The pre-eminence of the European Union (EU) General Data Protection Regulation (GDPR) in regulating the business of data collection, processing and transfer cannot be understated. It has come to serve as the model for laws in several non-EU jurisdictions who share in the EU’s concerns about citizens’ data being harnessed by Big Tech in particular. This article explores the GDPR’s outsized impact in the sphere of data regulation, the conflict between the contrasting models of regulation adopted by the EU and the United States and comments on the possibility of the AI regulations becoming what the GDPR is for data. It further delves into the possibility of this approach being followed by countries like India, where government efforts to integrate AI-based innovation and entrepreneurship have led to the possibility of newer regulatory approaches being adopted.
BradfordA. (2020). The Brussels effect: How the European Union rules the world (Chapter 4). Oxford University Press.
5.
British Legal Technology Forum. (2017). The main differences between the DPD and the GDPR and how to address those moving forward. SeeUnity. Retrieved, 31 August 2023, fromhttps://britishlegalitforum.com/wp-content/uploads/2017/02/GDPR-Whitepaper-British-Legal-Technology-Forum-2017-Sponsor.pdf
6.
CerviG. V. (2022). Why and how does the EU rule global digital policy: An empirical analysis of EU regulatory influence in data protection laws. Journal of Digital Society, 1(2), 18. https://doi.org/10.1007/s44206-022-00005-3
7.
ChakrabartiR., & SanyalK. (2020). Towards a ‘Responsible AI’: Can India take the lead?South Asia Economic Journal, 21(1), 158–177.
8.
ChamberlainJ. (2023). The risk-based approach of the European Union’s proposed artificial intelligence regulation: Some comments from a tort law perspective. European Journal of Risk Regulation, 14(1), 1–13. https://doi.org/10.1017/err.2022.38
9.
CoomanJ. D. (2022). Humpty Dumpty and high-risk AI systems: The Ratione Materiae dimension of the proposal for an EU artificial intelligence act. Market and Competition Law Review, 6, 49.
10.
CurtisT. (2016). Privacy harmonization and the developing world: The impact of the EU’s General Data Protection Regulation on developing economies. Washington Journal of Law, Technology & Arts, 12, 95.
11.
DemircanM. (2023, June2). Deployers of high-risk AI systems: What will be your obligations under the EU AI Act?Kluwer Competition Law Blog. https://competitionlawblog.kluwercompetitionlaw.com/2023/06/02/deployers-of-high-risk-ai-systems-what-will-be-your-obligations-under-the-eu-ai-act/
12.
Digital Personal Data Protection Bill. (2022). The Digital Personal Data Protection Act, 2023(India).
13.
DunnP., & GregorioG. D. (2022). The ambiguous risk-based approach of the Artificial Intelligence Act: Links and discrepancies with other union strategies. CEUR Workshop. https://ceur-ws.org/Vol-3221/IAIL_paper7.pdf
14.
EbersM. (2022). Standardising AI: The case of the European Commission’s proposal for an Artificial Intelligence Act. The Cambridge handbook of artificial intelligence: Global perspectives on law and ethics (22 pp.). Cambridge University Press.
15.
EnglerA. (2022, June8). The EU AI Act will have global impact, but a limited Brussels effect. Brookings. https://www.brookings.edu/articles/the-eu-ai-act-will-have-global-impact-but-a-limited-brussels-effect/
16.
EU Press Release. (2020). Shaping Europe’s digital future.
17.
European Commission. (2018, April25). Artificial intelligence for Europe, COM(2018) 237 final.
18.
European Commission. (2020, 19February). Artificial Intelligence: A European approach to excellence and trust[White paper]. https://commission.europa.eu/system/files/2020-02/commission-white-paper-artificial-intelligence-feb2020_en.pdf
19.
European Commission. (2021, April21). Proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (artificial intelligence act) and amending certain Union legislative acts. COM(2021) 206 final.
20.
European Council. (2020). Digital single market for Europe. https://www.consilium.europa.eu/en/policies/digital-single-market/
21.
European Parliament. (2016, May4). General data protection regulations. Official Journal of European Union. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
22.
