Belgium (Brussels Morning Newspaper), In celebration of the European Data Protection Day, the Greek Institute of Artificial Intelligence, Personal Data, and Digital Governance “Rythmisis” participated in the annual conference held on January 25th in Brussels. The event was organized by the European Data Protection Board in collaboration with the Council of Europe.
The focus of the event was on the positive impact of the Amending Protocol, renewing the “Convention 108” of the Council of Europe on data protection, global data flow, and the protection of data subjects. Specifically, Convention 108 of the Council of Europe, established on January 28, 1981, regarding the protection of individuals concerning the automated processing of personal data, was the first legally binding international act in the field of data protection. Its purpose is to ensure respect for the rights and fundamental freedoms of every natural person, especially the right to privacy, concerning the automated processing of personal data.
The Amending Protocol aims to expand the Convention’s scope, enhance data protection levels, and improve its effectiveness. The Protocol, targeting the modernization and improvement of the Council of Europe’s Convention 108, considering new challenges in data processing since its issuance in 1980, has been approved by 31 countries and is expected to come into effect in 2024, after achieving 38 ratifications.
Additionally, the seminar highlighted data protection issues arising from the use of artificial intelligence systems and their interaction with the new legislative framework for Artificial Intelligence (AI Act), currently under negotiation in the Council of Europe. Participants emphasized the significance of this regulation for the global orientation, use, and implementation of artificial intelligence systems.
Political, academic, and professional figures participated in the seminar to discuss current projects, challenges, and the best ways to enhance personal data protection through technical or legislative tools. Speakers included Patrick Penninckx, Head of the Digital Development and Governance Department of the Council of Europe; Wojciech Wiewiórowski, European Data Protection Supervisor; Paul de Hert, Professor at the Free University of Brussels; Max Schrems, representative of NOYB; and MEP Dragoș Tudorache, who led the negotiations of the AI Act text.
During his lecture, Tudorache explained the difficulties raised during the trialogues and addressed recent legislative developments in the field of artificial intelligence, including the establishment of a new European entity, the AI Office. This office, established by the decision of the European Commission on January 24, 2024, will have autonomy, its budget, and independent objectives. According to the information released by the Commission, the decision to establish it will take effect on February 21 as an urgent matter, even before the official adoption of the AI Act.
Let’s now examine some key points we need to know about this new entity that will play a major role in the European digital market regulation.
1. The establishment of the AI Office has the following objectives:
• Promoting an understanding of the capabilities and trends of AI technologies, with special attention to General Purpose AI (GPAI) models and systems, to develop expertise and skills at the European Union level (including interaction with the scientific community).
• Contributing to the implementation, monitoring, and enforcement of the provisions and measures of the AI Act.
• Contributing to the implementation of international rules and principles for artificial intelligence, such as the Code of Ethics for productive AI models and Guidelines for creators of advanced AI systems by the G7 Leaders Group (see International Guiding Principles on Artificial Intelligence (AI) and a voluntary Code of Conduct for AI developers).
2. The AI Office will collaborate on various levels to fulfill its duties, including (i) collaboration with stakeholders (individuals and entities in civil society), (ii) cross-sectoral collaborations with authorities responsible for other areas (e.g., telecommunications), (iii) intergovernmental collaborations with EU member states, and (iv) international stakeholders.
3. The establishment of the AI Office will not affect the powers and competencies of national supervisory authorities for AI systems.
The establishment of the AI Office has not received a warm welcome from EU member states that already possess or plan to develop productive AI model technologies (e.g., France, and Germany). Specifically, criticism has been raised that the AI Office concentrates extensive supervisory, executive, and advisory powers, making it a powerful regulator in the emerging AI market.
After the adoption of the AI Act, a process expected to be completed by mid-March 2024 and within two years, the establishment of a similar national competent authority for each EU member state is anticipated. This authority will be responsible for overseeing and guiding companies that produce and use AI models. Among other duties, this entity will be obliged to create sandboxes for AI technology manufacturers and submit an annual report on its activities to the European AI Office.
In Greece, current thoughts lean towards the elevation of either the existing Hellenic Data Protection Authority or the Hellenic Telecommunications & Post Commission as the competent authority for AI regulation. However, given the uniqueness of artificial intelligence use cases and the specificity and complexity of this technology, it would be advisable to discuss the possibility of creating a new authority with specialized personnel, knowledgeable about the technological and legal issues posed by its use. This new authority would and should be required to interact with existing established authorities.
The aforementioned developments at the European level are not long before bringing practical implementation and consequences to the Greek economy. The public sector seems ready to enter the era of artificial intelligence, with the digitization of applications (e.g., ktimatologio.gov.gr, wallet.gov.gr) and the introduction of the digital AI assistant mAIgov, based on a generative large language model.
On the private sector side, which is always at the forefront of developments, having already incorporated low-risk artificial intelligence technologies at various levels (e.g., personalized advertisements, chatbots, etc.), it now faces the challenge of creating ethical policies and strategies regarding the tools it incorporates into its workflows.
The new Regulation (AI Act) leaves little time for compliance with quite complex requirements, especially for high-risk use cases, whilst it threatens significant fines. The security feeling of the customers though, which is created by being compliant and respectful towards the European and national regulations on AI, can offer a great competitive advantage and motive that businesses should not overlook.
First publication in Greek: https://www.epixeiro.gr/article/458298