Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Data Protection Authority’s role in the Artificial Intelligence Act framework

PrintMailRate-it

​​​​​​​​published on 24 September 2024 | reading time approx. 3 minutes


The AI Act, on a national level, will require an enforcement framework to be built a year after the act enters into force and will require establishing a “national competent authority” to oversee that the purpose of the AI Act is being met. This act will lay down harmonised rules on the placement on the market, putting into service and use of AI and puts out new market surveillance requirements in line with Regulation (EU) 2019/1020. It is a complimentary and mutually reinforcing legislation together with the Union data protection legislation and must keep to the data protection legislation’s goals and provided protection. 

Because of the close connection between AI and a person’s personal data the EDPB has made this statement to further highlight supervision and coordination issues that could occur from designating Member State competent authorities in areas that are so closely linked to data protection and intertwined with data protection authorities and others. Considering this, the statement of the EDPB calls attention to the important role of national data protection authorities in questions of processing of personal data and carrying out enforcement actions on AI-related issues making them indispensable actors in several sectors involving the use of AI systems. But it is also necessary to create a different authority to make a single contact point available for interactions between different regulatory bodies in accordance with the AI Act. With this the EDPB recommends that the national data protection authorities should also be designated as the market surveillance authorities for the high-risk AI systems. 

The statement relays that depending on the views of the data protection authorities they could also be granted authority over such high- risk AI system sectors that could impact natural persons rights and freedoms in connection to processing of personal data unless these sectors are already covered by the AI Act and its own “national competent authority”. This is recommended to enable a unified, consistent, and effective approach across the different sectors. There still must be a cooperation system between other entities who are tasked with the same objective. But it must be mentioned that no clear coordination has been established between the AI Office, which was created based on the AI Act, and the data protection authorities and EDPB so that is still an open question regarding this. 

The EDPB also highlights that whenever an AI model or system be it general-purpose or specialised entails processing of personal data it may fall under the supervision of national data protection authorities as it is necessary under the Article 8 of the Charter of Fundamental Rights of the European Union and Article 16 of the TFEU for them to be involved in matters relating to or that fall under the scope of Union data protection law. As such, the EDPB calls attention to the need of cooperation between the national data protection authorities and the EDPB as well as establishing such cooperation in the most effective way and in compliance with the principle of sincere cooperation.

 DATA PROTECTION BITES

AUTHOR

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney at Law, Cyber & Information Security Expert

Senior Associate

+371 6733 8125

Invia richiesta

 RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia. 
Deutschland Weltweit Search Menu