On November 8th, 2022, the Information Commissioner’s Office (British DPA) published a document entitled ‘How to use AI and personal data appropriately and lawfully’, which is a guide to how data controllers should use AI systems in accordance with the law and in particular with people’s fundamental rights. This publication also contains a ‘frequently asked questions’ section which addresses certain specific issues that data controllers may have to deal with.
The Italian ‘Garante per la protezione dei dati personali’ (Italian data protection authority) published a press release on November 14th, 2022, in which it announced that it had opened two separate investigations into the use of ‘smart video systems’ by two Italian municipalities.
The ‘Commission Nationale de l’Informatique et des Libertés’ (CNIL – the French DPA) released its final decision on October 20th, 2022, sanctioning Clearview AI for its unlawful activity, which consists of collecting images of millions of individuals from the open web without any legal basis under the GDPR for doing so.
On October 13th, 2022, the European Data Protection Supervisor (EDPS) published an Opinion entitled “Recommendation for a Council Decision authorising the opening of negotiations on behalf of the European Union for a Council of Europe convention on artificial intelligence, human rights, democracy and the rule of law”. This independent supervisory authority welcomes the initiative taken by the European Commission to authorise negotiations on behalf of the EU regarding the future Council of Europe’s (CoE) Convention on Artificial Intelligence (AI).
On September 28th, 2022, the European Commission released two proposals, the aim of which is to regulate civil liability in relation to AI-enabled systems, drawing from the Commission’s White Paper1 considerations on the use of such systems: a revised version of the Defective Product Liability Directive (PLD)2 and a Directive that adapts non-contractual civil liability rules to Artificial Intelligence (AI Liability Directive)3. The combination of these proposals with that of April 21st, 2021, Laying Down Harmonized Rules On Artificial Intelligence (AI Act)4, will result in the national liability frameworks being adapted to the digital age, the circular economy and global value chains.
In October 2022, the White House released its white paper on AI. The ‘Blueprint for an AI Bill of Rights. Making Automated Systems Work for the American People’ intends “to guide the design, use, and deployment of automated systems to protect the American public in the age of artificial intelligence”. The framework was published by the White House Office of Science and Technology Policy, which is responsible for providing the President and his Executive Office with advice on numerous topics, including technology and national security.
An algorithmic tool designed to “predict migration flows” and “detect risks of tensions related to migration” is being developed by the EU as part of its security program. Against this background, a group of civil society organisations and individuals published a joint letter highlighting the risks posed by this technology in terms of criminalising migration and undermining human rights.
European Digital Rights (EDRi), an association of civil and human rights organisations, published, on September 7th, 2022, its position paper on the European Union’s proposed “Regulation on automated data exchange for police cooperation”, known as Prüm II. The report underlines several issues concerning the draft regulation, the purpose of which is to modify the data sharing process between EU member states, by including, among other things, ‘automated searching of facial images’.
On August 30th, 2022, the Conseil d’Etat (French Council of State) released a report, commissioned by former Prime Minister Jean Castex on June 24th, 2021, proposing a landscape of AI technology deployed in the public sector, which examines the technical, operational, ethical and legal aspects of this issue.
For several years now, the European Commission has been working on a number of projects concerned with regulating Artificial Intelligence, digital services, and digital markets. It has now issued a proposal for tighter rules on liability with regard to the technology industry. Amid these developments, a coalition of start-ups, small and medium enterprises, and technology companies sent a letter, dated August 24, 2022, to the European Commission expressing their concerns about the forthcoming European legislation, which seeks to modify the liability rules concerning artificial intelligence.
Due to the proliferation of “intelligent” video devices in public spaces, the French Data Protection Authority (CNIL) launched a public consultation on its draft position concerning the conditions for the deployment of so-called “smart” cameras in public spaces. Following several months of consideration, and various contributions from public and private actors, the Commission published its opinion last July.
On July 13th, 2022, the Greek Data Protection Authority (DPA) released its decision about the claims brought by the NGO Homo Digitalis on the processing of individuals’ biometric data by Clearview and fined Clearview 20 million euros. This lawsuit follows many similar cases filed by Noyb, Privacy International, and the Hermès Center for transparency and Digital Human Rights before the French, British, Italian and Austrian DPAs to stop the American start-up collecting biometric data belonging to European citizens.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.