Artificial intelligence ('AI') has been identified by the EU as one of the most relevant technologies of the 21^st century, and a key strategic component for the EU's digital transformation. On its part, machine learning ('ML'), a sub-discipline of AI, relies largely on accurate and representative data sets.

With the aim to clear up common misconceptions surrounding ML systems (with special emphasis on the protection of personal data), the Spanish data protection agency ('AEPD') and the European Data Protection Supervisor ('EDPS') have convened again to prepare a joint paper with technology as the guiding thread, this time titled '10 misunderstandings about machine learning' ('the joint ML paper')¹. This document follows on from the AEPD-EDPS joint paper on '10 misunderstandings related to anonymisation'².

Bárbara Sainz de Vicuña, Isabela Crespo Vitorique, and Mercedes Ferrer Bernal, from GÓMEZ-ACEBO & POMBO ABOGADOS, S. L. P., provide an overview of the joint ML paper and how AI and ML interplay with data protection.

On 10 February 2022, the Spanish data protection authority ('AEPD') approved the Code of Conduct on the Processing of Personal Data for the Purposes of Clinical Trials, other Clinical Investigations and Pharmacovigilance ('the Code'), making it the first sectoral code of conduct to be approved following the entry into force of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR’). The Code was approved under Article 40 of the GDPR and Article 38 of the Organic Law 3/2018, of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights ('LOPDGDD'). Bárbara Sainz de Vicuña, Isabela Crespo Vitorique, and Mercedes Ferrer Bernal, from GÓMEZ-ACEBO & POMBO ABOGADOS, S. L. P., discuss the Code and its requirements.