Belgium: Published Data Protection Authority Brochure on Artificial Intelligence Systems and the GDPR

On 19 September 2024, the Belgian Data Protection Authority (ADP) published a Brochure on Artificial Intelligence Systems and the GDPR, which focuses on the interplay between the General Data Protection Regulation (GDPR) and the AI Act following the latter's entry into force on 1 August 2024. In particular, the Brochure highlights the importance of aligning AI systems with data protection principles while addressing challenges related to privacy, transparency, and accountability. Furthermore, it discusses the complementary nature of the GDPR and AI Act. It also helps to define what constitutes an AI system, offering practical examples like spam filters, recommendation engines, virtual assistants, and AI-driven medical tools, illustrating how these systems must comply with data protection regulations. The Brochure sets out specific data protection requirements, including lawful, fair, and transparent processing, purpose limitation, data accuracy automated decision-making, and data subject rights, and outlines ways in which these requirements are found in both regulations. Further, the Brochure discusses a number of user stories as concrete illustrations of data protection requirements for AI systems.