CNIL publishes guidance on artificial intelligence

Nana Botchorichvili of IDEA Avocats provides an analysis of the main takeaways.

The increasing development of Artificial Intelligence (AI) based tools in recent years, offering innovative applications across various sectors, has raised new questions from the data protection perspective and triggered compliance challenges for ­organizations.

Following other DPAs and international organizations(1), France’s DPA (CNIL) has recently issued guidance for organizations regarding the implementation of AI systems’ compliance with the GDPR(2). The guidance comes as part of a set of dedicated resources not only for controllers and processors but also the general public as well as AI researchers or data scientists(3). The CNIL indicates that these resources are published as part of the European Union’s strategy to boost excellence and trust in AI notably with the introduction of harmonized rules through the draft AI Regulation(4). Beyond raising awareness of the general public on privacy related issues with the use of AI, the CNIL’s initiative aims to assist those involved in the development, operation, and use of such systems in implementing them in a data protection compliant manner. This article focuses on the guidance aimed at controllers and processors by highlighting the main takeaways that may be of particular interest for organizations using AI systems, and identifying the relevant data protection compliance actions to be taken when implementing AI ­projects.

Continue reading

International Report subscribers: please login to access the full article.

If you wish to subscribe, please see our subscription information.

Subscribe