Artificial intelligence and personal data : topical issues on the occasion of the EU AI ACT
Τεχνητή νοημοσύνη και προσωπικά δεδομένα : επίκαιρα ζητήματα με αφορμή την Πράξη της Ευρωπαϊκής Ένωσης για την τεχνητή νοημοσύνη
Master Thesis
Author
Κωστοπούλου, Άλκηστη
Kostopoulou, Alkisti
Date
2022-07Advisor
Γκρίτζαλης, ΣτέφανοςPernul, Günther
View/ Open
Abstract
The Proposal for a European Regulation laying down harmonised rules on artificial intelligence (“Artificial Intelligence Act” or “AI ACT”) and amending certain union legislative acts also regulates issues related to personal data although a modern legislation already applies [Regulation 2016/679 (“General Data Protection Regulation”, “GDPR”), Directive 2016/680 (“Law Enforcement Directive”, “LED”) etc]. The question is why it is necessary to clarify such issues when there is already such recent legislation as the GDPR and the LED? Why have the European Parliament and the Council put forward such a proposal for a detailed regulation on artificial intelligence? In this regard: (a) Are the GDPR and the LED up to date to address artificial intelligence (“AI”)? Are they suitable and sufficient? If not, what is still missing? What is not yet covered? (b) Perhaps the European Union (“EU”) simply seeks to familiarize European citizens with artificial intelligence? How does the public perceive the use of artificial intelligence and data protection?
To answer the above, we present the concept and prehistory of AI and the EU legal ethics which are in place so far. We will further address the issues of biometric identification for law enforcement purposes and profiling of individuals' creditworthiness and social scoring as follows: Initially, a theoretically approach will take place and then a comparative analysis of the existing legal framework for the protection of personal data and the Proposal of the AI ACT. Finally, research will be carried out on German and Greek students, in order to evaluate if they are familiarized with issues related to processing personal data using AI systems.
From all the above, it becomes clear that the existing framework is adequate and appropriate for the protection of personal data. However, this does not underate the value of the Act, which, despite any failures in the text, can, by providing for appropriate technical and organisational measures, contribute to the principle of accountability. Its contribution will also be decisive in familiarising Europeans with the above concepts of data protection and automated data processing, as it has not yet been achieved.