Germany's data protection authorities also want to enforce the AI Act
Within 12 months of the AI Regulation taking effect, EU states must establish national supervision. Data protection authorities aim to lead this task.
(Bild: Chokniti Khongchum/Shutterstock.com)
The EU Parliament adopted a regulation on artificial intelligence (AI) systems in March following lengthy debates. The aim is to establish a uniform, horizontal legal framework for AI. This will prohibit dangerous practices such as the use of relevant techniques for social scoring, the indiscriminate collection of facial images from the internet, the exploitation of security gaps or human weaknesses and the manipulation of free will. The new regulations must be enforced nationally. To this end, the member states are to establish so-called market surveillance authorities. In Germany, the Federal and State Data Protection Conference (Datenschutzkonferenz, DSK) is throwing its hat into the ring.
In a position paper published on Wednesday, the DSK recommends appointing the Federal Data Protection Commissioner and the state data protection authorities for market surveillance under the AI Act. According to the DSK, the main argument in favor of this is that the AI Regulation already provides for sector-specific responsibilities of these supervisory authorities in numerous instances. This applies, for example, to the protection of core elements of the democratic order such as criminal prosecution, elections, border control and the administration of justice. To apply the requirements uniformly, it would therefore be best to transfer the national supervisory function as defined in the AI Act entirely to the local data protection officers.
"Advice and supervision from a single source"
The DSK emphasizes that these existing data protection authorities also have the necessary many years of experience in the areas of advice, complaint handling and cooperation at European level. There, they are represented in the European Data Protection Board (EDPB). In the future, a European Committee for AI will be established, where the Federal Data Protection Commissioner will speak on behalf of Germany. The procedure is similar to the Digital Services Act (DSA), where the Bundestag recently appointed a new independent body at the Federal Network Agency as the national coordinator for digital services. This regulatory authority is also being discussed for other tasks in the sense of a digital agency.
According to the DSK, individual areas such as motor vehicles, the financial sector or critical infrastructures (Kritis) are excluded. This concept could avoid duplicate structures and additional bureaucracy, the committee emphasizes. The data protection supervisory authorities are already responsible based on the General Data Protection Regulation (GDPR) in all cases in which AI systems process personal information. The additional task will enable "advice and supervision from a single source".
(ds)
