The CNIL gives its opinion on the proposed European regulation on artificial intelligence

0
The CNIL gives its opinion on the proposed European regulation on artificial intelligence

The European Commission’s proposed regulation on artificial intelligence is still in the news more than two and a half months after its official announcement. During the month of June, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted an opinionon this new legislation. A point of view that has also been taken up by the French National Commission for Information Technology and Civil Liberties (CNIL), which in parallel has identified four “fundamental” points in the implementation of a European regulation on AI.

First point: broaden the scope of prohibited AI systems and clarify their definition

This first point is fully aligned with the opinion expressed by the EDPS and the EDPB on the need to broaden the scope of prohibited AI systems and to clarify their definition. The CNIL refers to the “extremely high risks posed by biometric identification in the public space”. At present, regulations prohibit them except in certain specific cases.

The national commission wants these exceptions to be removed and biometric systems used to classify individuals (on the basis of their supposed ethnicity, gender, sexual or political orientation, etc.) to be banned altogether, under Article 21 of the European Union’s Charter of Fundamental Rights.

Systems used for social rating are also called to be banned, as well as AI systems to deduce a person’s emotions, but for this last case, the CNIL wants to make an exception for its use in very specific cases, such as certain health purposes.

Second point: be in line with the General Data Protection Regulation (GDPR)

Data protection authorities across Europe, of which the CNIL is a part, have appreciated the approach taken by the European Commission to classify AI systems according to levels of risk. However, these authorities have put their finger on the so-called “high-risk” AI tools that would be “in the overwhelming majority of cases called upon to exploit personal data”.

This exploitation implies, according to the CNIL, a major issue of articulation of the European Commission’s regulation with the RGPD and the “Police-Justice” directive. It should be noted that the CNIL makes it clear that even if a system is classified as “high-risk”, this does not mean that its use is authorised in all cases: the French authority wants these systems to be able to comply with the legal obligations linked to the legislation already in place in the EU for entry into the European market as a product bearing the CE mark.

Third point: The governance of artificial intelligence

The future European Artificial Intelligence Committee is an aspect that has been raised by the CNIL. The latter would like its governance to be spelled out, both to guarantee its independence, but also to strengthen its powers, with the aim of exercising real control, as when AI systems are set up on a European scale.

For the CNIL and its European counterparts, all of them should be designated as national supervisory authorities for artificial intelligence, which according to them, “would facilitate the proper implementation of the future regulation on AI and the constitution of a European ecosystem of artificial intelligence favorable to innovation”. They clarify their idea by highlighting four aspects:

  • In France, the CNIL already regulates AI systems involving personal data.
  • The implementation of a proposed regulation of the ambition of the European Commission’s requires “a competent and experienced regulator”.
  • Avoiding multiple controls or coordinating different implementations in each Member State in order to provide a coherent framework and a clearly identified interlocutor for professionals, thus minimising legal uncertainty and administrative complexity.
  • The implementation of the AI regulation “invests the European Data Protection Supervisor with the power of competent authority with regard to AI systems implemented by the European institutions and agencies.”

Fourth point: focus on innovation

Apart from the cases that are prohibited and that it wishes to ban, the CNIL hopes that the proposed regulation will support innovation and the design of AI systems that comply with European values and principles. Linked to the previous point on governance, regulators want support measures (such as regulatory sandboxes) to be implemented by the relevant national authorities.

Moreover, the CNIL specifies that it already has the mission, in France, to accompany AI professionals, and in particular the most innovative players, towards the path of compliance. According to her, this skill will be necessary for the future AI regulator. To finish, the latter mentioned some of its actions to support innovation such as the implementation of its first call “sandbox” personal data, thematic workshops or webinars, developed its digital innovation laboratory and contributes to the support of the French Tech since 2014.

Translated from La CNIL donne son avis sur la proposition de règlementation européenne sur l’intelligence artificielle