news 
EU privacy body weighs in on some tricky GenAI lawfulness questions
The European Data Protection Board (EDPB) has issued a statement clarifying its stance on the legal implications of using Generalized Artificial Intelligence (GenAI) systems, particularly in relation to personal data protection.
In recent years, GenAI has become increasingly popular for its ability to learn and adapt without being explicitly programmed. While this technology holds tremendous potential for innovation and improvement of various industries, it also raises significant concerns about its impact on individual privacy rights.
The EDPB’s statement emphasizes that the General Data Protection Regulation (GDPR) remains applicable even in cases where AI systems are used. According to the regulation, personal data processing must be lawful, fair, transparent, and accountable. The board stresses that this requirement does not change with the introduction of GenAI or any other form of artificial intelligence.
One of the most pressing concerns surrounding GenAI is its ability to make decisions without human oversight. The EDPB emphasizes that even though AI systems may be capable of making autonomous decisions, they are still accountable for those decisions under the GDPR.
“This means that companies using GenAI must ensure not only that their AI systems are transparent about the data they process but also that they provide justifiable grounds for any automated decision made,” stated a senior EDPB official. “In cases where an AI system is unable to explain its reasoning, human oversight and review mechanisms are necessary to guarantee compliance with the GDPR.”
Another issue raised by GenAI is the potential for it to perpetuate biases present in existing data sets. The board acknowledges this risk but stresses that companies have a responsibility to take proactive measures to address these concerns.
“It is unacceptable that an AI system, even if it was trained on biased data, would be allowed to further amplify and disseminate those biases without being held accountable,” said the official. “Companies must engage in robust testing and quality assurance procedures to detect any potential biases before deploying GenAI systems.”
The EDPB’s statement comes as a warning to companies considering the adoption of GenAI technology that they cannot simply rely on the AI system’s abilities alone to comply with EU data protection regulations. Instead, they must ensure that their AI systems are integrated into broader privacy and ethics frameworks.
While some industry observers had hoped for greater clarification or loopholes in the GDPR regarding AI, the EDPB’s statement underscores the need for companies to take a more nuanced approach when developing and deploying GenAI technology.
In conclusion, it is essential for organizations considering GenAI adoption to familiarize themselves with the EDPB’s stance on these issues.
Source: techcrunch.com
