Abstract
The presented paper focuses on the analysis of strategic documents at the level of the European Union (EU) concerning the regulation of artificial intelligence as one of the so-called disruptive technologies. In the first part of the article, we outline the basic terminology. Subsequently, we focus on the summarizing and systemizing of the key documents adopted at the EU level in terms of artificial intelligence regulation. The focus of the paper is devoted to issues of personal data protection and cyber security included in these strategic documents. The final part contains recommendations for future research and evaluation of its key features.
Similar content being viewed by others
Availability of data and material
Not applicable.
Notes
As a specific example we could mention the use of AI within the Netflix streaming service. This company collected data on users of the service for a certain period of time (their interactions, preferred series and movies or other preferences) and then inserted this data into an algorithm that processed the data and designed the contours of a potentially successful series or specific marketing strategies for individual users. Adalian (2018) Inside the Binge Factory. Vulture Website. https://www.vulture.com/2018/06/how-netflix-swallowed-tv-industry.html. Accessed 16 March 2020.
European Parliament (2017) European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics. European Parliament Website. https://www.europarl.europa.eu/doceo/document/TA-8-2017-0051_EN.html. Accessed 16 March 2020.
European Commission (2018a) Communication from the commission to the European Parliament, the European council, the council, the European economic and social committee and the committee of the regions Artificial Intelligence for Europe. {SWD(2018) 137 final}. European Commission Website. https://ec.europa.eu/transparency/regdoc/rep/1/2018/EN/COM-2018-237-F1-EN-MAIN-PART-1.PDF. Accessed 16 March 2020.
European Commission (2020a, b) European legislation on open data and the re-use of public sector information. https://ec.europa.eu/digital-single-market/en/european-legislation-reuse-public-sector-information. Accessed 16 March 2020.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). OJ L 201, 31.7.2002, p. 37–47.
European Commission (2018a) Coordinated Plan on Artificial Intelligence (COM(2018) 795 final). European Commission Website. https://ec.europa.eu/knowledge4policy/publication/coordinated-plan-artificial-intelligence-com2018-795-final_en. Accessed 16 March 2020.
European Innovation Council (2020) €2 billion to fast forward the creation of the European Innovation Counci. European Commission Website. https://ec.europa.eu/commission/news/european-innovation-council-2019-mar-18_en. Accessed 16 March 2020.
High-Level Expert Group on Artificial Intelligence (2019a) Ethics guidelines for trustworthy AI. European Commission Website. https://ec.europa.eu/futurium/en/ai-alliance-consultation/guidelines. Accessed 16 March 2020.
European Commission (2020a, b) White Paper on artificial intelligence—a European approach to excellence and trust COM(2020) 65 final. European Commission Website. https://ec.europa.eu/info/files/white-paper-artificial-intelligence-european-approach-excellence-and-trust_en. Accessed 16 March 2020.
European Commission (2020a, b) Report from the commission to the European Parliament, the council and the European Economic And Social Committee Report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics COM/2020/64 final. European Parliament Website. https://ec.europa.eu/info/files/commission-report-safety-and-liability-implications-ai-internet-things-and-robotics_en. Accessed 16 March 2020.
European Commission (2020a, b) Communication from the commission to the European Parliament, the council, the European economic and social committee and the committee of the regions. A European strategy for data COM(2020) 66 final. European Commission Website. https://ec.europa.eu/info/sites/info/files/communication-european-strategy-data-19feb2020_en.pdf. Accessed 16 March 2020.
European Commission (2020b) Communication: Shaping Europe’s digital future. European Commission Website https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en. Accessed 16 March 2020.
Directive 1999/34/EC of the European Parliament and of the Council of 10 May 1999 amending Council Directive 85/374/EEC on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products. OJ L 141, 4.6.1999, p. 20–21.
Article 8 of Charter of Fundamental Rights of the European Union reads: “(1) Everyone has the right to the protection of personal data concerning him or her. (2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (3) Compliance with these rules shall be subject to control by an independent authority.“
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 4.5.2016, pp. 1–88.
Article 1 (3) GDPR.
Article 1 (1) GDPR.
Recitals 5 and 6 GDPR.
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. OJ L 119, 4.5.2016, p. 89–131.
