AI regulation: data protection supervision left out?
Draft bill from Digital Affairs Ministry angers state data protection authorities but gains strong support from the business community.
(Image: Maksim Kabakou/Shutterstock.com)
Berlin data protection commissioner Meike Kamp has unusually strong words on behalf of all her colleagues in the federal states. "The corresponding draft bill leads to a massive weakening of fundamental rights", Kamp accuses the BMDS in a joint press release sent out on Thursday by the independent state supervisory authorities for data protection. But wasn't the dispute over who should be responsible for compliance with the EU's Artificial Intelligence Regulation in Germany decided long ago?
In fact, it was already the political intention of the traffic light government to place supervision of the AI Regulation largely in the hands of the Federal Network Agency. This is because it is in part a classic "market surveillance authority". However, the BMDS itself seems to want to go beyond this at one point, which would even require the creation of a new institution. In its von netzpolitik.org published draft of a speaker's draft, the stage before it is subsequently due to go to the federal cabinet, it has now envisaged setting up an "Independent AI Market Surveillance Chamber" at the Federal Network Agency. Instead of the data protection supervisory authorities. This is to be responsible for so-called high-risk AI systems.
High-risk AI: data protection experts warn of a breach of European law
However, the data protection supervisory authorities of the federal states do not just see this as a declaration of no confidence. They point out that the AI Regulation by no means provides for the establishment of any bodies. Instead, it stipulates that the data protection supervisory authorities are responsible. The wording now being considered by the BMDS for the proposal of a separate chamber at the Federal Network Agency was only included in the AI Regulation to do justice to national peculiarities in other countries. This includes the supervision of police and judicial data processing. "This decision is not at the disposal of the German legislator because European law has already regulated it differently", argues Kamp.
Videos by heise
It is obvious from the wording of the law that the EU legislator had not provided for new bodies. It is therefore unclear why the German government is taking a special path here: the authorities will remain responsible for the data processing required for high-risk AI applications for the foreseeable future. The German government has not yet specified its plans to further centralize data protection supervision over parts of the economy with the Federal Data Protection Commissioner.
Startup association welcomes centralization
Meanwhile, the BMDS proposal is welcomed by the Startup Association: "In Germany, we need strong, centralized market supervision for AI –, not a federal confusion of competencies," says its chairwoman Verena Pausder. "We are discussing simplifications to the AI Act at EU level and in Germany, 17 data protection authorities are discussing an unnecessarily complicated solution. That's small-minded."
The Federal Data Protection Commissioner Louisa Specht-Riemenschneider was not involved in the protest note from the independent state data protection commissioners. When asked by heise online why the BfDI was not involved, a spokesperson for the authority was unable to answer immediately.
(olb)
