This Regulation should provide the legal basis for the providers and prospective providers in the AI regulatory sandbox to use personal data collected for other purposes for developing certain AI systems in the public interest within the AI regulatory sandbox, only under specified conditions, in accordance with Article 6(4) and Article 9(2), point (g), of Regulation (EU) 2016/679, and Articles 5, 6 and 10 of Regulation (EU) 2018/1725, and without prejudice to Article 4(2) and Article 10 of Directive (EU) 2016/680. All other obligations of data controllers and rights of data subjects under Regulations (EU) 2016/679 and (EU) 2018/1725 and Directive (EU) 2016/680 remain applicable. In particular, this Regulation should not provide a legal basis in the meaning of Article 22(2), point (b) of Regulation (EU) 2016/679 and Article 24(2), point (b) of Regulation (EU) 2018/1725. Providers and prospective providers in the AI regulatory sandbox should ensure appropriate safeguards and cooperate with the competent authorities, including by following their guidance and acting expeditiously and in good faith to adequately mitigate any identified significant risks to safety, health, and fundamental rights that may arise during the development, testing and experimentation in that sandbox.
AI Act Recital EN
Recital 140
Related across sources
Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance ARTICLE 29 DATA PROTECTION WORKING PARTY Guidance Guidelines 10/2020 on restrictions under Article 23 GDPR Case Law Privacy International v Secretary of State Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679