ENISA is dealing also with specific issues of AI cybersecurity, in particular by providing security recommendations for the foreseen challenges via Ad Hoc Working Group. ENISA Website. https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/artificial_intelligence/. Accessed 29 October 2020.
The communication emphasizes the need to ensure that AI products and services comply with safety standards and rules, as well as safety at the design stage. See European Commission (2018a) Communication from the commission to the European Parliament, the European council, the council, the European economic and social committee and the committee of the regions artificial intelligence for Europe. {SWD(2018) 137 final}, p. 5. European Commission Website. https://ec.europa.eu/transparency/regdoc/rep/1/2018/EN/COM-2018-237-F1-EN-MAIN-PART-1.PDF. Accessed 16 March 2020.
Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. OJ L 303, 28.11.2018, p. 59–68.
See Articles 12–14 GDPR concerning individual rights of data subjects.
(1) Human agency and oversight, (2) technical robustness and safety, (3) privacy and data governance, (4) transparency, (5) diversity, non-discrimination and fairness, (6) societal and environmental wellbeing, (7) accountability. High-Level Expert Group on Artificial Intelligence (2019a) Ethics Guidelines For Trustworthy AI, pp. 15–16. European Commission Website. https://ec.europa.eu/futurium/en/ai-alliance-consultation/guidelines. Accessed 16 March 2020
See Article 9 (1) GDPR.
References
Adalian J (2018) Inside the binge factory. Vulture. https://www.vulture.com/2018/06/how-netflix-swallowed-tv-industry.html. Accessed 16 Mar 2020
Andraško J (2018) Zákon o kybernetickej bezpečnosti - riešenie otázky kybernetickej bezpečnosti v Slovenskej republike? In: Míľniky práva v stredoeurópskom priestore, Bratislava: Právnická fakulta, pp 240–251
Bradford A (2012) The brussels effect. Northwest Univ Law Rev 107:1–68
Brey P (1992) Ethics of socially disruptive technologies. In: Ayres I, Braithwaite J (eds) Responsive regulation: transcending the deregulation debate. Oxford University Press, Oxford
Brkan M (2017) The Court of Justice of the EU, Privacy and Data Protection: Judge-made law as a leitmotif in fundamental rights protection. In: Brkan M, Psychogiopoulou E (eds) Courts, privacy and data protection in the digital environment. Edward Elgar Publishing, Cheltenham, pp 10–31
Brkan M (2018) Do algorithms rule the world? Algorithmic decision-making in the framework of the GDPR and beyond. Int J Law Inf Technol 27(2):91–121. https://doi.org/10.1093/ijlit/eay017
Datatylsinet (2018) Artificial intelligence and privacy report. Datatylsinet. https://www.datatilsynet.no/globalassets/global/english/ai-and-privacy.pdf. Accessed 16 Mar 2020
Directive 1999/34/EC of the European Parliament and of the Council of 10 May 1999 amending Council Directive 85/374/EEC on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products. OJ L 141, 4.6.1999, pp 20–21
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). OJ L 201, 31.7.2002, pp 37–47
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. OJ L 119, 4.5.2016, pp 89–131
ENISA (2020). https://www.enisa.europa.eu/topics/iot-and-smart-infrastructures/artificial_intelligence/. Accessed 29 Oct 2020
European Commission (2018a) Communication from the commission to the European Parliament, the European Council, the council, the European economic and social committee and the committee of the regions artificial intelligence for Europe. {SWD(2018) 137 final}. European Commission. https://ec.europa.eu/transparency/regdoc/rep/1/2018/EN/COM-2018-237-F1-EN-MAIN-PART-1.PDF. Accessed 16 Mar 2020
European Commission (2018b) Coordinated plan on artificial intelligence (COM(2018) 795 final). European Commission. https://ec.europa.eu/knowledge4policy/publication/coordinated-plan-artificial-intelligence-com2018-795-final_en. Accessed 16 Mar 2020
European Commission (2020a) Communication from the commission to the European Parliament, the council, the European Economic and Social Committee and the committee of the regions a European strategy for data COM (2020) 66 final. European Commission. https://ec.europa.eu/info/sites/info/files/communication-european-strategy-data-19feb2020_en.pdf. Accessed 16 Mar 2020
