On October 26, 2023, the Confederation of European Data Protection Organizations (CEDPO) published a document concerning the impact of generative artificial intelligence (AI) on data protection. The report provides guidelines on the various aspects related to the use of generative AI models and methods, as well as ways in which both creators and end-users of these tools can ensure compliance with data protection rights. In particular, the paper focuses on:
- risks associated with data sharing;
- the accuracy of personal data;
- implementing privacy by design;
- legal bases for training generative AI systems;
- optimizing organizational structures;
- managing the rights of data subjects in the context of these technologies.
CEDPO also presents recommendations for creators and end-users of new tools to mitigate negative impacts. Among other things, these recommendations include the use of privacy enhancing technologies (PETs), such as employing synthetic data sets for training AI models, strict internal data access controls and audits, and the utilization of Data Protection Impact Assessments (DPIA).