Digital Legal Lab

October 2021

Regulating data and AI:
EU’s digital economy & society
initiatives as one coherent system?

On 29 September 2021, the Digital Legal Lab research collaboration hosted a workshop on the AI Act and the regulatory coherence of EU initiatives concerning the digital economy and society.

Our starting point was the proposal for an EU Regulation laying down harmonised rules on AI (hereafter: AI Act), which was published earlier this year and puts forward “new rules and actions aiming to turn Europe into the global hub for trustworthy AI”. The proposal is part of a European approach to AI aiming to turn “the next 10 years into the Digital Decade”.

As such it will inevitably intersect with other pieces of legislation on all things digital, with a special focus on data and AI – be it by creating synergies, tensions or blind spots. How well do these initiatives fit together as pieces of a coherent system was therefore the main theme of this workshop, organised by Digital Legal Lab researchers Tjaša Petročnik, Inge Graef, and Frederik Zuiderveen Borgesius.

The overarching question was the following: How do the recent EU legislative initiatives concerning the digital economy and society, including the AI Act, the Digital Services Package, and the Data Governance Act among others, interact and fit together? Addressing this broad subject, the presenters in the three thematic sessions looked into various case studies and sectoral implications.

In the first session on data sharing, Inge Graef explored the alignment between the proposed Data Governance Act and Digital Markets Act in relation to data sharing services and the competitive advantages stemming from data. Thomas Tombal looked into data portability under the Digital Markets Act in relation to empowerment and (a detriment to) other individuals’ autonomy, pointing to high-risk systems under the AI Act.

Outlining sectoral insights in session two, Natali Helberger first discussed the role of AI (regulation) in journalism and media business models as it concerns the promotion of an independent and resilient European media landscape. Tjaša Petročnik assessed whether the regulatory framework for AI and medical devices sufficiently deals with the particular risks of/and harms posed by direct-to-consumer AI systems used for health purposes. Irene Kamara examined the emerging role of product conformity assessment in the proposed AI Act and reflected upon classifying AI as a product.

In the last session on data protection aspects, Marvin van Bekkum analysed whether we need a new exception for a ban on using special categories of data under the General Data Protection Regulation to prevent discrimination by AI. Bart van der Sloot concluded by looking at the case of deepfakes as regulated by the AI Act and how its approach relates to the General Data Protection Regulation, especially as regards manipulated content.

The workshop ended with a discussion among all present researchers, taking stock of the main outtakes of the presentations. As pointed out, the horizontal AI rules might apply and function differently within different sectors, areas, or cases, with various implications. Some debated whether the proposed initiatives reinforce already powerful parties, while others stressed the need to take the human, be it as a citizen or consumer ultimately affected by AI, more strongly into account. Considering that the regulatory framework applicable to data and AI continues to expand, ensuring complementarities and preventing undesirable fragmentation across legal fields is another area of attention.

As many of the mentioned initiatives still need to go through the regulatory process, this was obviously not the last conversation on how to regulate data and AI in the ‘digital decade’; yet, it raised some pertinent points that will shape (our) further research.

The workshop program