ARTICLE
1 August 2024

Generative AI And The EUDPR - First EDPS Orientations Issued For

R
Rouse

Contributor

Rouse logo
Rouse is an IP services business focused on emerging markets. We operate as a closely integrated network to provide the full range of intellectual property services, from patent and trade mark protection and management to commercialisation, global enforcement and anti-counterfeiting.
Explore
The EU's independent data protection authority, The European Data Protection Supervisor (EDPS), published "Orientations" the 3 June 2024.
Worldwide Technology
Photo of My Mattsson
Photo of Frida Holmér (née Siverall)
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

In a nutshell

The EU's independent data protection authority, The European Data Protection Supervisor (EDPS), published "Orientations" the 3 June 2024. They aim to ensure data protection compliance when using Generative AI systems

The background

The intent of the Orientations is to provide practical advice and instructions to EU institutions, bodies, offices and agencies (EUIs) on the processing of personal data when using generative AI systems and to facilitate compliance with their data protection obligations as set out in GDPR.

The orientations were drafted to cover as many scenarios and applications as possible and start with a definition of generative AI and walk through questions such as how to know if the use of a generative AI system involves personal data processing to when the processing of data during the design, development and validation of generative AI systems is lawful.

The takeaways

  • If the use of generative AI systems involves the processing of personal data, the GDPR Regulation applies in full. The Regulation is technologically neutral, and applies to all personal data processing activities, regardless of the technologies used and without prejudice to other legal frameworks, in particular the AI Act.
  • The principle of accountability requires responsibilities to be clearly identified and respected amongst the various actors involved in the generative AI model supply chain.
  • When a developer or a provider of a generative AI system claims that their system does not process personal data (for reasons such as the alleged use of anonymised datasets or synthetic data during its design, development and testing), it is crucial to ask about the specific controls that have been put in place to guarantee this. Essentially, you may want to know what steps or procedures the provider uses to ensure that personal data is not being processed by the model.

Read more: https://www.edps.europa.eu/system/files/2024-06/24-06-03_genai_orientations_en.pdf

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of My Mattsson
My Mattsson
Photo of Frida Holmér (née Siverall)
Frida Holmér (née Siverall)
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More