Material Requirements of the GDPR regarding the Introduction and Operation of AI-Applications

2 minute read | September.01.2023

Deutsch: Wesentliche Anforderungen der DS-GVO bei Einführung und Betrieb von KI-Anwendungen

In the current edition of the leading German data privacy law journal Zeitschrift für Datenschutz (9/2023), Daniel Ashkar provides an instructive overview on material requirements of the EU General Data Protection Regulation (GDPR) in relation to artificial intelligence (AI) applications as well as practical guidance in relation thereto.

The article covers the responsibilities of involved parties and related contractual requirements, relevant legal bases under the GDPR, notice requirements, data subject rights, the (potential) obligation to perform a data protection impact assessment, technical and organizational security measures as well as Privacy by Design and by Default, and requirements on data retention and on automated individual decision-making.

Additionally, the article provides practical guidance in relation to the aforementioned topics and requirements.

The German language article can be found at Beck-Online (paywall).

Authors

Dr. Daniel Ashkar Counsel, Cyber, Privacy & Data Innovation, General Data Protection Regulation

Munich

See my bio

D:+49 89 383980123
E: [email protected]

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
General Data Protection Regulation
Technology Transactions
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Dr. Daniel Ashkar Counsel

Munich

Having concentrated on data privacy law since 2012, Daniel provides comprehensive data privacy and cybersecurity advisory support to clients and has extensive experience in the areas of international data transfers (including on EU Standard Contractual Clauses and Binding Corporate Rules) as well as topics relating to the “Schrems II” judgment.

Daniel further drafts data privacy contracts (such as data processing agreements and joint controller agreements) as well as data privacy policies/notices and consent forms. On transactional matters, he supports clients with outsourcings and due diligences in the course of M&A transactions. Daniel also advises on data subject rights requests, data breaches and notification requirements related thereto, e-discovery requests, website tracking, marketing measures, privacy impact assessments as well as data privacy topics in the employment and reinsurance context.

He further advises on IT/IP and technology-related matters, including on contracts and matters relating to unfair and deceptive trade practices. Daniel also possesses years of experience regarding legal disputes and litigation matters and has represented clients in proceedings before different courts in Germany.

Prior to joining Orrick, Daniel was an in-house counsel for a German car maker and for one of the largest reinsurance corporations in the world. His in-house experiences at these large German multinationals allow him to understand the needs and requirements of globally operating clients.

Daniel started his career at another global law firm where he worked for several years with a focus on data privacy and litigation matters. He also wrote his doctoral thesis on data privacy law.

Related Areas

Markets

Germany