This article examines the overlaps between the AI Act and the GDPR, analysing their overall relationship, conceptual similarities and differences, as well as specific provisions in the AI Act that explicitly overlap with the GDPR. The primary focus of this article lies on AI data governance, with a detailed analysis of the requirements set out in Article 10 AI Act. This provision establishes quality criteria for data and data governance in high-risk AI systems that rely on training AI models with data. The article introduces a novel approach to understanding, interpreting, and applying these criteria in order to facilitate GDPR compliance. As a result, we propose a principles-based framework for AI data governance, categorising the quality criteria in Article 10 into three overarching principles: data accuracy, data transparency, and data fairness. To ensure practical quality assurance, providers of high-risk AI systems should adopt specific methods outlined in the AI Act, such as data-preparation processing operations and the processing of personal data for bias detection and correction. Finally, we propose a cycle-approach to AI data governance, aligning the requirements of Article 10 AI Act with the limitations imposed by the GDPR.
Holtz et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: