On September 15, 2021, the Personal Data Protection Authority (“Authority”) published “Recommendations on the Protection of Personal Data in the Field of Artificial Intelligence” (“Recommendations”) for developers, manufacturers, service providers and decision-makers operating in this field to be implemented during artificial intelligence implementations. Recommendations can be found here.
The Importance of Personal Data Protection in the Field of Artificial Intelligence
Artificial intelligence is a technological feature created entirely by artificial means and works by using the working system of machines without the use of any living organisms by showing human characteristics and behaviours. These features are most commonly used within the scope of most applications we use on our phones (e.g. navigation, facial recognition systems, health services) and, for example, the creation of algorithms based on information stored by artificial intelligence in these applications. While artificial intelligence offers simple solutions to our lives by taking part in applications as mentioned, it is essentially a deeper and more unpredictable technology than these applications. Especially with the increasing online use and return to electronic systems with the pandemic, most companies have started to integrate artificial intelligence into the technologies they use. However, most companies that fail to provide full security of these systems, and even when they provide those securities, face certain vulnerabilities and the risk of data loss due to their inherently unpredictable nature, that’s why artificial intelligence, which offers simple solutions in people’s lives, carries serious risks in terms of fundamental rights and freedoms.
At the top of these risks is; the processing and storage of personal data per the Personal Data Protection Law No. 6698 (“PDPL”) during artificial intelligence applications. Because big data, which is considered the brain of artificial intelligence and is the main source of machine learning that feeds algorithms, includes a lot of data that is personal data or has the potential to be personal data. As such, the protection of personal data within the scope of artificial intelligence is of great importance. Therefore, it is necessary to pay strict attention to compliance with PDPL and relevant legislation regarding the processing of data in case of using artificial intelligence technology for not to violate fundamental rights and freedoms of the people whose personal data is processed (“data subject”). If we summarize the recommendations given by the Authority:
1) General Recommendations:
2) Recommendations for Developers, Manufacturers, and Service Providers
– Developers are defined as those who develop content and applications for all kinds of products belonging to artificial intelligence systems,
– Manufacturers are defined as those who produce all kinds of products such as software and hardware that composing artificial intelligence systems.
– Service providers are defined as real or legal persons who provide products and/or services using artificial intelligence-based systems, data collection systems, software and devices.
3) Recommendations for Decision Makers
The use of artificial intelligence is becoming more common by the day, and as a result, personal data is to be processed directly or indirectly within the scope of such applications. The protection of personal data is very important in terms of ensuring the fundamental rights and freedoms of individuals. The Recommendations, which are also compatible with the documents related to the protection of personal data within AI implementations internationally published, aim to prevent right violations by aiming to process personal data per data processing principles and PDPL during AI applications that make our lives easier.
Finally, when the European regulations on this issue are examined we have access to information that;
– “Risk-based approach”is adopted and AI activities are categorized by criteria of risk ratings in line with this approach,
– AI activities will be subject to audit in separate ways based on these categories by the European AI Board, which is intended to be
In this context, we believe that it would be useful to establish a special board and make legislative preparations to adopt this approach in Turkey and to control and regulate such a rapidly developing area to prevent right violations.
 Ipek Sucu, “Artificial as the New World of the Digital Universe Intelligence and a Study on Each Film”, New Media Electronic Journal, 2020, Volume:4, Issue:1, p.41
 Gizem Gültekin Várkonyi, “Artificial Intelligence Risk Assessment of Technology in Terms of Personal Data Protection”, Artificial Intelligence and Big Data Technologies Approaches and Applications, Şeref Sarıoglu, Mustafa Umut Demirezen, Ankara: Nobel Academic Publishing Education Consultancy, 2020, p.343
 Muhittin Tataroglu, “Privacy Impact Assessment in The Prevention of Privacy Problems (PIA)”, Journal of Management and Economics, 2012, Volume: 20, Issue:1, p.279