Rapid Rise and GDPR Scrutiny of New AI Systems

New artificial intelligence (AI) systems are emerging worldwide. The rapid rise of AI systems has triggered significant market reaction, leading to substantial selloffs in tech stocks. As new AI systems gain popularity, they draw increased scrutiny from EU data protection authorities. Questions arise whether these AI systems are compliant with the General Data Protection Regulation (GDPR). 

On January 30, the Italian Data Protection Authority (Garante) urgently imposed a ban (see article 58.2.f GDPR) on the processing of Italian users' data by companies behind a certain AI system. According to Reuters, other EU data protection authorities have also begun investigating the AI system's data sharing practices. A spokesperson for the French Data Protection Authority (CNIL) mentioned that "The CNIL's AI department is currently analyzing this tool." Similarly, the Irish Data Protection Authority (DPC) stated that "The Data Protection Commission (DPC) has written to [the AI company] requesting information on the data processing conducted in relation to data subjects in Ireland.". 

As businesses increasingly operate on a global scale, ensuring compliance with the GDPR for international data transfers is essential. This includes understanding the legal requirements for transferring data outside the EU/EEA and implementing appropriate safeguards to protect personal data. Contact Deloitte Legal today if you have any questions related to third-country transfers or data protection in general.