EDPS Issues New Guidelines on Generative AI
The European Data Protection Supervisor (EDPS) published a new guideline on generative AI and has taken a significant step towards ensuring the responsible use of generative Artificial Intelligence (AI) within EU institutions, bodies, offices, and agencies (EUIs). CAIDP Europe applauds the EDPS at aiming to support EUIs navigate the complex landscape of data protection obligations when developing or deploying generative AI tools, in accordance with Regulation (EU) 2018/1725.
A Proactive Approach to Emerging AI Technologies
Wojciech Wiewiórowski, European Data Protection Supervisor, said:
“The guidelines that I have issued today on generative AI are a first step towards more extensive recommendations in response to the evolving landscape of generative AI tools, which my team and I continue to monitor and analyse closely. Our advice published today is drafted with the aim of covering as many possible scenarios involving the use of generative AI, to provide enduring advice to EUIs so that they can protect individuals’ personal information and privacy.”
Core Principles and Practical Application
The guidelines underscore the importance of fundamental data protection principles, offering concrete examples to illustrate how these principles can be applied in practical settings. This approach aims to help EUIs anticipate and manage the risks, challenges, and opportunities presented by generative AI systems.
Key topics addressed in the guidelines include:
Identifying Data Processing: Guidance on determining whether the use of generative AI tools involves processing personal data.
Data Protection Impact Assessments (DPIAs): Recommendations on when and how to conduct DPIAs to evaluate and mitigate potential privacy risks.
Essential Recommendations: Other critical advice to ensure compliance with data protection regulations and the ethical use of AI.
Compliance with Regulation (EU) 2018/1725
The guidelines are issued in the context of the EDPS's role as the independent data protection authority for the EUIs, ensuring adherence to the EU’s data protection laws, particularly Regulation (EU) 2018/1725. This regulation sets out the rules for the protection of personal data by EU institutions and bodies, emphasizing the need for transparency, accountability, and the protection of individuals' rights.
Looking Ahead: The AI Supervisor Role
It's important to note that these guidelines are distinct from the EDPS's responsibilities under the EU’s Artificial Intelligence Act, where the EDPS acts as the AI Supervisor for EUIs. A separate strategy is being developed for this role, which will further delineate the framework for AI oversight and regulation within the EU.
“CAIDP Europe welcomes the EDPS's guidelines on generative AI as this represent a crucial step in aligning the development and use of AI technologies with stringent data protection standards”, CAIDP Europe Executive Director Karine Caunes said. “By providing detailed advice and practical examples, the guidelines can equip EUIs with the tools needed to protect personal data and privacy in an era of rapidly advancing AI capabilities.”
As generative AI continues to evolve, the EDPS's commitment to monitoring and adapting to these changes ensures that the protection of individuals' personal information remains at the forefront of AI innovation.