European Commission (2020b) Communication: Shaping Europe’s digital future. European Commission. https://ec.europa.eu/info/files/communication-shaping-europes-digital-future_en. Accessed 16 Mar 2020
European Commission (2020c) European legislation on open data and the re-use of public sector information. https://ec.europa.eu/digital-single-market/en/european-legislation-reuse-public-sector-information. Accessed 16 Mar 2020
European Commission (2020d) General product safety directive. https://ec.europa.eu/info/general-product-safety-directive_en. Accessed 16 Mar 2020
European Commission (2020e) Report from the commission to the European Parliament, the council and the European Economic and Social Committee report on the safety and liability implications of Artificial Intelligence, the Internet of Things and robotics COM/2020/64 final. European Parliament. https://ec.europa.eu/info/files/commission-report-safety-and-liability-implications-ai-internet-things-and-robotics_en. Accessed 16 Mar 2020
European Commission (2020f) White Paper on artificial Intelligence—a European approach to excellence and trust COM(2020) 65 final. European Commission. https://ec.europa.eu/info/files/white-paper-artificial-intelligence-european-approach-excellence-and-trust_en. Accessed 16 Mar 2020
European Data Protection Board (2018) Guidelines on the right to data portability under regulation 2016/679, WP242 rev.01. European Data Protection Board. http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611233. Accessed 20 Oct 2020
European Economic and Social Committee (2018a) Trust, privacy and security for consumers and businesses in the Internet of Things (IoT). European Economic and Social Committee. https://www.eesc.europa.eu/en/our-work/opinions-information-reports/opinions/trust-privacy-and-consumer-security-internet-things-iot-own-initiative-opinion. Accessed 20 Oct 2020
European Economic and Social Committee (2018b) Artificial intelligence: anticipating its impact on work to ensure a fair transition. European Economic and Social Committee. https://www.eesc.europa.eu/en/our-work/opinions-information-reports/opinions/artificial-intelligence-anticipating-its-impact-jobs-ensure-fair-transition-own-initiative-opinion. Accessed 20 Oct 2020
European Economic and Social Committee (2018c) Artificial intelligence—the consequences of artificial intelligence on the (digital) single market, production, consumption, employment and society. European Economic and Social Committee. https://www.eesc.europa.eu/en/our-work/opinions-information-reports/opinions/artificial-intelligence-consequences-artificial-intelligence-digital-single-market-production-consumption-employment-and. Accessed 20 Oct 2020
European Economic and Social Committee (2019) Opinion: coordinated plan on the development of artificial intelligence in Europe, European Economic and Social Committee. https://ec.europa.eu/futurium/en/european-ai-alliance/official-documents-and-reports?fbclid=IwAR1hHDvZfbWlaXA7C7pHEvoyyRJHrAzqTmW9POZTjdwZAaarZBseqE7I4Gg. Accessed 20 Oct 2019
European Group on Ethics in Science and New Technologies (2018) Statement on artificial intelligence, robotics and autonomous systems. European Commission. http://ec.europa.eu/research/ege/pdf/ege_ai_statement_2018.pdf. Accessed 20 Oct 2020
European Innovation Council (2020) €2 billion to fast forward the creation of the European Innovation Council. European Commission. https://ec.europa.eu/commission/news/european-innovation-council-2019-mar-18_en. Accessed 16 Mar 2020
European Parliament (2017) European Parliament resolution of 16 February 2017 with recommendations to the Commission on Civil Law Rules on Robotics. European Parliament. https://www.europarl.europa.eu/doceo/document/TA-8-2017-0051_EN.html. Accessed 16 Mar 2020
Fernicola G (2020) Once upon a time in cyberspace: a grim reality about the dangers of cyberwarfare. Int Comp Law Rev 20(2):77–96. https://doi.org/10.2478/iclr-2020-0004
Funta R (2019) Dešifrovanie človeka umelou inteligenciou. Justičná revue 71(3):249–261
High-Level Expert Group on Artificial Intelligence (2019a) Ethics guidelines for trustworthy AI. European Commission. https://ec.europa.eu/futurium/en/ai-alliance-consultation/guidelines. Accessed 16 Mar 2020
