← Back

An EU AI Act loophole? No legal obligation to give individual control over AI systems

26 Mar 2025

At ID side, we champion the belief that true transparency is achieved when individuals can actively manage how their data is utilized, notably in the frame of AI systems. This is why our Personal Data Choices Management Platform (PDPs) offers a groundbreaking approach to data control constituting a potential game-changing application of GDPR's practical certainty one can indeed control their data online -even while further used by/for AI.

GDPR recital 7 lays down that "Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced". We strive to provide a mechanism to give such control.

Despite the EU AI Act does not refer once to individuals' control and the practical implementation of EU fundamental right to self-determination, but only to more transparency and explainability, we start exchanging about the "practical tool" that will empower us all to have control online -over collection, use and further use of personal data.

As we strive to turn transparency and explainability into controls that are vital to individuals online, we are grateful for the constructive exchanges we already had in various fora (IAPP, DIFC, INRIA, ICO, FEDMA…) and we kindly invite any party interested to pursue or initiate such exchanges with us.