The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce released, on January 26, 2023, the AI Risk Management Framework (AI RMF 1.0.) in collaboration with the private and public sectors.

Data is the fuel of AI systems. Anonymisation has been presented as a panacea to protect personal data while enabling AI innovation. However, the growing efficiency of re-identification attacks on anonymised data raises a series of legal questions. 

The purpose of the Convention is to ensure that during their lifecycle, AI systems fully comply with human rights, respect the functioning of democracy and observe the rule of law, regardless of whether these activities are undertaken by public or private actors. The design, development and application of AI systems used for purposes related to national defence are expressly excluded from the scope of this Convention. The negotiators seem to agree that such a Convention must be seen first and foremost as a broad framework which might be supplemented by further obligations in more specific fields.

On December 8th, 2022, the European Union Agency for Fundamental Rights (FRA) published a report on algorithm biases, in particular when used for predictive policing and offensive speech detection.

On December 15th, 2022, the European Union adopted an interinstitutional declaration on digital rights and principles that will guide the EU’s ambition to be “digitally sovereign in an open and interconnected world, and to pursue digital policies that empower people and businesses to seize a human centred, sustainable and more prosperous digital future”.

On November 8th, 2022, the Information Commissioner’s Office (British DPA) published a document entitled ‘How to use AI and personal data appropriately and lawfully’, which is a guide to how data controllers should use AI systems in accordance with the law and in particular with people’s fundamental rights. This publication also contains a ‘frequently asked questions’ section which addresses certain specific issues that data controllers may have to deal with. 

The Italian ‘Garante per la protezione dei dati personali’ (Italian data protection authority) published a press release on November 14th, 2022, in which it announced that it had opened two separate investigations into the use of ‘smart video systems’ by two Italian municipalities.

In October 2022, the White House released its white paper on AI. The ‘Blueprint for an AI Bill of Rights. Making Automated Systems Work for the American People’ intends “to guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence”. The framework was published by the White House Office of Science and Technology Policy, which is responsible for providing the President and his Executive Office with advice on numerous topics, including technology and national security.  

An Argentinian Court has declared the use of the ‘Facial Recognition for Fugitives System’ (Sistema de Reconocimiento Facial de Prófugos), deployed in Buenos Aires in 2019, unconstitutional. In April 2022, in response to the legal challenge presented by Observatorio de Derecho Informático Argentino (ODIA), and several other human rights organisations, the judge suspended use of the system. 

For several years now, the European Commission has been working on a number of projects concerned with regulating Artificial Intelligence, digital services, and digital markets.  It has now issued a proposal for tighter rules on liability with regard to the technology industry. Amid these developments, a coalition of start-ups, small and medium enterprises, and technology companies sent a letter, dated August 24, 2022, to the European Commission expressing their concerns about the forthcoming European legislation, which seeks to modify the liability rules concerning artificial intelligence.

Due to the proliferation of “intelligent” video devices in public spaces, the French Data Protection Authority (CNIL) launched a public consultation on its draft position concerning the conditions for the deployment of so-called “smart” cameras in public spaces. Following several months of consideration, and various contributions from public and private actors, the Commission published its opinion last July.

On July 13th, 2022, the Greek Data Protection Authority (DPA) released its decision about the claims brought by the NGO Homo Digitalis on the processing of individuals’ biometric data by Clearview and fined Clearview 20 million euros. This lawsuit follows many similar cases filed by Noyb, Privacy International, and the Hermès Center for transparency and Digital Human Rights before the French, British, Italian and Austrian DPAs to stop the American start-up collecting biometric data belonging to European citizens.