AI Act: EU data protectionists want to take control of the AI regulation
Following the German data protection experts, the EU Data Protection Committee is calling for the controllers to be responsible for AI market surveillance.
(Image: StudioProX/Shutterstock.com)
The German Federal and State Data Protection Conference (DSK) has received EU-wide support for its appeal to be entrusted with the enforcement of the new regulation for systems with artificial intelligence (AI Act). The European Data Protection Board (EDPB) emphasized in a statement on Tuesday that the European data protection authorities "already have experience and expertise in dealing with the impact of AI on fundamental rights". They should therefore be designated "in a number of cases as market surveillance authorities" for the AI Act.
This would ensure better coordination between the various regulatory authorities, increase legal certainty for all parties involved and strengthen the enforcement of both the AI Act and EU data protection law, the EDPB justifies its demand. Contradictions would be avoided and synergies created. Above all, close cooperation with the new European AI office is necessary.
"Complete independence" and expertise
In particular, data protection authorities should monitor high-risk AI systems "used for law enforcement, border management, administration of justice and democratic processes" in accordance with the regulation, writes the body. It suggests that member states also use data protection controllers for other applications classified accordingly. This is particularly important if they are used in sectors where the rights and freedoms of citizens are "likely to be adversely affected" when processing personal data.
The EDPB believes that data protection officers should become the central point of contact on the subject. Its deputy chair Irene Loizidou Nicolaidou was convinced "that data protection authorities are ideally suited to this role due to their complete independence and deep understanding" of AI risks.
Alternative: Federal Network Agency - or a new authority
EU countries have until August 2, 2025 to adopt implementing laws in which they designate general market surveillance authorities for compliance with the regulation. While the DSK also feels predestined for this role, other experts argue in favor of the Federal Network Agency and, in the medium term, a separate higher federal authority for digital matters. This is the only way to ensure "uniform supervisory density".
The EDPB has also adopted two lists of questions and answers on the EU-US data protection framework, which should provide more clarity on how it works.
(ds)
