This document is an excerpt from the EUR-Lex website
Document 52020XX1117(01)
Summary of the Opinion of the European Data Protection Supervisor on the European Commission’s White Paper on Artificial Intelligence – A European approach to excellence and trust (The full text of this Opinion can be found in English, French and German on the EDPS website www.edps.europa.eu) 2020/C 392/03
Summary of the Opinion of the European Data Protection Supervisor on the European Commission’s White Paper on Artificial Intelligence – A European approach to excellence and trust (The full text of this Opinion can be found in English, French and German on the EDPS website www.edps.europa.eu) 2020/C 392/03
Summary of the Opinion of the European Data Protection Supervisor on the European Commission’s White Paper on Artificial Intelligence – A European approach to excellence and trust (The full text of this Opinion can be found in English, French and German on the EDPS website www.edps.europa.eu) 2020/C 392/03
IO C 392, 17.11.2020, pp. 3–5
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
|
17.11.2020 |
EN |
Official Journal of the European Union |
C 392/3 |
Summary of the Opinion of the European Data Protection Supervisor on the European Commission’s White Paper on Artificial Intelligence – A European approach to excellence and trust
(The full text of this Opinion can be found in English, French and German on the EDPS website www.edps.europa.eu)
(2020/C 392/03)
Executive summary
On 19 February 2020, the European Commission published a White Paper on ‘Artificial Intelligence: A European approach to excellence and trust’. It is part of a wider package of strategic documents, including also a Communication on ‘A European strategy for data’.
The aim of the White Paper is twofold: setting out policy options to promote the uptake of Artificial Intelligence (‘AI’) and to address ‘the risks associated with certain uses of this new technology’. To achieve such goals, the White Paper proposes a set of actions to foster the development and the adoption of AI and a new regulatory framework that would address concerns specific to AI that the current framework may not address.
This Opinion presents the EDPS views on the White Paper as a whole, as well as on certain specific aspects, such as the proposed risk-based approach, the enforcement of AI regulation or the specific requirements for the remote biometric identification (including facial recognition).
The EDPS acknowledges AI’s growing importance and impact. However, AI comes with its own risks and is not a ‘silver bullet’ that will solve all problems. Benefits, costs and risks should be considered by anyone adopting a technology, especially by public administrations who process great amounts of personal data.
The EDPS very much welcomes the White Paper’s numerous references to a European approach to AI, grounded in EU values and fundamental rights and the consideration given to the need for compliance with the European data protection legislation.
Hence, the aim of the recommendations in this Opinion is to clarify and, where necessary, further develop the safeguards and controls with respect to protection of personal data, taking into consideration the specific context of AI.
To this end, the EDPS recommends in particular that any new regulatory framework for AI:
|
— |
applies both to EU Member States and to EU institutions, offices, bodies and agencies, |
|
— |
is designed to protect from any negative impact, not only on individuals, but also on communities and society as a whole, |
|
— |
proposes a more robust and nuanced risk classification scheme, ensuring any significant potential harm posed by AI applications is matched by appropriate mitigating measures, |
|
— |
includes an impact assessment clearly defining the regulatory gaps that it intends to fill, |
|
— |
avoids overlap of different supervisory authorities and includes a cooperation mechanism. |
Regarding remote biometric identification, the EDPS supports the idea of a moratorium on the deployment, in the EU, of automated recognition in public spaces of human features, not only of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, so that an informed and democratic debate can take place and until the moment when the EU and Member States have all the appropriate safeguards, including a comprehensive legal framework in place to guarantee the proportionality of the respective technologies and systems for the specific use case.
The EDPS remains at the disposal of the Commission, the Council and the European Parliament to provide further advice, and expects to be consulted in due course as foreseen in Article 42 of the Regulation (EU) 2018/1725. The comments in this Opinion are without prejudice to additional comments in the future on particular issues and/or if further information becomes available.
