GDPR and AI: What the Intersection Actually Means for You
As organisations use AI to process personal data at scale, GDPR creates obligations that many teams are unprepared for. The six most important GDPR considerations when building AI products — explained without legal jargon.
0:0035 min
Sign in to listen — or subscribe free to download episodes
Topics Covered
GDPRAI regulationdata protectionEU law
Transcript Excerpt
Sofia: GDPR has been around since 2018, but AI is creating new questions it wasn't designed for. What are the most pressing ones right now? Sofia: The most pressing is what happens when AI makes decisions about people. GDPR Article 22 gives individuals the right not to be subject to solely automated decisions that significantly affect them — hiring, credit, insurance. But what counts as "solely automated"? If a human rubber-stamps an AI decision, is that sufficient human oversight? The courts and regulators are still working this out, and different EU countries are interpreting it differently. Sofia: What about training data? Is it GDPR-compliant to train an AI on publicly available data that includes personal information? Sofia: This is the question that's keeping AI lawyers employed. The short answer is: it's complicated and jurisdiction-dependent. The Italian data protection authority blocked ChatGPT on exactly this basis in 2023. The working assumption in most of the EU now is that you need a lawful basis for processing personal data in training — legitimate interest is commonly used, but it's not a blank cheque. If you're scraping personal data from the web to train a model, you should be talking to a lawyer. Sofia: For a small startup, what's the practical minimum GDPR compliance posture for an AI product? Sofia: Privacy by design, a data processing record, and honest privacy notices. That gets you 80% of the way there. The remaining 20% depends on your specific use case.
Full transcript available to subscribers. Sign up free
🎙️
Part of
AI Decoded
AI explained for humans
42 episodes · Weekly
Subscribe to AI Decoded
Get every new episode automatically. Free on all podcast apps.
Related Topics
GDPR AIAI regulation Europedata protection AIArticle 22 GDPRautomated decisions