“Artificial intelligence is a challenge for GDPR. Especially when it uses people’s data.” Max Schrems is one of Europe’s leading privacy activists. He is the founder of Noyb, a non-profit that deals with online privacy protection. And he does not hide his fears about the use of AI for the collection and use of personal data. “When the AI Act comes into force we will see what the consequences of European regulation will be on this sector, but at the moment there is the GDPR – the European law on privacy, ed. – and from this point of view it will be necessary to understand whether it will be given to individual EU citizens the possibility of having a copy of their data present in the system. That is, if I type “Who is Max Schrems” into the system I will have an answer, and that answer is made up of data that must be accessed in some way. This raises a further question: in case of a wrong answer, will it be possible to correct it?”, he explains in an interview with our newspaper.
Artificial intelligence Stealing data from ChatGPT, using ChatGPT: this is how AI reveals names, surnames, faces and addresses of people by Emanuele Capone 03 December 2023
According to the activist, it is important that this innovation goes hand in hand with respect for fundamental rights. Because “If you can’t change that data once the AI system is trained, then you can’t use it.” Open questions. In conversation in Matteo Flora’s “Hello Internet” format, Schrems underlines another aspect of the issue: “I think we need to move away from the narrative that the use of more and more personal data for business is ‘innovative’. The GDPR can be seen as building regulations: it simply states things like ‘how high you can build’, but mainly ensures that buildings don’t collapse.”
Open questions. Which will receive definitive answers – perhaps – after the AI Act is applied. But Schrems is best known for having initiated a lawsuit against Meta after the revelations of Edward Snowden, who accused the American company of transferring the data of European citizens to the United States to power the service surveillance apparatus. Schrems, a lawyer, denounced Meta for failing to protect that personal data. The controversy ended with the ruling of the Irish Guarantor last May 2023, which fined Meta 1.2 billion. Meta has in the meantime implemented a paid service to prevent its data from ending up fueling advertisers’ advertising.
For Schrems the move is of little use. Not for the purposes of the right to privacy. Indeed: “With Facebook’s proposal, if, for example, you have a Facebook and Instagram account together on your phone, you will pay around 20 euros a month, equal to around 250 euros a year, just for not agreeing to something. This is a lot of money, and if you consider that you have 35 applications, it comes to around 8,000 euros per year for not giving consent. And if you don’t think about, I don’t know, having a family of four, you will find yourself with 36,000 euros a year. So, long story short, these are numbers where consent is probably no longer given freely, because the amount to be paid is extremely high.”