Status quo vadis: Limits in the use of artificial intelligence

What do companies have to consider when using artificial intelligence?

« The imagination knows no bounds. » When it comes to the use of artificial intelligence (AI) technology also seems to set hardly any limits to the imagination. This is the impression This is the impression given by the daily media reports about ChatGPT, a generative Kl, which can write texts and poems, do quick researches and take exams at elite pass exams at elite American universities.

Many entrepreneurs are asking themselves how they can use the seemingly limitless technical benefits of « thinking » software and algorithms in a meaningful way in their companies, especially in their working lives. Four areas of application stand out people analytics » is used for performance evaluation and aptitude testing for new jobs in the and suitability testing for new jobs in the search for candidates or the further qualification of talents. Kl for « algorithmic management » is aimed at the planning and control of employee activities. Kl for automation of tasks (« task automation ») takes on simpler activities independently. tasks independently. Finally, employees increasingly use ChatGPT in order to receive templates for texts, programming or the like. But do imagination and technology really know no bounds or are there legal hurdles that make the that make their use risky?

There is still no concrete legal framework for the use of artificial intelligence in Europe. Europe does not yet exist. What is exciting is that in April 2021, the EU Commission will present a presented a first draft regulation on the use of artificial intelligence (AI Regulation), which – as which – as things stand at present – could possibly be adopted this year. could be adopted this year. It is worth taking a closer look at this draft in order to understand in the direction in which the legislative efforts are going. The For example, the legislator uses a very broad Kl definition as a basis. According to this, simple automation processes could fall within the scope of the AI Regulation. A large number of systems that are already in use would have to be be reviewed on the basis of the AI Regulation.

The AI Regulation defines four classes of risk (unacceptable, high, low and minimal), which are subject to varying degrees of regulation. Cl practices, which are considered unacceptable, for example because they violate fundamental values of the EU, are prohibited (Art. 5 AI Regulation). Example: Evaluation of social behaviour (social scoring). For high-risk cl systems, minimum requirements apply. (Art. 8 ff. AI Regulation), which providers and users of the systems must fulfil (Art. 1 6 ff. AI REGULATION). In addition, irrespective of the risk class, the following apply in particular Transparency requirements (Art. 52 AI Regulation). Kl systems with a low or minimal minimal risk, on the other hand, are not subject to any special regulation.

Providers of such systems may voluntarily adhere to codes of conduct. (Art. 69 AI Regulation). Forward-looking entrepreneurs could already validate planned validate the planned and existing use of Kl on the basis of the regulations. which should make the use legally more secure. The AI Regulation provides important and up-to-date and up-to-date information on how the EU Commission envisages the use of AI in legal terms.

But what legal hurdles currently apply to the seemingly limitless possible possible use of AI currently apply? The most applicable are the General Data Protection Regulation (GDPR) (DSGVO), anti-discrimination rules, regulations on consumer protection and product safety and co-determination. For example, if a company uses the speech analysis software from Precire to automatically analyse the suitability of applicants on the basis of their language skills, or does it rely on the video analysis function of Hirevue? Hirevue’s video analysis function to create personality profiles, a prior data protection analysis and documentation is recommended. After the Section 26 of the German Data Protection Act (BDSG), which may be in breach of EU law, data data processing must be (i) suitable to achieve the predefined purpose, (ii) it must be necessary, i.e. there must be no milder interference in rights, and (iii) the interests of the parties involved must be weighed against each other. be weighed against each other.

GDPR and anti-discrimination

As a rule, the creation of personality profiles is inadmissible, unless, justified in individual cases on the basis of specific requirements in the job profile. requirements in the job profile. According to Art. 22 of the GDPR, the software may not be used to make personnel decision (e.g. hiring, promotion, dismissal) itself, but only to itself, but only provide assistance in the decision-making process. In order to ensure the non-discriminatory use of analytics software, the software provider should software provider should explain what precautions it has taken to avoid AGG risks. Finally, the current rulings of the ECJ of 30.03.2023 and 04.05.2023 must be taken into account in order to ensure that the correct legal basis for personnel data processing in each individual case.

