The contribution considers specific challenges that arise from a parallel applicability of AI and Data Protection Law regarding the European Commission’s Proposal for a Regulation laying down harmonised rules on Artificial Intelligence (AI Act) and the EU General Data Protection Regulation (GDPR). The legal analysis is based on a consideration of overlapping regulatory objectives and subject matters, with at the same time fundamentally different regulatory concepts and conflicting regulatory goals in concrete terms. Taking an example of the providers’ obligations to assure accuracy of the system and to make sure that training, validation and testing data sets are relevant, representative, free of errors and complete on the one hand and the limitations on processing personal data due to the data minimisation principle on the other, this article highlights that legal provisions from the AI Act and the GDPR must be interpreted and applied in accordance with their respective regulatory goals, but with consideration for each other. From that it is deduced that a coherent, and thus efficient, application of both legal acts depends on a substantive balance in areas of tension between AI regulation and data protection law. The author argues that the balancing is an essential matter and that the mere coexistence of AI and Data Protection Law as provided for in the Commission’s proposal does not suffice.
Keywords: Product Safety Law | Data Minimisation | Accuracy | Data Governance | Harmonised Standards