Module 6: Current Laws that apply to AI Systems: Spotlight on the GDPR Flashcards
How does Article 22 of the GDPR impact AI?
The GDPR imposes a general prohibition on automated decision-making that can have a serious effect on an individual. Mitigations under the GDPR to allow automated decision-making include:
- explicit, freely given and informed consent
- a mechanism for individuals to request human intervention (a human review of an automated decision)
- contract fulfillment
- providing a means to opt-out
- redress (manual human review of an AI decision)
How does Article 35 of the GDPR impact AI?
It requires that a DPIA be conducted when processing poses a high risk to rights and freedoms of natural persons. One of those high risks is the use of new technology, such as AI. DPIAs have become a best practice to understand the implications of AI processing.
How does Recital 26 of the GDPR impact AI?
Pseudonymization can be an important tool to protect personal information used to train AI models. Pseudonymized data is considered personal data under the GDPR. (The GDPR does not apply to anonymized data.). True anonymization is very difficult to achieve, especially at scale, and greatly diminishes the utility of the data.
When is an AI conformity assessment triggered per the EU AI Act?
Depending on the risk to health, safety and fundamental rights of individuals.
What do DPIAs and AI conformity assessments have in common?
They are both methods of providing accountability in developing new technology and using data.