A Controller Without Control. Embedded Artificial Intelligence – A Catalyst to Reconsider the Controller/Processor Relationship of the GDPR
Publikation: Bidrag til bog/antologi/rapport › Bidrag til bog/antologi › Forskning › fagfællebedømt
Standard
A Controller Without Control. Embedded Artificial Intelligence – A Catalyst to Reconsider the Controller/Processor Relationship of the GDPR. / Dahi, Alan; Corrales Compagnucci, Marcelo.
AI in eHealth: Human Autonomy, Data Governance & Privacy in Healthcare. red. / Marcelo Corrales Compagnucci; Michael L. Wilson; Mark Fenwick; Nikolaus Forgó; Till Bärnighausen. Cambridge : Cambridge University Press, 2021. (Cambridge Bioethics and Law ).Publikation: Bidrag til bog/antologi/rapport › Bidrag til bog/antologi › Forskning › fagfællebedømt
Harvard
APA
Vancouver
Author
Bibtex
}
RIS
TY - CHAP
T1 - A Controller Without Control.
T2 - Embedded Artificial Intelligence – A Catalyst to Reconsider the Controller/Processor Relationship of the GDPR
AU - Dahi, Alan
AU - Corrales Compagnucci, Marcelo
PY - 2021
Y1 - 2021
N2 - In the past, AI-devices offloaded their processing to the cloud, clearly implicating the provider of the cloud as either a controller or a processor under the GDPR. Increasingly, however, AI-driven processing is moving away from the cloud. Dedicated AI chipsets embedded in mobile clients and various edge devices now provide on-device predictions. A smart phone can screen for skin melanomas without sending any data to the cloud or app developer, and a bedside patient monitoring system can process locally in the hospital without sending any personal data to the device manufacturer. Such localized processing reveals underlying problems of how responsibility within data protection is allocated. For example, device manufacturers are typically deemed to fall outside the scope of the GDPR. This chapter argues that the current understanding of the controller/processor framework is too narrow. This is demonstrated through various processing scenarios.
AB - In the past, AI-devices offloaded their processing to the cloud, clearly implicating the provider of the cloud as either a controller or a processor under the GDPR. Increasingly, however, AI-driven processing is moving away from the cloud. Dedicated AI chipsets embedded in mobile clients and various edge devices now provide on-device predictions. A smart phone can screen for skin melanomas without sending any data to the cloud or app developer, and a bedside patient monitoring system can process locally in the hospital without sending any personal data to the device manufacturer. Such localized processing reveals underlying problems of how responsibility within data protection is allocated. For example, device manufacturers are typically deemed to fall outside the scope of the GDPR. This chapter argues that the current understanding of the controller/processor framework is too narrow. This is demonstrated through various processing scenarios.
M3 - Book chapter
T3 - Cambridge Bioethics and Law
BT - AI in eHealth
A2 - Corrales Compagnucci, Marcelo
A2 - L. Wilson, Michael
A2 - Fenwick, Mark
A2 - Forgó, Nikolaus
A2 - Bärnighausen, Till
PB - Cambridge University Press
CY - Cambridge
ER -
ID: 241213981