High-Level Expert Group on Artificial Intelligence (2019b) A definition of AI: main capabilities and disciplines. European Commission. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=60651. Accessed 16 Mar 2020
Kasper A, Krasznay C (2019) Towards pollution-control in cyberspace: problem structure and institutional design in international cybersecurity. Int Comp Law Rev 19(2):76–96. https://doi.org/10.2478/iclr-2019-0015
Kerikmäe T, Müürsepp P, Hamuľák O et al (2020) Legal person- or agenthood of artificial intelligence technologies. Acta Baltica Historiae et Philosophiae Scientiarum 8(2):54–74. https://doi.org/10.11590/abhps.2020.2.12
Kuner Ch et al (2017) Machine learning with personal data: is data protection law smart enough to meet the challenge? Int Data Priv Law 7(1):1–2. https://doi.org/10.1093/idpl/ipx003
Kokott J, Sobotta Ch (2013) The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR. Int Data Priv Law 3(4):222–228. https://doi.org/10.1093/idpl/ipt017
Line MB et al (2006) Safety vs. security? In: Proceedings of the 8th international conference on probabilistic safety assessment and management May 14–18, New Orleans, Louisiana, USA
Lynskey O (2016) The foundations of EU data protection law. Oxford University Press, Oxford
Mesarčík M (2019) Policajné profilovanie v kontexte základných ľudských práv a slobôd. Acta Facultatis Iuridicae Universitatis Comenianae 38(2):178–226
Mitrou L (2019) Data protection, artificial intelligence and cognitive services. Is the general data protection regulation (GDPR) „Artificial Intelligence-proof? Academia.edu. https://www.academia.edu/38882412/DATA_PROTECTION_ARTIFICIAL_INTELLIGENCE_AND_COGNITIVE_SERVICES_IS_THE_GENERAL_DATA_PROTECTION_REGULATION_GDPR_ARTIFICIAL_INTELLIGENCE_PROOF_. Accessed 26 Mar 2020
Rabinská I (2019) Preservation and rendition of computer data in Slovak criminal procedure code. Int Comp Law Rev 19(2):285–299. https://doi.org/10.2478/iclr-2019-0025
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). OJ L 119, 4.5.2016, pp 1–88
Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union. OJ L 303, 28.11.2018, pp 59–68
Robins M (2020) The difference between artificial intelligence, machine learning and deep learning. Intel. https://www.intel.com/content/www/us/en/artificial-intelligence/posts/difference-between-ai-machine-learning-deep-learning.html. Accessed 16 Mar 2020
Sajfert J Quintel, T (2017) Data Protection Directive (EU) 2016/680 for Police and Criminal Justice Authorities (December 1, 2017). SSRN. https://ssrn.com/abstract=3285873. Accessed 16 Mar 2020
Solove D (2008) Understanding privacy. Harvard University Press, Cambridge
Wachter S, Mittelstadt, B, Russel C (2017a) Counterfactual explanations without opening the black box: automated decisions and the GDPR
Wachter S, Mittelstadt B, – Floridi, L. (2017) Why a right to explanation of automated decision-making does not exist in the general data protection regulation. Int Data Priv Law 7(2):76–99
Warren S, Brandeis D (1890) The right to privacy. Harvard Law Rev 4(5):193–220
White House Executive Office of the President National Science and Technology Council Committee on Technology (2016) Preparing for the future of artificial intelligence. Obama White House. https://obamawhitehouse.archives.gov/sites/default/files/whitehouse_files/microsites/ostp/NSTC/preparing_for_the_future_of_ai.pdf. Accessed 16 Mar 2020
Funding
Jozef Andraško participated on the creation of this paper on behalf of Jean Monnet Network Project 611293-EPP-1-2019-1-CZ-EPPJMO-NETWORK “European Union and the Challenges of Modern Society”. Ondrej Hamuľák participated on the creation of this paper on behalf of project no. 20-27227S “The Advent, Pitfalls and Limits of Digital Sovereignty of the European Union” funded by the Czech Science Foundation (GAČR).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Not applicable.
Code availability
Not applicable.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Andraško, J., Mesarčík, M. & Hamuľák, O. The regulatory intersections between artificial intelligence, data protection and cyber security: challenges and opportunities for the EU legal framework. AI & Soc 36, 623–636 (2021). https://doi.org/10.1007/s00146-020-01125-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00146-020-01125-5