Fines in the millions threatened

In conclusion, it can be said that, in addition to imagination, technology is setting ever fewer limits on the use of personal data. technology is setting ever smaller limits on the use of Kl and the more practical. However, the use of Kl should be well thought out beforehand in order to be able to profit from technical progress in the long term. Otherwise there is a risk of unwelcome mail from the supervisory authorities. Against the background of fines in the millions that have been imposed for data protection violations in Germany, it is urgently millions for data protection violations in Germany, it is urgently recommended that a data protection and document a data protection impact assessment before using artificial intelligence.

Update on international data protection: new standard contractual clauses for international data transfers

Almost a year ago, the ECJ declared the EU-US Privacy Shield as invalid (Schrems II) and also raised some questions regarding the EU Standard Contractual Clauses (SCC), the most important instrument for international data transfers. The EU Commission has now adopted new SCCs, with which it has adapted the previous SSCs to the General Data Protection Regulation (GDPR) and also taken the ECJ’s specification into consideration. However, it quickly becomes clear that the EU Commission has not created a carte blanche for data exchange with the new SCCs. Companies that transfer personal data to third countries such as the USA on the basis of SCC now have some work to do.

To read the full newsletter, please click here.

How R U CEE? All you need to know about real estate in CEE

As a result of the collaboration of BNP Paribas Real Estate with act legal, Hays, the French-Polish Chamber of Commerce, the Dutch-Polish Chamber of Commerce and the Belgian Chamber of Commerce, the report provides an overview of the commercial real estate market, broken down into specific segments, from the perspective of developers and investors in the Central and Eastern Europe.

act legal professionals from Poland, the Czech Republic, Hungary and Romania share their views on current trends in the CEE commercial property market and legal aspects of COVID-19’s impact, while also commenting on recent amendments to legal and tax regulations, which are relevant for investors.

Handbook for Supervisory Board Members

Dr. Thomas Altenbach provides a comprehensive guide to the key issues for supervisory boards. In particular, he also takes into account the current draft legislation on association sanctions and whistleblower protection. The handbook provides a comprehensive presentation of the tasks of the supervisory board as well as the rights and duties of its members and imparts the knowledge necessary for the diligent performance of office.

From the election of supervisory board members, to the competencies and duties of the supervisory board, the work of the supervisory board in detail, remuneration and reimbursement of expenses, internal investigations, conflicts of interest, liability and damages including D&O insurance.

Esports – a booming industry with unique legal needs

Through its rapid growth in the last few years Esports has shifted into the public focus and has become a new relevant industry generating revenues of $1.1 billion globally in 2019.

Home to one of the Esports leagues ESL – Electronic Sports League, and other relevant Esports companies, leading teams and players, Germany has played a vital role in this development. Besides its rapid growth, the esports ecosystem has also evolved in terms of professionalism, economically as well as legally.

A significant milestone in this regard was the establishment of the German esports association ESBD – ESPORT-BUND DEUTSCHLAND e.V. in 2017 which was initiated in the offices of act legal Germany. Since then, major legal steps have been taken, such as the introduction of the German esports visa in 2020, a dedicated visa category for esports.

When Robots decide!

The robot as your „boss”

“My boss is a robot”, the employees of the investment company Deep Knowledge Ventures in Hong Kong must have thought when a computer algorithm was appointed as a full member of the board of directors. And in fact, robots are conquering our working world at record speed. They order goods, work hand in hand with human colleagues on assembly lines, distribute products on the Internet and dictate high-frequency trading. Technological progress is enabling employers to use intelligent systems not only to supplement human labor, but also to replace it in certain areas, including supervisory functions. It is therefore high time to deal with the (labor law) legal framework.

