The European Data Protection Supervisor (EDPS) has issued new guidelines on the use of personal data in Generative Artificial Intelligence (AI) systems. This document aims to ensure that EU institutions, bodies, and agencies comply with Regulation (EU) 2018/1725. The guidelines emphasize the importance of the data protection officer's (DPO) participation, data protection impact assessments (DPIAs), and respect for the principles of data minimization and accuracy.
One key point is the active participation of the data protection officer (DPO) from the outset in the development and use of Generative AI systems. This approach aims to ensure compliance with regulations and identify potential risks early on. Additionally, the importance of conducting data protection impact assessments (DPIAs) is stressed to mitigate the risks associated with personal data processing.
The EDPS highlights the need to apply the principle of data minimization, collecting and processing only the information strictly necessary for the specific purposes of the processing. It also emphasizes the importance of verifying the accuracy of the data used in AI systems to avoid inaccurate or biased results.
The guidelines also address the regulation of automated decisions, particularly those that have legal or significant effects on individuals, ensuring human intervention and protection of individuals' rights. Data security is another crucial aspect, and institutions are urged to implement adequate technical and organizational measures to protect personal information and mitigate security risks.
These EDPS guidelines aim to promote transparency, accountability, and respect for fundamental rights in the use of Generative AI. EU institutions must adhere to these recommendations to ensure ethical and compliant use of this emerging technology.