Market Snapshot: Leading Digitalization and Innovation and Applying the GDPR – Mission (Im)possible?

Market Snapshot: Leading Digitalization and Innovation and Applying the GDPR – Mission (Im)possible?

Issue 9.10
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

According to the United Nations eGovernment Development Survey 2022, Serbia’s eGovernment Development Index was evaluated as “very high,” moving forward 18 places. Following the Strategy for the Development of Artificial Intelligence, Serbia set the use of AI in the healthcare sector as a priority and started supporting projects for cooperation between public bodies and commerce to share and use data. Digitalization prevents corruption but, on the other hand, cannot meet the expectations of citizens if data protection principles are not implemented in real time.

To achieve the planned objectives, in 2020, the government announced the opening of a Data Centre in Kragujevac – to promote the quality of e-services to citizens, development of AI, and data storage. And, in 2022, the Centre for the Fourth Industrial Revolution opened its doors. The main expectation is for the center to serve as a platform for exchanging ideas between scientists and researchers, government, industry, and civil society, to define the conditions for cooperation in biotechnology and the use of AI in healthcare. The practical benefits for citizens would be the efficient exchange of health data between healthcare practitioners, enabling faster diagnostics, increasing the potential for research, a smarter choice of treatment through a personalized approach, the use of AI in the fast and smart diagnosis of rare diseases, using new technologies in the pharmaceutical industry, the application of cell and gene therapy, and the development of fast-growing high-tech companies in the healthcare sector. The center should facilitate the exchange of data between data holders, research, and the commercial sector by applying the best anonymization techniques. 

To this end, the BIO-4 Campus project started to be built – to occupy almost 20 hectares of land, focusing on four key topics: biomedicine, biotechnology, bioinformatics, and biodiversity. This ecosystem for innovation is to consist of eight scientific institutes, two faculties from Belgrade University, an accredited animal facility, an R&D center for pharmaceutical, biotech, and life science companies, a science technology park, and a convention and multimedia museum.

To achieve these ambitious goals, the Serbian Government would have to put much effort into facilitating the flow of ideas between scientists, digitalization and technology leaders, and AI and data protection experts. Efficient planning and implementation of these goals is only possible through a clear legal framework resulting in the formation of institutions composed of reputable experts who can understand the needs of all stakeholders, resulting in sustainable economic growth, while, on the other hand, respecting ethics and human rights. And to facilitate that flow of ideas, on November 10, 2022, our firm will host its Third International Data Protection Conference. 

It is very important for key players implementing these projects to understand that regulations having in their titles the word “protection” are not to be drafted to hamper technological development but to establish a balance between economic growth and the free movement and legitimate processing of personal data, while, at the same time, respecting the essence of human dignity – including the privacy of citizens. 

Technological developments should be based on accountability – a principle that delivers a corporate digital responsibility fit for the 21st century and modern data-driven economies. According to a 2019 Center for Information Policy Leadership report, accountability requires organizations to implement comprehensive privacy programs, governing all aspects of collecting and using personal information, and to be able to verify and demonstrate the existence and effectiveness of such programs internally (to their Boards and senior-level management) and externally, on request (to privacy enforcement authorities, individuals, and business partners).

To this end, the main stakeholders should consider whether they: (a) use legitimate grounds for sharing personal data. This is particularly important in the health sector where special categories of personal data are processed – and will gain more significance as the difference between personal data processing consent and “medical” consent is made; (b) use secure IT and cloud platforms and assess whether processing of personal data might result in high risks for rights and freedoms – to determine this, they must carry out a Data Protection Impact Assessment, to identify privacy risks and define adequate measures to mitigate risks to an acceptable level; (c) apply the best anonymization practices for data sharing for research purposes and assess the role of data intermediaries; and (d) use algorithms that could be verified – to what extent AI algorithms meet requirements of accountability, transparency of development and usage processes (traceability), and transparency of AI decisions. 

By Ivan Milosevic, Partner, JPM Jankovic Popovic Mitic

This article was originally published in Issue 9.10 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here