The European Data Protection Supervisor (EDPS) has recently released guidelines aimed at guiding EU institutions, bodies, offices, and agencies (EUIs) in the use of generative Artificial Intelligence (AI). These guidelines are designed to help EUIs comply with data protection obligations, particularly Regulation (EU) 2018/1725, when developing or utilizing generative AI tools.
Through these guidelines, the EDPS has also defined Generative AI, saying that Generative AI refers to “AI systems that can create new content, such as text, images, or videos, that is often indistinguishable from human-generated content. These systems work by learning patterns from vast amounts of data and using this knowledge to generate new content.”
The guidelines came following the implication of Data Privacy due to the increased use of Artificial Intelligence, especially Generative AI. The EDPS makes a specific mention Generative AI can potentially infringe on individuals’ rights by processing personal data without consent or awareness.
EDPS Guidelines on Generative AI
To address these concerns, the EDPS has published guidelines for EU institutions, bodies, offices, and agencies (EUIs) on the use of generative AI. These guidelines aim to help EUIs comply with data protection obligations while using or developing generative AI tools.
- Identifying Personal Data Processing: EUIs must be aware that the use of generative AI may involve the processing of personal data, even if this is not immediately apparent. It is important to conduct thorough assessments to identify and mitigate any risks.
- Transparency and Accountability: EUIs should ensure that their use of generative AI is transparent and accountable. This includes being transparent about the sources of training data and addressing any biases in algorithms.
- Regular Monitoring and Controls: EUIs should implement regular monitoring and controls to verify that personal data is not being processed unintentionally. This is particularly important when the AI model is not explicitly designed for processing personal data.
The guidelines issued by the EDPS underscore the importance of using generative AI in a responsible and ethical manner, particularly when it comes to protecting individuals’ personal data and privacy. By following these guidelines, EUIs can harness the potential of generative AI while ensuring compliance with data protection laws.
Guidelines | European Data Protection Supervisor (europa.eu)