EDPS Issues New Guidelines on Generative AI for EU Institutions

The European Data Protection Supervisor (EDPS) has issued new guidelines on generative Artificial Intelligence (AI) to assist EU institutions, bodies, offices, and agencies (EUIs) in complying with data protection obligations under Regulation (EU) 2018/1725. These guidelines aim to help EUIs navigate the complexities of using or developing generative AI tools while safeguarding personal data and privacy.

Wojciech Wiewiórowski, the EDPS, emphasized the guidelines as a preliminary measure leading to more comprehensive recommendations. His team is closely monitoring the evolving landscape of generative AI tools. The guidelines provide practical advice, covering various scenarios to ensure EUIs can protect individuals’ personal information and privacy effectively.

The guidelines highlight core data protection principles and include concrete examples to help EUIs anticipate risks, challenges, and opportunities associated with generative AI systems. Key topics include determining whether the use of AI tools involves processing personal data, conducting data protection impact assessments, and other essential recommendations.

Issued in the EDPS’s capacity as the independent data protection authority for EUIs, these guidelines aim to ensure compliance with the EU’s data protection laws, particularly Regulation (EU) 2018/1725. A separate strategy is being prepared for the EDPS’s role as AI Supervisor under the EU’s Artificial Intelligence Act.

EDPS Guidelines on generative AI: embracing opportunities, protecting people