She emphasized that the GDPR was created to protect fundamental rights, reminding us that it's to put people at the center. to serve mankind. and there's this overarching um basic uh assumption that the gdpr applies when you know there's under gdpr to explain this to data subjects and to really make them understand and so maybe more creative uh ways of explaining this should be should can, sometimes we can say they're vague, but actually this vagueness is a feature because they, it allows um, these provisions to be technology neutral The dynamic nature of GDPR obligations: this vagueness allows these provisions to be technology neutral and to apply to any type of processing and to apply dynamically and also it means they're dynamic in in time, meaning if the controller changes its processing of personal data, compliance with the GDPR needs to be reassessed. in December on AI models covering some fundamental questions. um, it was a selection of questions as you know, because uh, we the ADPB EDPB has issued an opinion in December on AI models covering some fundamental questions in reply to the Irish supervisory authority. EDPB is working on further guidance, specifically on web scraping for example. enforcement. we have several one--stop shop cases that have been opened. there's also some uh non non-one--stop shop cases that uh you're probably all aware about, but we can Enforcement actions: one-stop shop cases; non-one-stop shop cases the only piece of legislation applying to ai. we also have the ai act and uh, the way in my view they should be seen is really in a relation of complimentarity. AI Act: more of a product safety approach; GDPR: more of a fundamental rights approach Power differentials within relationships: in GDPR: fairness requirement that is sensitive to vulnerabilities -- but the main focus is the unit of data 1. Carolina Folia Woody Hartzog: when it comes to AI, we have the most intimate relationship that you could possibly imagine with those powerful companies. -- new framework to think about our relationship with AI companies: duty and loyalty... Scale: Informational self-determination in data protection; while in AI data protection lacks the sense of the power and the scale at which major technology companies operate. -- if one instance of violation is bad, then 100 instances is 100 times as bad, but scae doesn't work like that. -- scale could change the nature of the problem, change the number of the solution set that's available