European Parliament. (2020, June). The impact of the General Data Protection Regulation (GDPR) on artificial intelligence. EPRS. https://www.europarl.europa.eu/RegData/etudes/STUD/2020/641530/EPRS_STU(2020)641530_EN.pdf
23.
European Union. (2000, December18). Charter of fundamental rights of the European Union, 2000/C 364/01. https://www.europarl.europa.eu/charter/pdf/text_en.pdf
24.
FeferR. F., & ArchickK. (2021). U.S.-EU privacy shield and transatlantic data flows. Congressional Research Service.
25.
GanT. T. (2018). Data and privacy protection in ASEAN : What does it mean for business in the region?Deloitte. https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-data-privacy-in-asean.pdf
26.
GhoshS., MitraI., ChakrabortyA., NayakU., & AhmedI. (2023, June). Towards a smarter tomorrow: Impact of AI in the post-COVID era. PwC. https://www.pwc.in/assets/pdfs/data-and-analytics/towards-a-smarter-tomorrow-impact-of-ai-in-the-post-covid-era-v1.pdf
27.
GlaunerP. (2022). An assessment of the AI regulation proposed by the European Commission. In The future circle of healthcare: AI, 3D printing, longevity, ethics, and uncertainty mitigation (pp. 119–127). Springer International Publishing.
28.
GoldsmithJ., & WuT. (2006). Who controls the internet? Illusions of a borderless world(Chapter 10). Oxford University Press.
29.
GreenleafG. (2021). The ‘Brussels effect’ of the EU’s ‘AI Act’ on data privacy outside Europe. 171 Privacy laws & business international report (pp. 3–7).
30.
GunstS., & VilleF. D. (2021). The Brussels effect: How the GDPR conquered Silicon Valley. European Foreign Affairs Review, 26, 3.
31.
HatchA. (2023, August31). Big Tech companies cannot be trusted to self-regulate: We need Congress to act. TechCrunch. https://techcrunch.com/2021/03/12/big-tech-companies-cannot-be-trusted-to-self-regulate-we-need-congress-to-act/
32.
HazdicA. (2021, December9). The future of AI is unpredictable, and that’s a good thing. Medium. https://artlexa.medium.com/the-future-of-ai-is-unpredictable-and-thats-a-good-thing-746e991f1517
33.
Human Rights Commission. (2023). Technology and human rights. https://tech.humanrights.gov.au/sites/default/files/2021-05/AHRC_RightsTech_2021_Final_Recommendations.pdf
34.
INQ Law. (2021, August4). The risk-based approach to AI a global trend. https://www.inq.law/post/the-risk-based-approach-to-ai-a-global-trend
35.
JohnsonK. (2021, September1). The fight to define when AI is ‘high risk’. Wired. https://www.wired.com/story/fight-to-define-when-ai-is-high-risk/
36.
KirbyM. (2011). The history. Achievement and future of the 1980 OECD guidelines on privacy. International Data Privacy Law, 1 (1), 6–14.
37.
KurzweilR. (1990). The age of intelligent machines. MIT Press.
38.
LauxJ., WachterS., & MittelstadtB. (2023). Trustworthy artificial intelligence and the European Union AI act: On the conflation of trustworthiness and acceptability of risk. Regulation & Governance, 18(1), 3–32.
39.
Lexparency. (2023). Retrieved, 31 August 2023, fromhttps://lexparency.org/eu/52021PC0206/ANX_I/
40.
Nokia. (2023). MBiT Index 2023. https://www.nokia.com/about-us/company/worldwide-presence/india/mbit-index-2023/
41.
National Artificial Intelligence Act. (2020). National Artificial Intelligence Initiative Act of 2020, H.R.6216, 116th Cong. (US).
42.
NoussiaK., & ChannonM. (2023). The regulation of automated and autonomous transport (p. 399). Springer Nature.
43.
ParsheeraS. (2022). Data governance. Asian Alternatives. https://carnegieendowment.org/files/Data_Governance_v1.pdf
44.
PaswanG. P., & SinghR. (2023, July21). India’s Digital Protection Bill: A milestone in data protection and global competitiveness. MyGov. https://blog.mygov.in/editorial/indias-digital-protection-bill-a-milestone-in-data-protection-and-global-competitiveness/#:~:text=India%27s%20Personal%20Data%20Protection%20Bill,2017%20verdict%20of%20the%20Constitutional
45.
