New Privacy Guidelines on Generative AI from European Data Protection Authorities
In recent weeks, several European data protection authorities have published new guidance outlining key data protection considerations for the use of generative AI. These guidelines address compliance challenges related to both the training of AI models and their deployment in various applications.
Two significant updates include:
- IMY (Swedish Data Protection Authority): Released on 5 February 2025, IMY’s guidelines (available only in Swedish) offer insights into how organizations should approach privacy risks associated with generative AI. The document can be accessed here.
- CNIL (French Data Protection Authority): Published on 7 February 2025, CNIL’s guidance provides recommendations on ensuring GDPR compliance when processing personal data in AI systems. The full document can be accessed here.
These publications reflect the increasing regulatory focus on AI governance and underscore the need for businesses to integrate data protection by design and robust risk assessments when developing and using AI models.