/2014(INL)). [online]. Available at: https://www.europarl.europa.eu/doceo/document/TA-9-2020-0276_EN.html
Search in Google Scholar Back to article
European Parliament, Framework of ethical aspects of artificial intelligence, robotics and related Technologies. European Parliament resolution of 20 October 2020 with recommendations to the Commission on a framework of ethical aspects of artificial intelligence, robotics and related technologies (2020/2012(INL)).
Search in Google Scholar Back to article
European Parliament, Intellectual property rights for the development of artificial intelligence Technologies. European Parliament resolution of 20 October 2020 on intellectual property rights for the development of artificial intelligence technologies (2020/2015(INI)).
Search in Google Scholar Back to article
FEFER, R. F. EU Data Protection Rules and U.S. Implications [online]. Available at: https://fas.org/sgp/crs/row/IF10896.pdf
Search in Google Scholar Back to article
GOOD, I. J. Speculations Concerning the First Ultra Intelligent Machine. In ALT, F., RUBINOFF, M. (eds). Advances in Computers. New York: Academic Press, 1965. vol 6, pp. 31–88.10.1016/S0065-2458(08)60418-0
Search in Google Scholar Back to article
Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD), Mario Costeja González, ECLI:EU:C:2014:131/12 [online]. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131
Search in Google Scholar Back to article
GOURGOURINIS, A. General/Particular International Law and Primary/Secondary Rules: Unitary Terminology of a Fragmented System. European Journal of International Law. 2011, vol. 22, no. 4, pp. 993–1026.
Search in Google Scholar Back to article
HAFNER, G. Pros and Cons Ensuing from Fragmentation of International Law. Michigan Journal of International Law. 2004, vol 25, no. 4, pp. 849–863.
Search in Google Scholar Back to article
HILDEBRANDT, M. The Artificial Intelligence of European Union Law. German Law Journal 2020, vol. 21, no. 1, pp. 74–79.10.1017/glj.2019.99
Search in Google Scholar Back to article
HOOFNAGLE, C. J., VAN DER SLOOT, B., BORGESIUS, F. Z. The European Union General Data Protection Regulation: What It is and What It Means. Information & Communications Technology Law. 2019, vol. 28, no. 1, pp. 65–98.
Search in Google Scholar Back to article
KOOPS, B.-J. The Trouble with European Data Protection Law. International Data Privacy Law, 2014, vol. 4, no. 4, pp. 250–261.10.1093/idpl/ipu023
Search in Google Scholar Back to article
KOSKENNIEMI, M., LEINO, P. Fragmentation of International Law? Postmodern Anxieties. Leiden Journal of International Law. 2002, vol. 15, no. 3, pp. 553–579.
Search in Google Scholar Back to article
KOSTA, E. Consent in European Data Protection Law. Martinus Nijhoff, 2013.10.1163/9789004232365
Search in Google Scholar Back to article
LOENEN, B., KULK, S., PLOEGER, H. Data Protection Legislation: A Very Hungry Caterpillar: The Case of Mapping Data in the European Union. Government Information Quarterly. 2016, vol. 33, no. 2, pp. 338–345.
Search in Google Scholar Back to article
MEDDIN, E. The Cost of Ensuring Privacy: How the General Data Protection Regulation Acts as a Barrier to Trade in Violation of Articles XVI and XVII of the General Agreement On Trade in Services. American University International Law Review. 2020, vol. 35, no. 4, pp. 997–1036.
Search in Google Scholar Back to article
MEGIDDO, T. Beyond Fragmentation: On International Laws Integrationist Forces. The Yale Journal of International Law. vol. 44, no. 1, pp. 115–147.
Search in Google Scholar Back to article
MONAJEMI, M. Privacy Regulation in the Age of Biometrics that Deal with a New World Order of Information. University of Miami International & Comparative Law Review. 2018, vol. 25, no. 2, pp. 371–408.
Search in Google Scholar Back to article
OECD, Artificial Intelligence in Society. Paris: OECD Publishing, 2019.
Search in Google Scholar Back to article
PETERSEN, K. GDPR: What (and Why) You Need to Know About EU Data Protection Law. AUG Utah Bar Journal. 2018, vol. 31, no. 4, pp. 12–16.
Search in Google Scholar Back to article
PRESCOTT, T. J. The AI Singularity and Runaway Human Intelligence. In: LEPORA, N., MURA, A., KRAPP, H. (eds.). Biomimetic and Biohybrid Systems. Heidelberg: Springer-Verlag, 2013.
