Like many other new European digital legislations, the AI Act takes a risk-based approach. However, this digital legislation is complemented and overlaid by the GDPR, which affects all actors equally, regardless of size and risk level. This raises the question of whether the GDPR undermines the risk-based and asymmetric approaches. Additionally, current data protection law is not well aligned with developments in the field of artificial intelligence (AI).
In her presentation, Christiane Wendehorst presented a draft "AI Data Protection Regulation" https://zivilrecht.univie.ac.at/fileadmin/user_upload/i_zivilrecht/Wendehorst/Workshop_Datenschutz/Draft_AI_Data_Protection_Regulation_WENDEHORST_24-12-20.pdf that aims to address these issues.
