Although there is currently no consensus at international level on the definition of the term “artificial intelligence”(AI), there is general agreement on the fact that AI will have a profound impact on our societies. At the moment, the development of (most) AI requires vast quantities of data. At the same time, these AI applications generate enormous datasets themselves. Moreover, AIcan give rise to risks for privacy and data protection.

In order to examine how AI can be implemented in a social, ethical and legally acceptable way in an organisation or specific sector, we need to understand if the collected data is compliant to the different regulations that apply. The difficulty is that different types of data are covered by different legal rules, each of them with their own challenges.

First, there is personal data, which is covered by the GDPR.The GDPRhas three main purposes: toensure anyone’s right to protection of their personal data, to create an economic and social environment in which data subjects can trust yhat their personal data will only be processed in compliance with their expectations and to ensure and facilitate the free movement of personal data. However, the requirement for large volumes of data for AI systems and the “black box” principle, are often considered to be at odds with the GDPR, especially because the regulation appears to limit some specific AI functions.

Second, there is open data, which can be defined as “data that can be freely used, re-used and distributed by anyone -subject only, at most, to the requirement to attribute and sharealike.” In the EU, there is a legal framework to allow the re-use ofpublic sector information, through the ‘PSI Directive’. It focuses on the economic aspects of the re-use of information. According to the EU, allowing public sector data to be re-used for other purposes can become a critical asset for the development of new technologies, such as artificial intelligence (AI), which require the processing of vast amounts of high-quality data. The introduction of the GDPR has ignited discussions about the potential impact on open data. In order to process personal data, a processor has to have a legal basis, one of them being consent. This has given rise to questions about the reusability of open data which may contain personal data such as company registers or public contracting data. A solution could lie in the anonymisation of personal data, because then the GDPR would not apply. Indeed, recital 26 states that “the principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes”. Yet, full anonymisation of personal data has been proven difficult, particularly because it may be possible to re-identify individuals by linking several otherwise impersonal datasets.

Lastly, there is the special regime of scientific research withinthe GDPR, which is composed of specific derogations from certain controller obligations and a specific provision requiring appropriate safeguards. These rules are meant to afford a degree of flexibility for genuine research projects that operate within an ethical framework and aim to grow society’s collective knowledge and wellbeing. Nonetheless, how this is operationalised in practice, is under discussion. here are voices that the GDPR is too flexible, while others are of the opinion that the rules in place, threaten vital research activity.

In our presentation, we would like to address these issues, and provide our audience with some tools to deal with them in their daily activities when using (open)data.