Strasbourg

On the occasion of Data Protection Day on 28 January, the Consultative Committee of the Convention for the Protection of Individuals with regard to the Processing of Personal Data (Convention 108) has published Guidelines on Artificial Intelligence and Data Protection.

The guidelines aim to assist policy makers, artificial intelligence (AI) developers, manufacturers and service providers in ensuring that AI applications do not undermine the right to data protection.

They address the new challenges induced by the development of AI that need to be faced. As the Convention’s Committee stated in a report prepared by Alessandro Mantelero, “personal data have increasingly become both the source and the target of AI applications”. Furthermore, the latters are “largely unregulated and often not grounded on fundamental rights”. The adoption of a legal framework by the Council of Europe aims thus “to favour the development of technology grounded on these rights” and which are “not merely driven by market forces or high-tech companies”.

The Convention's Committee underlines that the protection of human rights, including the right to protection of personal data, should be an essential pre-requisite when developing or adopting AI applications, in particular when they are used in decision-making processes, and be based on the principles of the updated data protection convention, Convention 108 +, opened for signature in October 2018.

In addition, any innovation in the field of AI should pay close attention to avoiding and mitigating the potential risks of processing of personal data, and should allow meaningful control by data subjects over the data processing and its effects.

These guidelines about AI refer to important issues previously identified in the Guidelines on the Protection of Individuals with regard to the Processing of Personal Data in a World of Big Data and to the necessity “to secure the protection of personal autonomy based on a person’s right to control his or her personal data and the processing of such data, the nature of this right to control should be carefully addressed” in this context.