The European Data Protection Supervisor (EDPS) has issued guidance on the use of web scraping for training AI systems, emphasizing the need for compliance with EU data protection laws. Key points include:
Personal Data Processing
- Web Scraping Concerns: The EDPS warns against using web scraping to collect personal data without individuals' knowledge or consent, as it may violate their expectations and original data collection purposes.
- Compliance with Legislation: Even publicly available personal data is subject to EU data protection laws. Web scraping for AI training may not meet principles like data minimization and accuracy due to unreliable sources.
Legal Compliance
- Current Non-Compliance: AI companies are not adhering to GDPR Article 6, data subjects' rights, and other data protection principles.
- Need for Clarity: EU data protection authorities must decide whether:
- The GDPR fully applies to AI training, requiring adherence to all data protection rules and principles.
- A special interpretation of the GDPR is needed for AI training, specifying how it should be applied.
Uncertainty and Impact
- Uncertainty Issues: The lack of clear guidance creates uncertainty, affecting companies deploying AI who wish to comply with EU law.
- AI Act Requirements: High-risk AI systems must declare GDPR compliance (Annex V: EU Declaration of Conformity), making the current uncertainty problematic.
Call for Action
- Need for Firm Guidance: A definitive answer from the European Data Protection Board (EDPB) or the EDPS is crucial to resolve these issues.
The text underscores the urgent need for clear regulatory guidance on AI training and data protection to ensure compliance and reduce uncertainty for AI companies.
