Artificial intelligence (AI) may not inherently jeopardize fundamental rights, but the absence of timely regulatory frameworks could transform it into a systemic risk. Muhammad Gjokaj, from the Agency for Personal Data Protection and Free Access to Information (AZLP), underscored the necessity of complying with the European Union’s General Data Protection Regulation (GDPR) and adapting to the evolving landscape introduced by the forthcoming AI Act. He emphasized that active participation in regional and European initiatives is crucial to safeguard citizens’ rights and maintain trust in the digital environment.
Gjokaj, who previously served as president of the Agency’s Council and is among the candidates for judge of the Constitutional Court, noted that the GDPR is the EU’s cornerstone in personal data protection. Its introduction represented a significant shift in how personal data is processed and secured. However, he argued that the rapid evolution of AI technologies, particularly those leveraging machine learning and generative models, raises pertinent questions about the GDPR’s effectiveness in addressing contemporary challenges.
While the GDPR provides a strong regulatory foundation, Gjokaj pointed out that it was not designed to tackle the complexities and rapid changes associated with modern AI systems. “The GDPR was conceived amid relatively predictable data processing environments, where the purposes, legal bases, and methods of data processing were clearly delineated,” he stated. In contrast, contemporary AI systems operate through continuous learning and the handling of vast, diverse datasets, often rendering their processes opaque even to their developers.
This divergence results in a significant gap between the existing legal framework and the realities of modern technology, particularly concerning automated decision-making systems. According to Gjokaj, even though the GDPR protects individuals from decisions solely based on automated processes that carry legal or similarly impactful consequences, this protection does not encompass a wide array of modern AI applications. These can profoundly affect individuals’ rights and social standing by intruding on their privacy through various data processing methods, including personality profiling.
He elaborated that practices like algorithmic profiling, ranking, and predictive analytics are increasingly influencing public life in sectors such as employment, education, and finance, thus blurring the lines between formal and informal consequences of decisions. “This ambiguity complicates the legal landscape,” Gjokaj noted.
One pressing concern is the utilization of personal data for training AI systems. The GDPR is built on principles of lawfulness, purpose limitation, data minimization, and retention time limitation, whereas modern AI demands substantial data and often employs multiple processing purposes, requiring long-term data usage embedded in the models. Gjokaj highlighted that synthetic data, which is generated algorithmically from real datasets, is increasingly commonplace. Although marketed as a safer alternative, such data can closely resemble real personal information, raising risks of indirect identification and violation of individual rights.
He underscored that traditional concepts of anonymization and pseudonymization are becoming inadequate in this era of advanced AI capabilities. Montenegro’s lack of a new law on personal data protection, which fully aligns with the GDPR, further complicates the nation’s ability to address these modern challenges effectively.
Gjokaj emphasized that harmonization of national legislation is essential, not only for adopting GDPR standards but for enhancing them in line with the latest technological advancements. He cited the cross-border nature of data processing as an additional layer of complexity in the data protection landscape. For instance, he referred to instances where personal data from Facebook users in the Western Balkans are utilized for training AI systems, highlighting the need for a regional approach to data protection.
To address these challenges, the AZLP has initiated a collaborative effort with data protection agencies in Bosnia and Herzegovina, Serbia, and North Macedonia to form a working group. “The goal of this regional initiative is to bolster institutional cooperation and protect the rights of citizens whose personal data are increasingly processed within the context of AI development,” Gjokaj explained.
He also pointed out that the EU recognizes the limitations of existing regulatory frameworks and, by introducing the AI Act, has begun a process of normative enhancement aimed at establishing a balance between technological progress and the safeguarding of fundamental rights. The AI Act, Gjokaj clarified, does not replace the GDPR but supplements it, incorporating a risk-based approach with stringent obligations for high-risk AI systems and prohibiting unacceptable practices.
For Montenegro, he stressed the urgency of adopting a new law on personal data protection that complies with the GDPR, enhancing the capabilities of supervisory authorities, and ensuring comprehensive data protection impact assessments for AI systems. Strengthening regional and international cooperation in data protection is also vital. “As a member of the working group drafting the Law on the Protection of Personal Data in alignment with the GDPR, I believe it is crucial to expedite the adoption of these laws,” Gjokaj stated.
He concluded that integrating specific regulatory elements related to AI is essential to adapt the national legal framework to contemporary technological realities and EU regulatory trends. “The future of personal data protection in Montenegro and the broader European context will depend on our legal system’s capacity to evolve alongside technology,” he affirmed.
See also
Cadence Design Systems Powers AI Hardware Boom with Advanced EDA Tools for 3nm Designs
AI Dominates CES 2026 as Tech Giants Invest $500B Amid Bubble Concerns
BTech AI vs. Machine Learning: Key Differences Impacting Your Tech Career Choices
AMD Launches Ryzen AI 400 Series Processors with 60 TOPS and Zen 5 Architecture
Backblaze Appoints Dan Spraggins as SVP of Engineering to Drive AI Cloud Innovations
