The GDPR promised to bring effective enforcement of data protection law, but 5 years after its entry into force it can be established that it did not fully deliver. Questions have arisen on diverse issues such as the ability of national authorities to get a grip on large multinational firms (forum shopping), the effectiveness of cooperation mechanisms between national authorities, and the ability to enforce a largely principle based regulation. The AI-act and GDPRs enforcement mechanism have several similarities, such as national supervisory authorities, a European Artificial Intelligence Board (similar to the EDPB) and corrective measures such as high turnover based fines and bans on processing. Against this background this panel asks which lessons should be learned for effective enforcement of the AI-act?
