GDPR fines are almost never paid, will the AI Act be different?

Trending 3 weeks ago
EU
Image credit: Pixabay (Image credit: Pixabay)

Anyone who’s been successful a customer facing domiciled successful nan past 5 years aliases truthful should beryllium successful immoderate measurement acquainted pinch General Data Protection Regulation (GDPR) and really it shapes nan measurement organizations grip customer information. Well, from 2026, caller EU regularisation - nan AI Act will travel into force, and it’s making immoderate firms anxious.

But it shouldn't. Or astatine least, that’s what this information privateness master said. Speaking astatine nan caller ISACA convention successful Dublin, Dr Valerie Lyons - writer of The Privacy Leader, shared her thoughts connected nan caller regulations and nan changes they mightiness bring.

“I don't really spot that overmuch further successful nan AI enactment to what GDPR already provides. The principles are precisely nan same, principles of transparency, security, and consent” she said.

It's nan thought that counts

There’s a important overlap betwixt nan 2 pieces of legislation, mostly owed to nan extended magnitude of information that AI systems shop and process, and because nan AI Act uses a very wide meaning of Artificial Intelligence.

GDPR compliance is not an nonstop science, she explains, and it’s apt nan AI Act will usage akin “principles of necessity and proportionality”, Lyons says.

It’s important to understand nan discourse and intentions down nan regulations, noting, “If I look backmost to GDPR, Giovanni Buttarelli, who's benignant of begetter of GDPR, he said that you tin adhere to nan tone of nan law, aliases nan missive of nan law. If we adhere to nan missive of nan rule of GDPR, it will ne'er work. You must adhere to nan tone of nan law”

Speakers astatine ISACA conference

(Image credit: Future)

Who's paying?

We perceive a batch astir firms being handed giant fines for non-compliance of nan GDPR, but we’re not getting nan afloat story, Lyons suggests.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

“You know, nan fines, they're not moving because really nary one's paying them, truthful nan exchequer isn't moreover getting nan money," she says. "I mean, it looks to everybody successful Europe, like, Ireland should person a full big of money, but 1% of fines [have been collected]”

Although Ireland’s Data Protection Commission has famously handed retired billions of euros worthy of fines, less than 1% of these person really been collected acknowledgment to appeals processes.

Even then, these fines aren’t hurting nan companies nan measurement nan statistic would suggest, and it’s usually nan payer who ends up retired of pocket.

“Who pays for nan DPC to spell to these courts- nan exchequer," says Lyons.

"So fundamentally nan taxation man keeps connected paying. Tusla, for example, nan Irish kid protection agency was fined 75k 4 years agone - they paid nan good and nan exchequer yet paid that good retired excessively - arsenic it’s a authorities agency funded by nan taxpayer, she told TechRadar Pro.

It’s looking apt nan AI Act will beryllium regulated by nan aforesaid organization, nan Data Protection Commission, which Lyons describes arsenic having ‘no teeth’ - suggesting nan deficiency of travel done could proceed pinch nan caller regulations.

So what does nan AI Act mean for companies successful nan coming months arsenic nan caller regulations travel in?

For smaller businesses, astir are deployers of AI (I.e. providing AI systems for users), arsenic opposed to distributors aliases developers.

“Their adjacent measurement is simple. Do a spread analysis. Using standards for illustration ISO aliases NIST will beryllium really adjuvant successful this respect and tin supply a robust system roadmap to adjacent steps. Often smaller companies kick astir nan costs nevertheless NIST standards are freely available.“ Lyons told us.

Adhering to GDPR is already a bully first step, truthful create connected AI argumentation and instrumentality it - and make judge to behaviour AI literacy training earlier February 2025. Make judge to update each ROPA notices, policies, and DPIAs pinch nan AI system.

“After that it’s a matter of ensuring location is simply a robust process successful spot to show nan preamble of AI systems into nan organization," Lyons reassured.

More from TechRadar Pro

  • Check retired our prime of nan best endpoint protection software
  • Many UK workers still aren't utilizing AI astatine activity
  • Take a look astatine our best malware removal software choices

Ellen has been penning for almost 4 years, pinch a attraction connected post-COVID argumentation whilst studying for BA Politics and International Relations astatine nan University of Cardiff, followed by an MA successful Political Communication. Before joining TechRadar Pro arsenic a Junior Writer, she worked for Future Publishing’s MVC contented team, moving pinch merchants and retailers to upload content.

More
Source Technology
Technology