Are we losing control of our data through artificial intelligence (AI)?

A balancing act between AI, information security and data ownership

Drei Kolleg*innen schauen auf einen Bildschirm. Auf dem Bildschirm ist eine Darstellung von KI in Gehirnform.

Are we losing control of our information? The key issues in information security and data protection are data ownership and control over data, as well as authorisation to process data securely and responsibly in accordance with the relevant specifications. The issue of loss of control is becoming increasingly important in the AI era.

In 2023, 126 zettabytes of digital data were generated worldwide (source: Statista). This figure will most likely double by 2027. Thanks to ChatGPT and its ilk, it has never been so easy to analyse, generate and replicate content at the touch of a button.

The role of AI in the flood of data: opportunities and challenges

The exponentially growing flood of data poses major challenges for information security. On the one hand, training AI models requires large amounts of data to ensure adequate performance and accuracy. Companies and organisations therefore often collect huge amounts of data to train their AI systems. On the other hand, AI applications also continuously generate data during their operation – whether through sensors, interactions with users or automated processes.

Paradoxically, AI, which itself makes a significant contribution to the flood of data, can also offer solutions. AI can help to create order in this sea of data in order to identify important or irrelevant information more quickly and process, aggregate or delete it accordingly. Overall, AI can improve the efficiency of data processing and management and enable preventative measures to avoid data overload.

Data ownership, AI Act, ISO 27001 and GDPR

The international information security standard ISO 27001 sets out guidelines to ensure that organisations establish clear responsibilities for managing and protecting their data. It also defines processes for identifying data owners, establishing their rights and obligations and ensuring that data is appropriately protected and managed.

In terms of privacy of personal data, data ownership refers to the concept that individuals have the right to exercise control over the information that relates to them as a person, that is transmitted or that is collected about them.

In a digitalised world where data plays a crucial role, the question of data ownership is of increasing importance. While some people argue that data – similar to physical goods – should be considered a form of property, there are also voices that emphasise that data should rather be treated as a resource that can be used by society as a whole. The debate on data ownership raises complex issues – such as privacy, security, access rights and economic impact.

The AI Act is a European legislative initiative that aims to regulate and control the use of AI in the EU. The aim of the AI Act is to create a balance between promoting innovation and ensuring safety and trust in AI systems.

The AI Act does not lay down any specific provisions on the subject of data ownership or the flood of data. However, the AI Act does indirectly address aspects of data ownership and data flooding through its regulation of AI. As AI is often based on large amounts of data, the AI Act sets out requirements for transparency, accountability and data protection of AI systems. This may implicitly impact data ownership by requiring organisations to clearly define who is responsible for the data and how it is protected and used.