Desafíos actuales de la Inteligencia Artificial

44 Desafíos actuales de la Inteligencia Artificial landmark SCHUFA Holding judgment 58 “on credit scoring” and provided some guidance on the scope of the prohibition of automated decision-making under Article 22. According to this, the Court ruled that “ the assignment of automatically calculated credit scores is not in line with the GDPR, and the attribution of creditworthiness can already constitute a decision under Article 22 GDPR . ” 59 2.2.2. The Three Main Overlapping Points The two regimes have some overlaps, interacting most obviously with respect to (1) bias and discrimination, ( 2) risk assessments and (3) special categories of personal data ” 60 (1) Bias and Discrimination: Article 5(1)(a) of the GDPR establishes a broad requirement that personal data be pro- cessed fairly. 61 In the realm of personal data processing, fairness is an intentionally flexible principle, meant to encompass the many ways in which a party might process personal data unfairly. 62 However, in the realm of AI and machine learning, fairness is often more narrowly defined. 63 For instance, when evaluating the fairness of an AI or machine learning application as a Data Protection Officer (DPO), your primary concern would be the possibility of bias or discrimination inherent in the algorithms utilised. 64 This could involve racial bias, stemming from biased training data against a specific race, or gender bias, where one gender is dispro- portionately impacted. Such instances constitute the unfair handling of personal data. 65 The right to data protection may be subordinate to the right to non-discrimination when the processing of special category data is strictly necessary to prevent bias. 66 It is indisputable that data protection should be upheld to the greatest extent possible. However, aside from the processing of 58 Case C-634/21 OQ v. Land Hesse, joined party: SCHUFA Holding AG (Scoring) Judgment of the Court (First Chamber) issued 7 December 2023, ECLI:EU:C:2023:957 59 ‘CJEU landmark rulings on “credit ranking” and review of DPAs’. 60 ‘Key Issue 6: Interplay with GDPR - EU AI Act’. 61 Article 5(1)(a), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) . 62 CEDPO AI Working Group, AI and Personal Data A Guide for DPOs “Frequently Asked Questions” , p. 11. 63 CEDPO AI Working Group, AI and Personal Data A Guide for DPOs “Frequently Asked Questions” , pp. 11–12. 64 Ibid. 65 Ibid. 66 M. WINAU, ‘Areas of Tension in the Application of AI and Data Protection Law’, 133.