Ready for the new Google Consent Mode v2? Learn more »
AllGeneralLegalNewsVideos
News

Can AI be GDPR compliant? What to look out for

string(44) "https://www.consentmanager.net/en/knowledge/"
A robotic hand reaching for a human hand

In early February, Italian data protection authority Garante asked AI chatbot Replica to stop processing citizens’ personal data. The purpose of the AI ​​software was to be a virtual “AI friend” for social interactions that did not require age verification. The DPA found that the AI ​​bot had processed children’s personal data without their consent.

As AI technologies advance, especially after the launch of ChatGPT and Google Bard, more similar cases might appear.

And before you unknowingly find yourself in such a situation, it would make a lot of sense to learn about the AI-related provisions of the GDPR :

Personal data:

AI systems are designed to collect large amounts of data, including personal data, which is then analyzed and processed. According to the GDPR, certain requirements must be met for this. The focus is on transparency, legality and security in the processing of personal data. AI systems must therefore be developed with these data protection requirements in mind. Users must be informed about what data is collected and how it is used. And they must be able to rely on AI systems to ensure the confidentiality, integrity and availability of their personal data.

profiling

According to the GDPR, individuals have the right not to have their data used for “profiling”. Profiling is an automated process designed to predict an individual’s behaviour, preferences or interests based on data collected from them. Therefore, AI systems should be designed in such a way that the user is clearly informed about how the profiling is used.

consent

Similar to the processing of personal data, the consent aspect of the GDPR requires that the user give their express, conscious and voluntary consent to the processing of their personal data. Therefore, AI systems must be designed in such a way that they collect such consent and provide users with comprehensive information about the data collected, the disclosure of the data to third parties and the possibility to withdraw consent at any time.

Conclusion:

AI developers must ensure that their systems are developed with privacy in mind and that users are fully informed about the processing of their personal data. GDPR compliance is critical to instilling trust in AI systems and ensuring they are used in a way that respects citizens’ rights to privacy and data protection.

More articles

News

German Consent Management Ordinance & Importance of CMPs

The German government has proposed a new Consent Management Ordinance (“Einwilligungsverwaltungsverordnung”, “EinwV”) to establish a framework for authorized consent management services that allow users to share their preferences across different websites. In this article we will take a look on what the ordinance is and how it may affect websites. The new Consent Management Ordinance […]
Continue Reading
General

Tool Spotlight: Compliance Monitor 

Managing multiple websites or apps can be challenging – especially when it comes to complying with constantly changing regulations such as GDPR and ePrivacy.  Are you certain that your cookie banner works correctly in different regions? Are cookies being set in accordance with data protection regulations (e.g. only after user consent)? Do you need deeper insights into website performance issues […]
Continue Reading
Book a call
Test it now