The New Law Station’s Post

The world of data protection and privacy has legitimate reasons to be concerned about the development of Generative AI. Among others, these are major concerns: 1. Potential misuse and inadequate protection of personal data 2. Risk of synthetic data inadvertently revealing sensitive information 3. Bias and Discrimination: Possibility of encoded biases leading to unfair treatment 4. Identity Theft and Misinformation: Concerns about misuse for identity theft, fraud, and creation of deepfakes. 5. Difficulty in attributing responsibility for harmful activities. We look forward to OECD's recommendations and guidelines on how to face these very contemporary challenges!

What is the implementation timeline of EU #AIAct❓ How about compliance❓ Future of Privacy Forum has published an extremely handy timeline of the comprehensive implementation & compliance of the EU #AIAct. Plus, it provides a small description of Key Definitions (what is #AISystem, #AIOffice, #GPAI etc.) to introduce you to the basic notions of the Act. 📢 Two very interesting points caught my attention: 📌 “The AI Office will have to publish Code(s) of Practice for General Purpose AI (GPAI) within nine months after entry into force. (Art. 56(9)). If by 12 months no (adequate) CoP is in place, the EC may issue implementing acts”. 🤓 My POV: What is considered to be “adequate”, nobody can tell right now. Are 12 months sufficient to draft an adequate CoP? I don’t believe so. Technical advancement is going to be immense in the months to come, so AI Office has to pick up pace (after concluding its recruitment…). 📌 “Standards-setting process: To be in place before the general applicability of the AI Act. 30 April 2025 is set as the deadline for deliverables from EC’s standardization request ”. 🤓 My POV: C(2023)3215 Commission Implementing Decision was addressed to CEN and CENELEC in support of Union policy on artificial intelligence. The request was made on 22.05.2023 and expires on 28.02.2026. However, thought (10) C(2023)3215 states that: “Experience shows that during execution of the standardization request, it could be necessary to adjust the scope of the request or the deadlines set therein. CEN and CENELEC should therefore promptly report to the Commission if they consider that more time is required to draft the standards or the standardization deliverables than what was initially foreseen, or that it is necessary to adapt the scope of the request, in order to allow the Commission to take appropriate action, notably in order to ensure that appropriate technical specifications are still available on time to support the future EU rules on AI”. Therefore, there is still room for (requested) delay, should the process encounters obstacles, including the technologic advancement and the difficulty of “marrying” AI Systems with data protection, privacy and fundamental rights (Annex II of C(2023)3215). 🗝Key Outcomes: 🔎Harmonized standards on AI should be the key in matters like liability, transparency and governance. 🔎Harmonization will eventually lead to conformity from all the players, especially those who come to play in the EU grounds from the rest of the world. 🔎And, it is definitely certain that a standardization format by CEN and CENELEC will lead to worldwide adaptability and uniformity in AI systems’ development. It will be a long era, changes will flood from everywhere, but it is true: we are already experiencing the effects of the 4th Industrial Revolution… Many thanks to Dr. Gabriela Zanfir-Fortuna for posting the document and for Future of Privacy Forum for conducting it (always on 🔝💯) Document attached below 👇  

After years of anticipation, a crucial legislative reform that directly influences technology investments in Tuurkiye has been officially approved by the parliament. Artificial Intelligence (AI), with a history stretching over four decades, has re-entered the spotlight thanks to mass adoption driven by General AI tech with OpenAI initiatives. Yet, the truth is, AI's traces are embedded in many technological tools we use daily; we're just becoming more aware of its presence. And with this technology comes a plethora of innovation opportunities, all thirsty for one critical ingredient: data. Data is to technology what water is to life. It's heartening to see Turkey finally giving GDPR compliance the attention it deserves, a move that significantly boosts the country’s attractiveness for incoming international investments. The Personal Data Protection Law (KVKK) amendment proposal, discussed last week in the commission, was approved this morning by the General Assembly of the Turkish Grand National Assembly. The proposal is now headed to the President and is expected to be signed and published in the Official Gazette within 15 days. The amendments primarily introduce: 📌 New conditions for the transfer of data abroad, 📌 A definitive move to administrative judicial proceedings for objections against the decisions of the Personal Data Protection Authority, 📌 A relaxation of the strict rules governing the processing of special categories of personal data. For a detailed review of the reasoned articles of the law (articles 33-36), you can visit : https://lnkd.in/dgWbtmEC These changes mark a significant step towards aligning Turkiye's data protection regulations with international standards, opening doors for enhanced technological innovation and investment. #DataProtection #TechInvestment #GDPRCompliance #AI #Innovation

Panel discussion 23 May, Brussels 11:50 CET 👉  https://lnkd.in/eM2mE-hV The global race to regulate AI is no longer in its infancy, with countries around the world setting the tone for binding and non-binding regulatory standards. This panel explores what an international law on AI may look like noting that the impacts of AI systems are cross-border in nature. Crucially, the conversation will be informed by the role of data protection laws in informing AI norms. What are the challenges posed by transnational AI systems, and do current regulatory frameworks help to address them? What can we learn from international and regional data protection law to facilitate a global approach to AI regulation? How are regional AI norms and frameworks influencing one another? What would an international law on AI look like? Organised by Future of Privacy Forum, Belgium With Audrey Plonk, #oecdai Emma Redmond, #openai Bruno Bioni, Data Privacy Brasil Gregory Smolynec, Office of the Privacy Commissioner, #canada Bianca-Ioana M., Future of Privacy Forum, #belgium Register 👉  https://lnkd.in/gJCHPjp Karine Perset Celine Caira Luis Aranda Jamie Berryhill Lucia Russo Noah Oder John Leo Tarver ⒿⓁⓉ Rashad Abelson Angélina Gentaz Valéria Silva Bénédicte Rispal Robin Staes-Polet Johannes Leon Kirnberger Eunseo Dana Choi  Pablo Gomez Ayerbe Sara Fialho Esposito Nikolas S. Sarah Bérubé Guillermo H. #aipolicy #privacy #data #artificialintelligence #trustworthyai

