Raderad men inte bortglömd: artificiell intelligens och utmaningen att säkerställa rätten till radering

Sammanfattning: This thesis examines the implications of Artificial Intelligence (AI) for the right to erasure, otherwise known as the right to be forgotten, in compliance with article 17 of the General Data Protection Regulation (GDPR). The significant technological advancements in AI have led to increased use of AI-systems in the private sector, especially due to the attractive efficiency and streamlining possibilities, as well as the advanced data processing capabilities. Despite the innovation potential offered by AI, its advancement has also introduced significant legal challenges, especially in terms of data protection. A major privacy challenge within the AI-context is ensuring the right to erasure, as stipulated in article 17 of GDPR. The fundamental necessity of large amounts of data for autonomous learning and ongoing improvement in AI-systems poses a challenge when effectively fulfilling an individual's request to erase their personal data without disrupting the system's learning process, functionality or performance. This creates a complex scenario where the utility and performance of AI-systems directly conflict with the individual's right to erasure, resulting in AI posing a threat to the realisation of the right to erasure in AI-contexts. Due to the conflict of interest that arises between the necessity of data for AI-innovation and the right to erasure, the regulation of AI-providers becomes increasingly important. This thesis examines the extent to which AI-providers are legally obligated to ensure the right to erasure in accordance with article 17 GDPR. Furthermore, the thesis examines the legal obligations imposed on AI-providers in the GDPR and the additional legal responsibilities that will come with the proposed AI Act, in order to assess whether AI-providers can effectively implement these obligations to ensure the right to erasure. The analysis aims to highlight whether the existing GDPR-framework, alone or together with the AI Act, provides adequate legal measure to ensure the right to erasure in AI-contexts. Additionally, the thesis examines other approaches to ensure the realisation of the right to erasure in AI-contexts to provide a more comprehensive overview of the possible compromises between AI-innovation and the right to be forgotten. Ultimately, the thesis aims to assess whether AI-providers can ensure the realisation of the right to erasure in compliance with article 17 GDPR, given the technical and legal challenges that arise in AI-contexts.