It is agreed that the appointment of a computer algorithm to the supervisory board or the board of directors of a German stock corporation is not (yet) possible (sects. 76 para. 3 sent. 1, 100 para. 1 sent. 1 German Stock Corporation Act – AktG). However, the assumption of the supervisory function by a robot is not a future dream. The Japanese electronics group Hitachi, for example, has work instructions executed by intelligent systems in its German branches. Legally, there is nothing to prevent the delegation of the right to issue instructions from a human to a machine if the employer ensures, by means of suitable programming, that the essential circumstances of an individual case are balanced before issuing the instruction and that affected interests are taken into account appropriately (sects. 315 German Civil Code – BGB, 106 German Trade Regulation – GewO). The only apparent limit for the “robot boss” is found in article 22 para. 2 of the GDPR, according to which decisions which have “legal effects” or “significant adverse effects” on the person concerned must not be based on automated processing of personal data. Thus, the robot boss may not (yet) fire. Already reality and after a thorough evaluation in terms of data protection law, it is legally permissible for humans to make personnel decisions prepared by algorithms, especially in the case of fully automated application procedures and selection tools. (“People Analytics”).

So, robots replace workers. But can they also be qualified as employees under labor and company law? Do they count towards the thresholds that determine how many employees are required to install a co-determined supervisory board, how large the works council has to be or whether the German Dismissal Protection Act applies? Are robots to be considered on an equal footing with human employees during social selection? Even if some authors demand this, it must be denied in each case. All threshold values (still) presuppose a natural person and social selection would be taken ad absurdum. Instead of the dismissal of two employees, the “young” robot without alimony obligations is likely to be less worthy of social protection. This would cancel out the constitutionally protected entrepreneurial freedom to optimize work processes by using modern technologies. Robots remain things.

Is the machine „liable”?

Consequently, even humanoid robots are not liable for injuries to employees/customers and/or damage to the company’s reputation that they cause. In order to determine the person responsible, it depends on whether the damage caused is due to incorrect programming or incorrect operation of the robot. The legislator has not yet taken action. It is currently being discussed whether the use of intelligent systems should be subject to the legal reservation of taking out compulsory insurance. The following precautions are particularly recommended: Carrying out risk assessments (sect. 5 German Working Conditions Act – ArbSchG), observance of the safety precautions mentioned in the Industrial Safety Ordinance as well as the ISO standard 10218-2011 and involvement of the works council (sects. 90, 87 para. 1 No. 7 German Works Constitution Act – BetrVG).

Robotics policy required!

But how does a board of directors / supervisory board control self-learning systems that work on the principle of trial and error and automatically change themselves? How does a board of directors act dutifully on the basis of « appropriate information » if it has no insight into the black box that lies between the input and output levels? Company management is expected to balance the potential risks in each individual case, closely monitor developments in the robots they use and implement compliance systems to protect against (legal) violations. It also appears to be legally necessary to lay down the aforementioned legal framework conditions in a written “robot policy”. Company management is well advised to communicate the use of artificial intelligence transparently, especially to investors, employees and business partners. No one is prevented from investing their money in risky projects, working with robots and/or trading with them. But they should know.

New guide of the US Department of Justice – Requirements for a Compliance Management System

On April 30, 2019, the U.S. Department of Justice (DOJ) published new guidance on the requirements for compliance management systems, a revised and expanded version of a document of the same name published in February 2017, which collected more than 120 test questions to identify the criteria that DOJ prosecutors should use to assess compliance programs when assessing penalties or entering into a deferred or non-prosecution agreement. This article provides a brief overview.

#MeToo? – Relevant answers

Social interaction at work or sexual harassment?
What employers must do and when.

A short, too tight hug for a birthday, a quick follow-up mail after a nice lunch, a random touch while looking at the screen together: Are these scenes examples of good social interaction at work or sexual harassment? What employers must do and when.

Bridge part time: right to return full time

The legislator has once again provided companies with a provision whose unclear interpretation could in practice be contested in court. In addition to “normal” part-time employment, bridge part-time employment will apply from 2019.