Don’t impede innovation with premature regs – Vos

Sir Geoffrey Vos said last night at the Law Society that the distinction between private law and regulation is already blurred.

Speaking at a European Law Institute seminar on AI at Blackhall Place (9 October) the British judge and Master of the Rolls said that the beneficial adoption of new technology should not be impeded by premature regulation before the dangers posed by those technologies are clearly understood.

He referred to banker Mario Draghi's competitiveness report last month, which warned that EU regulatory barriers constrain growth.

The EU now has around 100 tech-focused laws and over 270 regulators active in digital networks across all member states, the Draghi report states.

Many EU laws take a precautionary approach, dictating specific business practices ex ante to avert potential risks ex post, Draghi said.

Impediments must not be placed in the way of technologies that facilitate international commerce, Sir Geoffrey said.

Automated processing

Article 22 of the GDPR gives individuals the right not to be subjected to decisions based solely on automated processing, he said.

The 2023 ruling in the Schufa case clarified that credit agencies must comply with this regulation when using AI to assess creditworthiness.

This interpretation of the wide scope of article 22 affects sectors beyond finance, including law enforcement and justice administration.

This could lead to increased scrutiny of AI systems, especially those making significant decisions about individuals.

The question of whether data owners retain residual rights after their data is placed in the public domain is complex, Sir Geoffrey said.

While data may seem free to use, issues of consent and copyright remain pertinent, especially if the data was originally protected.

As AI applications become more widespread, particularly in coding and creative processes, legal data-use challenges are likely to arise.

There is a tension between the need for regulatory frameworks to protect individual rights and the imperative to foster innovation in AI technologies, he said.

Legal ambiguities

In sensitive areas such as justice, legal ambiguities must be addressed, he said.

Coimisiún na Meán chair Jeremy Godfrey said that the relationship between technology, innovation, and regulation is complex and must be carefully navigated.

Good regulation should be clear and flexible, providing businesses with understandable guidelines, while remaining proportionate to risk.

It encourages innovation rather than stifling it, he said.

Key challenges include ‘creative compliance, the demand for expert regulators, and the implications of AI on fundamental rights, he said.

However, companies often comply with regulations in ways that maximise inconvenience for users.

Cookie consent pop-ups have become ubiquitous, designed to encourage quick acceptance rather than informed decision-making, he pointed out.

Regulators must possess a deep understanding of digital technologies to effectively oversee them, he said.

The seminar heard that uncertainty surrounding decisions from data protection bodies can create anxiety for companies relying on data for AI training.

On the threat of deepfakes and misinformation, Sir Geoffrey said that humanity has always learnt how to deal with the fraudsters which appear in every era.

Media literacy

Media literacy, and promoting reliable news sources, will be key, the seminar heard.

As society adapts, it’s essential to enhance public awareness and critical thinking skills.

There is also significant potential in underutilised tools within the GDPR, such as certification processes.

Encouraging industry involvement in developing these tools could lead to more robust compliance frameworks, the seminar heard.

Irene Nicolaidou (European Data Protection Board deputy chair) said that the GDPR and the EU AI Act are designed to complement each other.

The commitment to transparency and accountability remains paramount, as news technologies emerge, she said.