The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a joint opinion and a press release regarding the data protection implications raised from the Proposal for a regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act).
Besides the analysis of the key principles of the proposal, EDPB and EDPS highlight an important interplay between artificial intelligence (AI) and the data protection framework. One of the key points is the high risks posed by remote biometric identification of individuals in publicly accessible spaces. This constitutes processing of special categories of personal data, i.e. recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals.
At this stage, the recommendation by EDPB and EDPS is for a ban on AI systems using biometrics to categorize individuals into clusters based on ethnicity, gender, political or sexual orientation, or other grounds on which discrimination is prohibited under Article 21 of the Charter of Fundamental Rights. Moreover, the EDPB and EDPS deem the use of AI systems to infer emotions of a natural person as a “highly undesirable” practice that “should be prohibited”.
The role of data protection authorities
Nevertheless, another point raised by the EDPB and the EDPS is the role of the data protection authorities (DPAs) in relation to AI. The joint opinion clearly argues that the designation of DPAs as the national supervisory authorities for AI would ensure a more harmonised regulatory approach. Furthermore, such designation would contribute to the consistent interpretation of data processing provisions and avoid contradictions in its enforcement among Member States.
Joint-Opinion-5_2021-on-the-proposal-for-Regulation-of-the-European-Parliament-and-of-the-Council-laying-down-harmonised-rules-on-artificial-intelligence-Artificial-Intelligence-Act