“Nowhere does the EDPB seem to check whether there is personal data of the provider of the AI model. It always assumes that it is, and only checks whether the anonymization has occurred and is sufficient,” writes Craddock. “If it is not enough, the SA will be in position to consider that the controller has failed to meet its accountability obligations under Article 5(2) GDPR.”
And in a comment on LinkedIn that has been very supportive of the standards group’s efforts, Patrick Rankine, CIO of UK AI vendor Aiphoria, said IT leaders should stop complaining and raise their AI game.
“For AI developers, this means that claims of anonymity must be substantiated with evidence, including the implementation of technical and organizational measures to prevent re-identification,” he wrote, noting that he agrees 100% with this idea. “This is not that difficult, and tech companies need to stop being lazy and looking for excuses. They want to do great things to build technology, but then they’re not going to worry about handling the data they need for their good technology with respect or responsibility.”
Source link