07. Mar 2024

A balancing act between AI, information security and data ownership

The future of AI and data ownership

In the first part of this article, we looked at the loss of control of data and the role of artificial intelligence in the current flood of data. Data ownership, the AI Act at European level, ISO 27001 and the GDPR - what does the future hold?


AI and data protection: new uncertainties

In addition to all the advantages, the integration of AI in companies also brings with it uncertainties in terms of information security and data protection. Can AI act as a data owner? Who owns the data generated by AI? Who is responsible for the training data for the AI model? The autonomy of AI systems and their ability to make independent decisions require special attention with regard to data protection and security.


Solutions for the responsible use of AI

  • Responsibility: Define clear responsibilities for the data processed and generated by AI within the company.
    Data processing guidelines: Determine guard rails for the data processing of your AI models.
  • Transparency and explainability: Ensure that AI systems are transparent and explainable in order to keep decision-making processes effective.
    Data protection guidelines: Implement clear data protection guidelines, align with the GDPR and publish the respective guidelines to strengthen trust on the part of customers* and other stakeholders.
  • Regulatory framework conditions: Support the development of regulations that monitor and control the use of AI in information security.
  • Human oversight: Integrate human oversight to ensure AI operates in line with your ethical standards
  • Ongoing training: Educate users to promote an understanding of evolving AI technology and its impact on information security and to prevent misuse.


Conclusion: The future of AI and data ownership

The integration of ethical principles and security precautions is crucial in order to be able to use AI to manage the flood of data and proactively counter information security risks. ISO 27001 and the General Data Protection Regulation (GDPR) are useful frameworks that complement the requirements of the AI Act. Those responsible for information security and data protection should use their position as experts in companies and be aware of their responsible position to ensure the protection of data in AI models.

News & Events

The basis for long-term success!

11. Jun 2024

Aspects of climate change included in the standards for management systems

New features and what happens next

Learn more
17. Apr 2024

CIS joins the Austrian Data Centre Association (ADCA)

New cooperation

Learn more
17. Apr 2024

Smart compliance for data centres

NISG and EN 50600

Learn more
28. Mar 2024

ISO 42001 – the new standard for artificial intelligence

World's first standard for AI

Learn more
07. Mar 2024

Are we losing control of our data through artificial intelligence (AI)?

A balancing act between AI, information security and data ownership

Learn more
31. Jan 2024

CIS is the first inspection body for EN 50600

Product and service certification for data centers

Learn more
22. Jan 2024

Cyberattacks number 1 risk worldwide

New data published as part of the "Risk Barometer"

Learn more
07. Aug 2023

In conversation with Harald Erkinger and Christoph Mondl about New Work, opportunities and risks

The current topics of cyber security

Learn more
03. Aug 2023

What know-how we can look forward to at the CIS Compliance Summit 2023

Anticipation is building up for top-notch speakers!

Learn more
01. Aug 2023

Cybercrime – 3 current threats you should be ready for!

New report of the BKI

Learn more
06. Jul 2023

Global Threat Report 2023: Turning trends into active opportunities

Findings, trends and recommendations for action

Learn more
+43 1 532 98 90