The emergence of Black Box artificial intelligence poses fundamental challenges to data protection law, particularly with regard to digital sovereignty and the application of the General Data Protection Regulation (GDPR). These algorithmic systems, defined by their lack of transparency and the inability to explain automated decisions, significantly hinder the exercise of guaranteed rights such as data access, objection, and the right to contest automated decisions. Although the GDPR enshrines the principle of transparency and imposes clear obligations on data controllers, opaque AI systems jeopardize the informational autonomy of individuals. The CJEU ruling in the Nowak case reinforces the right to understand the decision-making logic of AI, but practical implementation remains difficult due to trade secret protections. In this context, an expanded legal framework is necessary—one that integrates explainability requirements and ethical accountability to ensure a balance between innovation and the protection of fundamental rights. Furthermore, the distinction between formal transparency and substantive explainability becomes critical in guaranteeing individuals' effective control over the data and decisions that affect them.
Andreea Buruiană (Mon,) studied this question.