Focusing on data breaches, subject access requests (SARS), and consent is distracting and confusing when it comes to AI. What the industry needs is clarity on what is necessary to lawfully POSSESS and USE personal data for AI.This must be clarified NOW before AI design implementations become widespread and significant investments are made. Once made, companies and countries..
The IAPP published an article: Is encrypted data personal data under the GDPR? The article is a great summary of issues related to encryption as a means to protect data when not in use. The issues change, however, when a data controller wants to actually make use of the data. As soon as the data is decrypted, it is then indisputably personal data and (as decrypted data)..