Search in Google Scholar Back to article
PURTOVA, N. The Law of Everything. Broad Concept of Personal Data and Future of EU Data Protection Law. Law, Innovation and Technology. 2018, vol. 10, no. 1, pp. 40–81.
Search in Google Scholar Back to article
REDING, V. The Upcoming Data Protection Reform for the European Union. International Data Privacy Law. 2011, vol. 1, no. 1, pp. 3–5.
Search in Google Scholar Back to article
ROUVROY, A. Of Data and Men: Fundamental Rights and Freedoms in a World of Big Data (2016) 11 [online]. Available at: https://rm.coe.int/CoERMPublicCommonSearch-Services/DisplayDCTMContent?documentId=09000016806a6020
Search in Google Scholar Back to article
SARTOR, G. The Impact of the General Data Protection Regulation (GDPR) on Artificial Intelligence’ (2020) European Parliamentary Research Service, Panel for the Future of Science and Technology (June 2020) 6 [online]. Available at: https://www.europarl.europa.eu/RegData/etudes/STUD/2020/641530/EPRS_STU(2020)641530_EN.pdf
Search in Google Scholar Back to article
SEARLE, J. R. Minds, Brains, and Programs. Behavioral and Brain Sciences. 1980, vol. 3, no. 3, pp. 417–424.
Search in Google Scholar Back to article
SHEIKH, S. Understanding the Role of Artificial Intelligence and Its Future Social Impact. Hershey: IGI Global, 2020.10.4018/978-1-7998-4607-9
Search in Google Scholar Back to article
SIMMA, B. Universality of International Law from the Perspective of a Practitioner. European Journal of International Law. 2009, vol. 20, no. 2, pp. 265–297.
Search in Google Scholar Back to article
STARK, B. International Law from the Bottom Up: Fragmentation and Transformation. University of Pennsylvania Journal of International Law. 2013, vol. 34, no. 4, pp. 687–742.
Search in Google Scholar Back to article
TIKKINEN-PIRI, C., ROHUNEN, A., MARKKULA, J. EU General Data Protection Regulation: Changes and Implications for Personal Data Collecting Companies. Computer Law & Security Review. 2018, vol. 34, no. 1, pp. 134–153.
Search in Google Scholar Back to article
TRUBY, J., BROWN, R., DAHDAL, A. Banking on AI: Mandating a Proactive Approach to AI Regulation in the Financial Sector. Law and Financial Markets Review. 2020, vol. 14, no. 2, pp. 110–120.
Search in Google Scholar Back to article
TRUBY, J. Governing Artificial Intelligence to benefit the UN Sustainable Development Goals. Sustainable Development. 2020, vol. 28, no. 4, pp. 946–959.
Search in Google Scholar Back to article
TRUBY, J., BROWN, R. Human Digital Thought Clones: The Holy Grail of Artificial Intelligence for Big Data. Information & Communications Technology Law. 2021, vol. 30, no. 2, pp. 140–168.
Search in Google Scholar Back to article
VEALE, M. A Critical Take on the Policy Recommendations of the EU High-Level Expert Group on Artificial Intelligence. European Journal of Risk Regulation. 2020, vol. 11, no. 1, pp. 1.
Search in Google Scholar Back to article
VESNIC-ALUJEVIC, L., NASCIMENTO, S., PÓLVORA, A. Societal and Ethical Impacts of Artificial Intelligence: Critical Notes on European Policy Frameworks. Telecommunications Policy. 2020, vol. 44, no. 6, pp. 101961.
Search in Google Scholar Back to article
VOIGT, P., VON DEM BUSSCHE, A. The EU General Data Protection Regulation (GDPR): A Practical Guide. Cham: Springer, 2017.10.1007/978-3-319-57959-7
Search in Google Scholar Back to article
VOSS, W. G. European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting. The Business Lawyer. 2017, vol. 72, no. 1, pp. 221–233.
Search in Google Scholar Back to article
WELLENS, K. Fragmentation of International Law and Establishing an Accountability Regime for International Organizations: The Role of the Judiciary in Closing the Gap. Michigan Journal of International Law. 2004, vol. 25, no. 4, pp. 1159–1181.
Search in Google Scholar Back to article
ZARSKY, T. Z. Incompatible: The GDPR in the Age of Big Data. Seton Hall Law Review. 2017, vol. 47, no. 2, pp. 995–1020.
Search in Google Scholar Back to article
ZUBOFF, S. You are Now Remotely Controlled [online]. Available at: https://www.nytimes.com/2020/01/24/opinion/sunday/surveillance-capitalism.html
Search in Google Scholar Back to article

Mending Lacunas in the EU’s GDPR and Proposed Artificial Intelligence Regulation

Abstract

Paradigm

My account