The EDPS published today its own-initiative Opinion on the Artificial Intelligence Act (AI Act) as this proposed Regulation enters the final stages of negotiations between the EU’s co-legislators. The AI Act aims to regulate the development and use of Artificial Intelligence (AI) systems in the EU, including in the EU institutions, bodies, offices and agencies (EUIs). With this Opinion, the EDPS provides specific suggestions focusing on the EDPS’ future tasks as the authority in charge of overseeing AI systems in the EUIs.
Wojciech Wiewiórowski, EDPS, said: “It is my duty to ensure that the tasks and duties of the EDPS, as the future AI Supervisor of the EUIs, are clearly spelled out so that we can guarantee that the AI systems used and developed by EUIs are safe and sound. I also reiterate my call for the prohibition of AI systems posing unacceptable risks to individuals.”
As stated by the European Data Protection Authorities in the EDPS-EDPB Joint Opinion on the AI Act, it is paramount that the use of AI systems that pose unacceptable risks to individuals and their fundamental rights are prohibited. This includes the prohibition to use AI systems for automated recognition of human features and other behavioural signals in public spaces, and the categorisation of individuals based on their biometric features, for example. Using AI systems and high-risk AI systems in these contexts should be prohibited due to their high level of intrusiveness into individuals’ lives, and their impact on human dignity.
The AI Act designates the EDPS as notified body and market surveillance authority to assess the conformity of high-risk AI systems that are developed or deployed by EUIs; as well as competent authority for the supervision of the provision or use of AI systems by EUIs. Based on its experience with enforcing fundamental rights, the EDPS stands ready to take on the role of AI Supervisor of the EUIs. In this context, the EDPS requests that its role, tasks and powers are clarified under the AI Act, taking into account the particularities of the legal framework applicable to EUIs. The EDPS also reiterates the need for appropriate financial and human resources to fulfil its role as AI Supervisor.
The EDPS considers that individuals affected by the use of AI systems should be provided with the right to lodge a complaint before a competent authority, in case providers and users of AI systems infringe on the AI Act. To this end, the AI Act should explicitly include the competence of the EDPS to receive complaints. More broadly, the EDPS recommends that data protection authorities are designated as national supervisory authorities under the AI Act to cooperate with authorities that have specific expertise in deploying AI systems, to ensure trustworthiness.
Persuaded that a European approach to enforcing the AI Act is essential, especially in cross-border cases, the EDPS welcomes the establishment of the European Artificial Intelligence Office (AI Office). The EDPS supports the objectives of the AI Office to centralise the enforcement of the AI Act in certain cases and to harmonise its application across the EU Member States. The EDPS also stands ready to perform joint investigations on equal footing with national supervisory authorities, as well as take part in the other activities of the AI Office.
Accordingly, the EDPS calls the co-legislator to attribute the voting rights to the EDPS as full member of the AI Office’s management board. Building on its experience as provider of the EDPB Secretariat, which has led to substantial savings and synergies, the EDPS requests to take on this role for the AI Office as well.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.