On November 8th, 2022, the Information Commissioner’s Office (British DPA) published a document entitled ‘How to use AI and personal data appropriately and lawfully’, which is a guide to how data controllers should use AI systems in accordance with the law and in particular with people’s fundamental rights. This publication also contains a ‘frequently asked questions’ section which addresses certain specific issues that data controllers may have to deal with.
The Italian ‘Garante per la protezione dei dati personali’ (Italian data protection authority) published a press release on November 14th, 2022, in which it announced that it had opened two separate investigations into the use of ‘smart video systems’ by two Italian municipalities.
The ‘Commission Nationale de l’Informatique et des Libertés’ (CNIL – the French DPA) released its final decision on October 20th, 2022, sanctioning Clearview AI for its unlawful activity, which consists of collecting images of millions of individuals from the open web without any legal basis under the GDPR for doing so.
On October 13th, 2022, the European Data Protection Supervisor (EDPS) published an Opinion entitled “Recommendation for a Council Decision authorising the opening of negotiations on behalf of the European Union for a Council of Europe convention on artificial intelligence, human rights, democracy and the rule of law”. This independent supervisory authority welcomes the initiative taken by the European Commission to authorise negotiations on behalf of the EU regarding the future Council of Europe’s (CoE) Convention on Artificial Intelligence (AI).
In October 2022, the White House released its white paper on AI. The ‘Blueprint for an AI Bill of Rights. Making Automated Systems Work for the American People’ intends “to guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence”. The framework was published by the White House Office of Science and Technology Policy, which is responsible for providing the President and his Executive Office with advice on numerous topics, including technology and national security.
An algorithmic tool designed to “predict migration flows” and “detect risks of tensions related to migration” is being developed by the EU as part of its security program. Against this background, a group of civil society organisations and individuals published a joint letter highlighting the risks posed by this technology in terms of criminalising migration and undermining human rights.
On September 24th, 2022, the French NGO ‘La Quadrature du Net’ challenged the use of technology-driven tools by French police forces before the Commission Nationale de l’Informatique et des Libertés (CNIL – French DPA). By means of three separate complaints, the NGO wants to raise awareness about what it calls the ‘technopolice’, which amounts to the police using methods that may pose risks to privacy. These complaints follow a petition published by LQDN which collected 15 248 signatures.
An Argentinian Court has declared the use of the ‘Facial Recognition for Fugitives System’ (Sistema de Reconocimiento Facial de Prófugos), deployed in Buenos Aires in 2019, unconstitutional. In April 2022, in response to the legal challenge presented by Observatorio de Derecho Informático Argentino (ODIA), and several other human rights organisations, the judge suspended use of the system.
European Digital Rights (EDRi), an association of civil and human rights organisations, published, on September 7th, 2022, its position paper on the European Union’s proposed “Regulation on automated data exchange for police cooperation”, known as Prüm II. The report underlines several issues concerning the draft regulation, the purpose of which is to modify the data sharing process between EU member states, by including, among other things, ‘automated searching of facial images’.
On August 30th, 2022, the Conseil d’Etat (French Council of State) released a report, commissioned by former Prime Minister Jean Castex on June 24th, 2021, proposing a landscape of AI technology deployed in the public sector, which examines the technical, operational, ethical and legal aspects of this issue.
For several years now, the European Commission has been working on a number of projects concerned with regulating Artificial Intelligence, digital services, and digital markets. It has now issued a proposal for tighter rules on liability with regard to the technology industry. Amid these developments, a coalition of start-ups, small and medium enterprises, and technology companies sent a letter, dated August 24, 2022, to the European Commission expressing their concerns about the forthcoming European legislation, which seeks to modify the liability rules concerning artificial intelligence.
On August 26, 2022, the European Commission published a set of rules that it says automated driving systems (ADS) must meet in order to be approved. The regulation focuses on the need to assure that performance requirements are met, and the safety of automated driving systems demonstrated, before they can be approved. For this purpose, the Commission considers it necessary to introduce measures aimed at making automated driving systems more safe, and strict parameters regarding their manufacture.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.