📢 OECD Publishes Report on AI, Data Governance, and Privacy In the age of rapid digital transformation, the OECD.AI has published a report that highlights six critical policy considerations to ensure that AI systems are effective and respect user privacy : 1. Ensuring transparency in AI systems 2. Safeguarding data privacy 3. Enhancing data security measures 4. Promoting data access and sharing 5. Encouraging international cooperation 6. Regulating AI technology use effectively ➡ As the OECD explains, the report "maps the principles set in the OECD Privacy Guidelines (1980) to the OECD AI Principles (2023), takes stock of national and regional initiatives, and suggests potential areas for collaboration." ➡ "The report supports the implementation of the OECD Privacy Guidelines alongside the OECD AI Principles. By advocating for international co-operation, the report aims to guide the development of AI systems that respect and support privacy." CAIDP Executive Director Marc Rotenberg said, "The OECD AI and Privacy report is an important contribution to the field. Fairness, accuracy, and transparency are the foundation for data protection and remain central to the design of human-centric and trustworthy AI." Karine Perset Clarisse Girot Reuven Eidelman Denise Wong Dr. Clara Neppel Yordanka Ivanova Kari Laumann Winston Maxwell Marc Rotenberg Dominique Greene-Sanders Tamiko Eto Nayyara Rahman Merve Hickok Karine Caunes Center for AI and Digital Policy Europe #aigovernance #dataprotection #privacy #transparency #humancentric

This provides a solid foundation for developing a local legal framework (including white papers and Trustworthy AI concepts for financial regulators) grounded in the principles of the OECD and responsible AI deployment #ai #trustworthy

Will the EU AI Act Influence AI Governance in African Countries? ❓ What is the IA Act?   On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act). As the first legal framework on AI titled "European Union AI Act," it adopts a risk-based approach and provides AI developers and deployers with clear requirements and obligations regarding specific uses of AI. The aim of these new rules is to foster trustworthy AI in Europe and beyond by ensuring that AI systems respect fundamental rights, safety, and ethical principles, while addressing risks posed by very powerful and impactful AI models.   🤜 Who is Impacted?   This law impacts any company that offers AI systems in the EU market, regardless of the company's location. Even if both the company and the users are outside the EU, if the AI's results are utilized within the EU, the law still applies. This means that African AI companies targeting the European market will be significantly affected by this law.   🌊 Will there be a Brussels Effect?   The 'Brussels Effect' describes how the European Union's regulatory standards often become globally adopted, prompting entities worldwide, including multinational corporations, to adopt these standards to access the EU's lucrative market. Given the limited proactive measures in this field, African nations may find it necessary to develop regulations similar to the EU AI Act. For instance, the EU's General Data Protection Regulation (GDPR) has already influenced changes in African data protection laws.   🌏 What Should Be Done?   It is crucial for national AI governance strategies to be implemented to prepare for the impact of EU AI regulations. This doesn't mean that AI should be regulated simply because other regions are doing so, but rather to foster international cooperation, African countries should proactively address AI governance.   ⚙ Why Should This Be Done?   We have observed the effects of the EU GDPR on data protection practices in Africa. For example, many companies in Tunisia delayed implementing necessary data protection measures and, as a result, now struggle to form partnerships with European companies or to expand their operations there. Proactive engagement in formulating and adopting AI governance could prevent similar challenges and foster smoother international collaborations.    #aipolicy #trusworthyai #aiact #africa #technology #aigovernance  

Good policy considerations that all public bodies can relate to in this newly-published OECD report on AI, Data Governance and Privacy.

I think that international cooperation is of fundamental importance, which would ensure a balance of powers in which no country can dominate the others. But regulatory power will either lose or retain its role as a tool to protect individual sovereignties, or multilateralism will be an effective antidote to mitigating growing geopolitical tensions in the digital age? #artificialintelligence #ai #aiact #etichsai

🚨 The EU AI Act Has Entered into Force! 🚨 As of today, the EU AI Act (#AIA) is in force, marking a significant step forward in the regulation of artificial intelligence across Europe. However, it's important to understand that its applicability will be phased in over the next two years, with different stages rolling out at specific intervals. 📅 Immediate Milestones to Watch: November 2024: Member States will nominate the fundamental rights authorities responsible for compliance. February 2025: The prohibitions outlined in Article 5, addressing unacceptable risk AI applications, will come into effect. April 2025: Deadline for deliverables from the European Commission's standardization request (C(2023)3215), a crucial step in setting harmonized standards that will guide AI practices across the EU. May 2025: The AI Office will have to publish Code(s) of Practice for General Purpose AI (GPAI). 🛡️ Key Considerations: Data Protection: The EU’s data protection laws, including the GDPR and EUDPR, will continue to apply to any processing of personal data using AI. Ensuring compliance with these regulations remains essential. Role of Data Protection Authorities (DPAs): The European Data Protection Board (EDPB) has highlighted the crucial role DPAs will play in enforcing the AI Act. They are recommended as Market Surveillance Authorities (MSAs) for high-risk AI systems. Ongoing Discussions: The Hamburg DPA recently presented a discussion paper on the applicability of the GDPR to Large Language Models, sparking important discussions. Following experts like Dr. Markus Wünschelbaum and David Rosenthal is recommended for those interested in this evolving topic. 📊 Stay Informed: Check out the Future of Privacy Forum's good work on preparing this detailed infographic that covers the key dates and stages of the Act’s applicability. https://lnkd.in/e7UsHWA2