PhillipsN. J. (2019). Is EU privacy regulation being exported to the US? Antonin Scalia Law School. https://masonlec.org/events/is-eu-privacy-regulation-being-exported-to-the-us/
46.
PTI. (2023, July31). Why India can afford to wait and watch before regulating AI. ET Telecom. https://telecom.economictimes.indiatimes.com/news/internet/why-india-can-afford-to-wait-and-watch-before-regulating-ai/102279854
47.
RaulA. C. (2020). Data protection and privacy. Chambers global practice guide. Sidley Austin LLP.
48.
RoyA. (2014, March17). Thanks to Bill Clinton, we don’t regulate the internet like a public utility. Forbes. https://www.forbes.com/sites/realspin/2014/03/17/thanks-to-bill-clinton-we-dont-regulate-the-internet-like-a-public-utility/?sh=731d1ab62e52
49.
RuschemeierH. (2023). AI as a challenge for legal regulation: The scope of application of the Artificial Intelligence Act proposal. ERA Forum, 23, 361.
50.
SchneierB. (2020). We’re banning facial recognition. We’re missing the point. New York Times.
51.
ShaxsonN. (2023, August31). Data havens: How to tackle the new digital race to the bottom. Tax Justice. https://taxjustice.net/2020/12/21/data-havens-how-to-tackle-the-new-digital-race-to-the-bottom
52.
SiegmannC., & AnderljungM. (2022). The Brussels effect and artificial intelligence: How EU regulation will impact the global AI market. APSA Preprints. https://uploads-ssl.webflow.com/614b70a71b9f71c9c240c7a7/630534b77182a3513398500f_Brussels_Effect_GovAI.pdf
53.
SimpsonE., & ConnerA. (2021). How to regulate tech: A technology policy framework for online services. American Progress. https://www.americanprogress.org/article/how-to-regulate-tech-a-technology-policy-framework-for-online-services/
54.
SingerP. L., StempsonA., & ChunB. B. (2023, October24). California: Changes to consumer protection authority. Kelley Drye. https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/california-changes-to-consumer-protection-authority
55.
SmitS., TyremanM., MischkeJ., ErnstP., HazanE., NovakJ., HieronimusS., & DagorretG. (2022, September22). Securing Europe’s competitiveness: Addressing its technology gap. McKinsey Global Institute. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/securing-europes-competitiveness-addressing-its-technology-gap
56.
SmuhaN. A. (2021). From a ‘race to AI’ to a ‘race to AI regulation’: Regulatory competition for artificial intelligence. Law, Innovation and Technology, 13(1). https://dx.doi.org/10.2139/ssrn.3501410
57.
SmuhaN. A., Ahmed-RengersE., HarkensA., LiW., MacLarenJ., PiselliR., & YeungK. (2021, August5). How the EU can achieve legally trustworthy AI: A response to the European Commission’s proposal for an artificial intelligence act. https://dx.doi.org/10.2139/ssrn.3899991
58.
SpiegeleireS. D., MaasM., & SweijsT. (2017). What is artificial intelligence. Hague Centre for Strategic Studies.
StuurmanK., & LachaudE. (2022). Regulating AI. A label to complete the newly proposed Act on Artificial Intelligence. SSRN Electronic Journal, 1. https://dx.doi.org/10.2139/ssrn.3963890
61.
SusskindJ. (2018). Future politics(Chapter 11). Oxford University Press.
62.
Thales Group. (2021, May10). Beyond GDPR: Data protection around the world. Thales Group. https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/magazine/beyond-gdpr-data-protection-around-world
63.
VealeM., & BorgesiusF. Z. (2021). Demystifying the draft EU Artificial Intelligence Act. Computer Law Review International, 4, 97.
64.
Whitehouse. (2022). Blueprint for an AI bill of rights. Whitehouse.gov. https://www.whitehouse.gov/wp-content/uploads/2022/10/Blueprint-for-an-AI-Bill-of-Rights.pdf
65.
WhitmanJ. (2004). The two Western cultures of privacy: Dignity versus liberty. Yale Law Journal, 113, 1152.
