European legislator and the European Data Protection Supervisor emphasize the 25 26 connection and the need for harmonization between acts on artifcial intelligence and the General Data Protection Regulation (hereafter: GDPR). In case of a data leak, there is (obviously) a breach directly involving the processing of personal data. Therefore, as also the same acts on artifcial intelligence would seem to suggest, the GDPR will be applied, with all that goes with it. It would seem natural, therefore, to apply the liability regime provided by the above-mentioned legislation, that establishes for a very strict liability system; it is referred to as strict liability in charge of the personal data controller or data processor. Hence, the crucial importance of coordination with other regulations. Let’s take now the case mentioned before of facial recognition at the airport, at security checkpoints. In such a case, as provided by the AIA, it is a biometric system, which is categorized as high risk, with the resulting liability regime. It may happen that the person undergoing the security check is mistaken for a terrorist and stuck at the airport. These are the well-known cases of mismatch. In such cases, the European Parliament Resolution of 2020 provided for a strict liability regime for high-risk AI systems. 27 Today there is a change of course. On 28 September 2022, the European Commission published two proposals aimed at modernizing product liability rules in the digital age. The As an example, one may recall the explenatory memorandum of the AIA, point 1.2., entitled «Consistency 25 with existing policy provisions in the policy area». The text reads: « (…) Consistency is also ensured with the EU Charter of Fundamental Rights and the existing secondary Union legislation on data protection, consumer protection, non-discrimination, and gender equality. The proposal is without prejudice and complements the General Data Protection Regulation (Regulation (EU) 2016/679) (…) ». Moreover, the picture would not be complete if other legislative proposals were neglected. These are initiatives concerning the subject of personal data, aimed at realizing the project of a single European data market. Some legislative projects have already been approved (the reference is to the Digital Service Act and the Digital Market Act) while others are still in a gestation phase. The reference is to the Data Governance Act and the Data Act. As regards the Digital Service Act the text is available at the link: https://www.europarl.europa.eu/ doceo/document/TA-9-2022-0269_EN.pdf. As regards the Digital Market Act the text is available at the link: https://www.europarl.europa.eu/doceo/document/TA-9-2022-0270_EN.pdf. The profound interrelationship between AI and data protection was underscored by the joint opinion n. 5, 26 2021 of the European data protection supervisor (hereafter: Edps) and the European data protection board (hereafter: Edpb). Moreover, on the Italian side, the following should be noted: the European Data Protection Supervisor in the Memorandum presented last March 9 to the IX and X Joint Committees of the Chamber of Deputies on the Proposal: both transversal and united by representing the challenge, current and future, thrown by technology to the law and its possibility of regulating even what appears, in its incessant evolution, to be more refractory to the norm. European Parliament resolution of 20 October 2020 with recommendations to the Commission on a civil 27 l iabi l i ty regime for art ifcial intel l igence (2020/2014( INL) ) , avai lable at the l ink: https:// www.europarl.europa.eu/doceo/document/TA-9-2020-0276_EN.html#title1. 10
RkJQdWJsaXNoZXIy MTE4NzM5Nw==