EU law Archives

CNIL publishes Q&A on the Use of Generative AI Systems

AI, CNIL, EU law, GenAI | July 29, 2024

On 18 July 2024, CNIL issued a Q&A document addressing the use of generative AI systems. The FAQ outlines the benefits, limitations, and compliance measures for deploying these systems, emphasizing GDPR adherence. Generative AI systems generate diverse content but pose risks such as inaccuracies and potential biases. CNIL highlights the need for proper system selection, deployment methods, risk analysis, and end-user training. The Q&A also provides guidance on compliance with the upcoming EU AI Act, which mandates transparency and accountability in AI system usage.

CNIL publishes Q&A on the Use of Generative AI Systems Read More »

Irish DPC Highlights GDPR Challenges with AI and Data Protection

AI, DPC, EU law | July 29, 2024

On 18 July 2024, the Irish Data Protection Commission (DPC) highlighted important data protection issues with the growing use of Generative AI (Gen-AI) and Large Language Models (LLMs). These AI systems, which often process personal data during training and usage, raise concerns about data accuracy, retention, and potential biases. The DPC advises organizations using AI to ensure GDPR compliance by conducting risk assessments, understanding data flow, and safeguarding data subject rights. AI product designers must also consider GDPR obligations, transparency, and security to prevent misuse and protect personal data throughout the AI lifecycle.

Irish DPC Highlights GDPR Challenges with AI and Data Protection Read More »

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs

AI, EU law, GDPR | July 29, 2024

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a discussion paper on the application of GDPR to Large Language Models (LLMs). It asserts that LLMs do not store personal data and thus do not constitute data processing under GDPR Article 4(2). However, any personal data processed within LLM-supported AI systems must comply with GDPR, particularly regarding output. The paper stresses that training LLMs with personal data must adhere to data protection laws, though violations during training do not impact the model’s lawful use in AI systems.

Hamburg DPA Launches GDPR Discussion Paper on Personal Data in LLMs Read More »

CNIL Issues Guidance on Interplay between the AI Act and GDPR

AI, CNIL, EU law | July 29, 2024

The CNIL has released a FAQ on the interplay between the newly enacted European AI Act and the GDPR. The AI Act, effective from 1 August 2024, complements, but does not replace, the GDPR, which continues to govern personal data processing.

CNIL Issues Guidance on Interplay between the AI Act and GDPR Read More »

EDPB issued a statement on the role of data protection authorities (DPAs) in enforcing the AI Act

AI, EDPB, EU law | July 29, 2024

The European Data Protection Board (EDPB) has adopted a statement emphasizing the need for Data Protection Authorities (DPAs) to act as Market Surveillance Authorities (MSAs) under the EU AI Act. DPAs, with their expertise in AI’s impact on fundamental rights, are well-suited for supervising AI systems, particularly high-risk ones related to law enforcement and democratic processes.

EDPB issued a statement on the role of data protection authorities (DPAs) in enforcing the AI Act Read More »