Legislative and enforcement developments concerning artificial intelligence (AI) have received considerable attention recently: first, the data protection authority procedure initiated in Italy concerning ChatGPT (which also resulted in the temporary suspension of the service in Italy) received a lot of attention, and then, the approval of the draft EU AI Act by the competent committees of the European Parliament may have attracted more widespread attention.
On 11 May, the competent committees of the European Parliament voted in favour of the EU's draft regulation on artificial intelligence, so the vote will soon (expected in mid-June) also take place in the plenary session of the European Parliament. If the European Parliament's plenary approves the draft, the next step could be conciliation between Parliament and the Council, or - informal - trilogue, when Parliament, the Council and the Commission negotiate to adopt the final version of the legislation. The text negotiated by the parties can then be finally adopted. The final AI Act is expected to be adopted in the first half of 2024. (The text approved by parliamentary committees is available here.)
It is important to point out that the planned artificial intelligence regulation is not based on one pillar, i.e. it is not based solely on the application of data protection rules in connection with AI, but takes into account many more aspects. However, it is also worth noting that, in the absence of AI-specific rules, the application of data protection rules (primarily, the requirements set out in the GDPR) to AI-based technologies plays a prominent role for the time being (see the events surrounding ChatGPT). Although the suspension of ChatGPT in Italy was perhaps the first data protection procedure involving AI to attract the attention of the wider public (also outside Italy), due to the high interest surrounding ChatGPT, it was by no means the first time that AI-based data processing has been targeted by a data protection authority. Below I have collected cases (basically from the EU) that examined the application of artificial intelligence in a data protection context.