On 17 July 2024, the EDPB adopted a statement on the data protection authorities’ (DPAs) role in the AI Act framework.
The EDPB acknowledges the importance of the DPAs’ role in relation to the oversight of the development and use of AI and recommends/acknowledges that:
- The DPAs should be designated Market Surveillance Authorities (MSAs) (national authorities which ensure that products on the market conform to the applicable laws and regulations) for high-risk AI systems, particularly where those high-risk AI systems are in sectors likely to impact natural persons’ rights and freedoms with regard to the processing of personal data.
- The DPAs should be designated as single points of contact for the public and counterparts at Member State and Union levels.
- There is a need for sound cooperation between MSAs and the other entities which are tasked with the supervision of AI systems and clear procedures have to be provided for in this regard to prevent inconsistencies in decisions by different authorities.
- Member States need to provide human and financial resources to allow for the new tasks and powers to be performed/exercised.
- There is a need to set out how the AI Office and the DPAs and EDPB will coordinate.
- The DPAs and European Data Protection Supervisor cannot help but be involved in matters where personal data is involved.
- There is a need for the European Commission and the EU AI Office to cooperate with the national DPAs and the EDPB, and a need to establish, in agreement with them, the appropriate mutual cooperation.
The full document can be found here.