INFORMATION TECHNOLOGY
European Data Protection Supervisor – EDPS enacts Guidelines for the use of Generative AI in compliance with the data protection rules for public bodies.
The EDPS has published its Guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.
The guidelines on generative AI are a first step towards more extensive recommendations in response to the evolving landscape of generative AI tools, with the aim of covering as many possible scenarios involving the use of generative AI, to provide enduring advice to EUIs so that they can protect individuals’ personal information and privacy.
To ensure their practical application by EUIs, the guidelines emphasise on data protection’s core principles, combined with concrete examples, as an aid to anticipate risks, challenges and opportunities of generative AI systems and tools.
As such, the guidelines focus on a series of important topics, including advice on how EUIs can distinguish whether the use of such tools involves the processing of individuals’ data; when to conduct a data protection impact assessment; and other essential recommendations.
The EDPS issues these guidelines within its role as independent data protection authority of the EUIs, so that they comply with the EU’s data protection law applicable to them, in particular Regulation (EU) 2018/1725. The EDPS has not issued these guidelines within its role as AI Supervisor of the EUIs under the EU’s Artificial Intelligence Act for which a separate strategy is being prepared.
The guidelines on generative AI are a first step towards more extensive recommendations in response to the evolving landscape of generative AI tools, with the aim of covering as many possible scenarios involving the use of generative AI, to provide enduring advice to EUIs so that they can protect individuals’ personal information and privacy.
To ensure their practical application by EUIs, the guidelines emphasise on data protection’s core principles, combined with concrete examples, as an aid to anticipate risks, challenges and opportunities of generative AI systems and tools.
As such, the guidelines focus on a series of important topics, including advice on how EUIs can distinguish whether the use of such tools involves the processing of individuals’ data; when to conduct a data protection impact assessment; and other essential recommendations.
The EDPS issues these guidelines within its role as independent data protection authority of the EUIs, so that they comply with the EU’s data protection law applicable to them, in particular Regulation (EU) 2018/1725. The EDPS has not issued these guidelines within its role as AI Supervisor of the EUIs under the EU’s Artificial Intelligence Act for which a separate strategy is being prepared.
