Bitkom wants to relax data protection for AI training
Companies should be allowed to train AI with personal data, says the industry association Bitkom. Otherwise, the German economy would be at a disadvantage.
(Image: Shutterstock/Phonlamai Photo)
The digital association Bitkom is calling for less stringent regulations on the handling of data for training artificial intelligence. In the run-up to an opinion from the European Data Protection Board (EDPB), it fears that companies will lack legal certainty when developing and using AI. The strictest possible interpretation of data protection laws would put companies at a competitive disadvantage internationally, says Susanne Dehmel, member of Bitkom's Executive Board
Bitkom: EDSA should recognize AI training as a legitimate interest
The training of AI models with personal data should be recognized as a legitimate interest of companies, according to a Bitkom position paper. The General Data Protection Regulation (GDPR) only allows the processing of personal data under defined conditions. One of these is the protection of so-called legitimate interests. It has not yet been clarified whether this includes the development and use of artificial intelligence. The EDPB's opinion should provide this clarity. Although these are not legally binding, the European Court of Justice and national courts are guided by them.
Recognition as a legitimate interest of companies does not automatically mean that they are allowed to use all personal data. In this case, the interests of the data subjects must be weighed against those of the company. In order to avoid court proceedings in which this balancing takes place on a case-by-case basis, the association is in favor of clear guidelines in this regard. According to Bitkom, 70 percent of companies see data protection violations as the greatest risk when using AI.
Without a legitimate interest, companies need consent
If the EDPB opposes the recognition of data processing as a legitimate interest and courts follow this view, companies can fall back on other requirements of the GDPR. They then require individual consent from the data subjects, who can withdraw their consent at any time. Alternatively, companies must anonymize the data so that it cannot be traced back to the respective individuals. However, according to the industry association, this is not always technically possible and involves a great deal of effort for small and medium-sized companies.
Videos by heise
The position paper does not take into account the consequences and potential risks for data subjects arising from the processing of personal data. Instead, Susanne Dehmel points out that not all AI services are available to citizens in Europe due to a lack of legal certainty. Bitkom is an interest group made up of more than 2,000 companies from the IT and telecommunications sector. It represents the economic and political interests of its members. The association recently spoke out in favor of strengthening Germany's digital sovereignty and the construction of data centers.
(sfe)
