Lexicon > Artificial intelligence

IT Glossary

Artificial intelligence

Artificial intelligence refers to the intelligence demonstrated by machines, as opposed to the natural intelligence demonstrated by humans and animals.

We therefore speak of artificial intelligence when machines perform tasks that call for human intelligence or when the operation of a system is considered “intelligent” by humans.

Artificial intelligence is a major component of the growing digitization of society and thus holds great potential for growth and innovation.

The concept of artificial intelligence includes many methods and subfields of research, such as machine learning, which allows computers to learn autonomously to make predictions in new situations by learning from past experiences.

Artificial intelligence can thus be used in profiling operations.

The quantity of data, and in particular personal data, being decisive for the quality of an artificial intelligence, in particular in the context of the automatic learning of a system, the advent of Big Data contributes to its development and its quality.

The European Commission is thus promoting the development of trustworthy artificial intelligence with the following three main characteristics:

  • Lawful – by ensuring compliance with applicable laws and regulations, and in particular the GDPR whenever personal data is processed;
  • Ethics – ensuring adherence to ethical principles and values consistent with that of a democratic society;
  • Robust – limiting unintended technical, social and environmental harm.

Indeed, if artificial intelligence can be at the service of humanity and the common good with the objective of improving the well-being and freedom of human beings, it presents significant risks for rights and freedoms that must be prevented and reduced.

GDPR Point

“In order to ensure fair and transparent processing in respect of the data subject, taking into account the specific circumstances and context in which the personal data are processed, the controller should use adequate mathematical or statistical procedures for profiling, apply appropriate technical and organizational measures to ensure, in particular, that factors leading to errors in the personal data are corrected and the risk of error is minimized, and to secure personal data in a way that takes into account the risks to the interests and rights of the data subject and prevents, inter alia, discriminatory effects on natural persons based on racial or ethnic origin, political opinions, religion or belief, trade union membership, genetic or health status, or sexual orientation, or which result in measures having such an effect. Automated decision making and profiling based on particular categories of personal data should only be allowed under specific conditions.”

Recital 39, second paragraph, of the GDPR

Point of jurisprudence

The Spanish supervisory authority was able to consider that “There are several studies in the context of facial recognition […] that refer to the high error rates in certain assumptions inherent to the emerging technology and the low datification of the artificial intelligence systems applied. In this sense, the great demand for data to feed this type of software, makes it necessary to take measures, at least technical, to avoid undue transfers and, in particular, possible international transfers that will allow in the future the identification of the data subject in environments and for purposes very different from the initial ones.”

Agencia Española de Protección de Datos, July 23, 2021, N° PS/00120/2021

The Bouchara firm assists you in particular in :

  • Making your organization GDPR compliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.