Processing of Personal Data and AI: GDPR Guarantees and Limits (Between Individual Data and BIG DATA)

Abstract

The use of AI systems and related applications records a continuous and constant increase in different fields of research and daily life, based on large amounts of data flows that are uploaded and circulating online and, as stated by doctrine, constitute the main resource of the digital economy. In recent years, however, the development of communication channels and information flows has led to an exponential increase in the amount of data available, making it possible to develop a series of AI applications. On these considerations it is necessary to identify the legal framework of the relationship between circulation online and processing of data and AI systems, both with reference to personal data (which constitute the most significant percentage) and with reference to non-personal data, regarding to the regulatory framework existing (based mainly on the GDPR and Regulation UE 1087/2018). If, indeed, the spread and increase of AI systems can contribute to the EU strategy of increase the digital single market, it is nevertheless necessary to maintain the optimal standards of protection of personal data and, more generally, of the protection of the personality rights on (and in) the Net.