Guidelines on GDPR and the use of generative AI

New Privacy Guidelines on Generative AI from European Data Protection Authorities

In recent weeks, several European data protection authorities have published new guidance outlining key data protection considerations for the use of generative AI. These guidelines address compliance challenges related to both the training of AI models and their deployment in various applications.

Two significant updates include:

  • IMY (Swedish Data Protection Authority): Released on 5 February 2025, IMY’s guidelines (available only in Swedish) offer insights into how organizations should approach privacy risks associated with generative AI. The document can be accessed here.
  • CNIL (French Data Protection Authority): Published on 7 February 2025, CNIL’s guidance provides recommendations on ensuring GDPR compliance when processing personal data in AI systems. The full document can be accessed here.

These publications reflect the increasing regulatory focus on AI governance and underscore the need for businesses to integrate data protection by design and robust risk assessments when developing and using AI models.

See All News Here

Related News

Swedish Supreme Court Adds Nuance to Previous Ruling on Bulk Requests for Court Judgments and Decisions

NIS2 and the Swedish Regulation Jungle

EU Commission Proposes Tech Sovereignty Package with New Rules for Chips, Cloud Services and AI infrastructure