Forskning ved Københavns Universitet - Københavns Universitet


A Controller Without Control. Embedded Artificial Intelligence – A Catalyst to Reconsider the Controller/Processor Relationship of the GDPR

Publikation: Bidrag til bog/antologi/rapportBidrag til bog/antologiForskningfagfællebedømt


In the past, AI-devices offloaded their processing to the cloud, clearly implicating the provider of the cloud as either a controller or a processor under the GDPR. Increasingly, however, AI-driven processing is moving away from the cloud. Dedicated AI chipsets embedded in mobile clients and various edge devices now provide on-device predictions. A smart phone can screen for skin melanomas without sending any data to the cloud or app developer, and a bedside patient monitoring system can process locally in the hospital without sending any personal data to the device manufacturer. Such localized processing reveals underlying problems of how responsibility within data protection is allocated. For example, device manufacturers are typically deemed to fall outside the scope of the GDPR. This chapter argues that the current understanding of the controller/processor framework is too narrow. This is demonstrated through various processing scenarios.
TitelAI in eHealth : Human Autonomy, Data Governance & Privacy in Healthcare
RedaktørerMarcelo Corrales Compagnucci, Michael L. Wilson, Mark Fenwick, Nikolaus Forgó, Till Bärnighausen
Antal sider14
ForlagCambridge University Press
StatusAccepteret/In press - 2021
NavnCambridge Bioethics and Law

Antal downloads er baseret på statistik fra Google Scholar og

Ingen data tilgængelig

ID: 241213981