On 29 June, the European Data Protection Supervisor (EDPS) published his opinion
on the Commission's White Paper on “Artificial Intelligence” dated 19 February. He follows the Commission's views on many areas but also differs from them on
some essential points. This is most evident in the Commission's regulatory
approach, which distinguishes only between two levels of risk, with robust
additional rules only for high-risk algorithms.
According to the EDPS, a
nuanced approach would be preferable, allowing for gradual assessments.
Furthermore, certain requirements should be applied to all types of AI,
regardless of the level of risk, such as the principle of transparency or the
prohibition of unfair discrimination.
Inaccuracies in the definition of
"artificial intelligence" are viewed with criticism. The Commission
document offered several approaches without specifying which one should be used
as the basis for a new legal instrument. However, the proposal of the EDPS does
not provide clarity in this respect either. The industrial policy orientation
of the Commission's initiative, which aims to promote an accelerated broad use
of AI, e.g. in public administrations, is also viewed with scepticism.
In contrast, AI is not a cure-all, but a
tool whose use should be assessed on a case-by-case basis. In particular, the
assertion was not substantiated that the technology was already ripe for
large-scale application in the health sector; such statements promoted the risk
of "blind" application.
The European Data Protection Supervisor's report leaves the question
of whether new European rules on the targeted use of AI are indeed necessary
open. In any case, there was no need for European data protection rules. These
are technology-neutral and do not prevent the use of new technologies. However,
the need for a change in European liability rules was not sufficiently clearly
elaborated in the White Paper. The problem of subsequent changes to software
already in use is not new and above all not specific to AI. First of all, he
said, it is now a question of ensuring that existing EU legislation is applied
Whatever new European regulatory framework
for AI is planned, it should clearly define, in the context of the impact
assessment, where there are currently regulatory gaps. Any future legal
framework must respect privacy and human rights, including the principles of
transparency, traceability, human control and non-discrimination.
EDPS's position is accessible here.