1. INTRODUCTION AND BACKGROUND
|
1. |
The Commission White Paper ‘On Artificial Intelligence– A European approach to excellence and trust’ (1) (‘the White Paper’) is part of the initiative No 10 (‘A European Approach to AI’) and falls under the ‘Chapter’‘A Europe Fit for the Digital Age’ of the Commission Work Programme 2020. |
|
2. |
The EDPS notes that the White Paper is closely linked to the ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – a European strategy for data’ (2) (‘the Data Strategy’), in relation to which the EDPS has adopted a separate Opinion (3). |
|
3. |
The EDPS was consulted by the Commission on 29 January 2020 on the draft of the White Paper and submitted preliminary informal comments. The EDPS welcomes the fact that his views have been sought at an early stage of the procedure and encourages the Commission to continue with this good practice. |
|
4. |
The White Paper is subject to public consultation. The objective of the consultation is to collect views on the White Paper as a whole, as well as on certain specific aspects. A similar public consultation had been launched on the European Commission’s Communication ‘A European strategy for data’. |
|
5. |
This opinion elaborates upon some of the EDPS’ informal comments and provides more targeted input to the European Commission in light of the public consultation. Furthermore, this opinion is without prejudice to any additional comments that the EDPS could make based on further available information at a later stage, including in the context of the future legislative consultations on the legal acts foreseen in the White Paper and Commission Work Programme. |
|
6. |
Although European Union institutions, bodies, offices and agencies are subject to the EUDPR instead of to the GDPR, both regulations pursue the same objectives and their principles are identical (4). To reflect this coherence, any reference to a GDPR provision in this opinion will also indicate the corresponding EUDPR provision in parentheses. |
|
7. |
In the interest of a coherent approach throughout the Union, the EDPS recommends that any new regulatory framework for AI applies both to EU Member States and to EU institutions, offices, bodies and agencies. Where Union institutions, bodies, offices and agencies make use of Artificial Intelligence (‘AI’), they should be subject to the same rules as those applying in EU Member States. |
3. CONCLUSIONS
|
77. |
The EDPS fully agrees with the Commissions in the need of a European approach to AI and very much welcomes in this regard the White Paper’s commitment to fundamental rights and European values. |
|
78. |
However, the EDPS is of the view that the proposals set out in the White Paper need further adjustments and clarifications in some relevant questions. Among the topics that would require more clarity in any future legislative proposal are the link between the risks posed by AI and the related legislative gaps, the risk-based approach applied to AI applications and the definition of AI itself that should allow clearly defining the scope of the proposed legislation. |
|
79. |
The EDPS recommends in addition that any new regulatory framework for AI:
|
|
80. |
Regarding remote biometric identification, the EDPS supports the idea of a moratorium on the deployment, in the EU, of automated recognition in public spaces of human features, not only of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, so that an informed and democratic debate can take place and until the moment when the EU and Member States have all the appropriate safeguards, including a comprehensive legal framework in place to guarantee the proportionality of the respective technologies and systems for the specific use case. |
|
81. |
If there would be a new legal framework as reflected in the White Paper and the Commission’s Work Programme, the EDPS will provide further advice to the Commission as foreseen in Article 42 of the EUDPR. |
Brussels, 29 June 2020.
Wojciech Rafał WIEWIÓROWSKI
(1) COM(2020) 65 final.
(2) COM(2020) 66 final.
(3) EDPS Opinion 3/2020 on the European strategy for data, https://edps.europa.eu/sites/edp/files/publication/20-06-16_opinion_data_strategy_en.pdf
(4) Whenever the provisions of Regulation (EU) 2018/1725 follow the same principles as the provisions of Regulation (EU) 2016/679, those two sets of provisions should, under the case law of the Court of Justice of the European Union be interpreted homogeneously, in particular because the scheme of the EDPR Regulation should be understood as equivalent to the scheme of the GDPR; see recital 5 EDPR, referring to ECJ judgment of 9 March 2010, European Commission v Federal Republic of Germany, Case C-518/07, ECLI:EU:C:2010:125 paragraph 28.