Source: Dentons

Dentons provides its monthly update on the evolving relationship between Artificial Intelligence regulation and the General Data Protection Regulation (GDPR) in the European Union. The analysis emphasizes that businesses deploying AI systems cannot view compliance with the AI Act in isolation; it is intrinsically linked with their existing obligations under the GDPR. The processing of personal data, which is fundamental to the functioning of many AI systems, must adhere to the core principles of the GDPR, including lawfulness, fairness, transparency, and data minimization.

The newsletter highlights several key points of intersection and potential friction. For example, the AI Act's requirements for data quality and governance for high-risk systems align with the GDPR's principles of data accuracy and integrity. However, the complexity of some AI models can make it challenging to fulfill the GDPR's transparency requirements and the right to an explanation for automated decisions. The article advises organizations to adopt an integrated compliance approach, ensuring that their Data Protection Impact Assessments (DPIAs) also consider the specific risks and requirements introduced by the AI Act. This holistic strategy is essential for navigating the complex and overlapping legal demands governing technology and data in the EU.