Artificial intelligence restriction in European Union.
The EU AI Act is still under negotiation, so specifics may change. However, the core principles of risk-based categorization and obligations for high-risk and foundational models are likely to remain central to the final regulation. But, there are two direction where EU make restriction for using AI.
First restriction is Act to categorizes AI systems into different risk levels: unacceptable, high, limited, and minimal.
- • Unacceptable risk AI systems are prohibited. These include systems deemed to be a clear threat to safety, livelihoods, and rights, such as social scoring by governments and real-time biometric identification systems in publicly accessible spaces (with some exceptions).
- • High-risk AI systems face strict regulatory requirements before they can be put on the market. These systems include those used in critical infrastructure, law enforcement, education, employment, and essential private and public services. Requirements include conformity assessments, quality management systems, and technical documentation.
- • Limited risk AI systems have specific transparency obligations. Users must be aware they are interacting with an AI system, for example, chatbots.
- • Minimal risk AI systems face minimal regulatory intervention. Most AI systems fall into this category, such as spam filters or video games.
The EU AI Act is not finalized yet. It's still going through the legislative process. While the core principles are likely to remain, the details are subject to change before it becomes law. Therefore, there are no finished, enforceable regulations right now directly stemming from the AI Act itself.
Second restriction is GDPR (General Data Protection Regulation) policy.
Existing legislation like the GDPR (General Data Protection Regulation) already applies to AI systems. The GDPR governs data processing, including the data used to train and operate AI. This means that AI systems must comply with data protection principles like purpose limitation, data minimization, and accuracy. Also, individuals have rights regarding automated decision-making, including the right to an explanation.
Therefore, while the specific AI Act isn't in force yet, there are existing laws that impact AI development and deployment in the EU right now.
GDPR (General Data Protection Regulation) is lawfulness, fairness, and transparency: Data collection must have a lawful basis (like consent), be fair, and individuals should be informed about how their data is used.
- • Purpose limitation: Data can only be collected for specified, explicit, and legitimate purposes.
- • Data minimization: Only necessary data for the intended purpose should be collected.
- • Accuracy: Data should be accurate and kept up to date.
- • Storage limitation: Data should be kept only as long as necessary.
- • Integrity and confidentiality: Data should be processed securely.
- • Accountability: Organizations are responsible for demonstrating GDPR compliance.
- • Individual rights: Individuals have rights to access, rectify, erase, restrict processing, object to processing, and data portability. They also have rights related to automated decision-making and profiling.
- • Data breaches: Organizations must report certain data breaches to authorities and affected individuals.
- • Transfers to third countries: Specific safeguards are needed for transferring data outside the European Economic Area.
- • Supervisory authorities: Each EU member state has a supervisory authority to enforce the GDPR
You already must take explicit permission to collect information about you.
Explicit consent means freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. It must be clear what the data subject is consenting to.
Collecting location data also falls under GDPR and generally requires consent. Additionally, the purpose of the data collection must be clear and legitimate.
If you believe a website has unlawfully collected your sensitive information, you have the right to lodge a complaint with a supervisory authority in the EU. You also have the right to request access to, rectification, or erasure of your data.
Ai context:
)
|
|