The EDPS has published today its guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.
Wojciech Wiewiórowski, EDPS, said: “The guidelines that I have issued today on generative AI are a first step towards more extensive recommendations in response to the evolving landscape of generative AI tools, which my team and I continue to monitor and analyse closely. Our advice published today is drafted with the aim of covering as many possible scenarios involving the use of generative AI, to provide enduring advice to EUIs so that they can protect individuals’ personal information and privacy.”
To ensure their practical application by EUIs, the guidelines emphasise on data protection’s core principles, combined with concrete examples, as an aid to anticipate risks, challenges and opportunities of generative AI systems and tools.
As such, the guidelines focus on a series of important topics, including advice on how EUIs can distinguish whether the use of such tools involves the processing of individuals’ data; when to conduct a data protection impact assessment; and other essential recommendations.
The EDPS issues these guidelines within its role as independent data protection authority of the EUIs, so that they comply with the EU’s data protection law applicable to them, in particular Regulation (EU) 2018/1725. The EDPS has not issued these guidelines within its role as AI Supervisor of the EUIs under the EU’s Artificial Intelligence Act for which a separate strategy is being prepared.
The European Data Protection Supervisor (EDPS) is the independent supervisory authority for the protection of personal data and privacy and promoting good practice in the EU institutions and bodies.
The EDPS’ tasks include:
• monitoring the EU administration’s processing of personal data;
• monitoring and advising technological developments on policies and legislation that affect
privacy and personal data protection;
• carrying out investigations, including in the form of data protection audits/inspections;
• cooperating with other supervisory authorities to ensure consistency in the protection of
personal
EDPS – The EU’s Independent Data Protection Authority
Questions can be directed to press@edps.europa.eu