On 18 December 2024, the European Data Protection Board (“EDPB”) adopted its new opinion on the use of personal data for the development and deployment of AI models: EDPB, Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models (“Opinion on AI Models”). In its Opinion on AI Models the EDPB addressed the following topics: (i) when and how AI models can be considered anonymous; (ii) whether and how legitimate interest can be used as a legal basis for developing or using AI models; and (iii) what happens if an AI model is developed using personal data that was processed unlawfully. 

Key takeaways 

  • The Opinion on AI Models seeks to address the consequences of developing AI models where the training data involved was unlawfully processed personal data, and this will clearly be of concern to not only developers but also users. However, it’s welcome news to see some clearer direction here. 
  • The EDPB seeks to clarify that Supervisory Authorities (“SAs”) have the power to take enforcement action that could include corrective measures, for example, deletion of unlawfully processed data, retraining of the model itself, or even requiring its destruction in severe cases. Arguably that makes SAs one of the most powerful regulators during this new AI revolution, and we wonder whether they are ready to flex these new found muscles? 
  • There is an even bigger role for SAs to assess claims of anonymity and do so rigorously. So, for example, considering whether personal data was anonymised within the model; unsurprisingly this includes examining whether anonymisation risk mitigation is used and whether that’s effective. 
  • Putting AI claims on the back foot and into defensive mode: developers should have evidential robustness to support assertions of anonymity, and users should insist on seeing this. It’s clear to see that SAs will want to lift the veil on technical and organisational measures (“TOMs”) that are in place to implement mitigation steps, for example against re-identification.   
  • What is clear from the EDPB’s positioning, and para. 134 and 135 of the Opinion on AI Models are paramount here, is that there is a ‘yellow brick road’ through the quagmire of GDPR and AI. However, beware bold claims of anonymity as a magic wand, as they will be open to challenge from SAs. Paving the way for developers and users to show how those claims can be substantiated will have a valuable place in this data rich eco-system: “If it can be demonstrated that the subsequent operation of the AI model does not entail the processing of personal data, the EDPB considers that the GDPR would not apply. Hence, the unlawfulness of the initial processing should not, therefore, impact the subsequent operation of the model.”  This further reads… “When the controllers subsequently process personal data collected during the deployment phase, after the model has been anonymised, the GDPR would apply in relation to these processing activities. In these cases, as regards the GDPR, the lawfulness of the processing carried out in the deployment phase should not be impacted by the unlawfulness of the initial processing.”  We’ve always known that two wrongs don’t make a right, but there appears to be route to AI atonement when an earlier wrong is cancelled by a later ‘right’.   Welcome to the new world of AI data privacy compliance by design – and clearly the stakes have never been higher, for developers, users and of course for the SAs!  
  • In this long-awaited Opinion on AI Models, the EDPB seeks to provide more clarity on these issues which are highly relevant for companies and difficult for SAs to handle. Although this opinion may provide some guidance on certain questions, in many cases these will be the subject of highly contentious court proceedings and will ultimately be decided by the European Court of Justice. 

In detail 

Anonymity of AI models:  

  • An AI model is only considered as not containing personal data if both of the following likelihoods are small (“insignificant”): “(i) the likelihood of direct (including probabilistic) extraction of personal data regarding individuals whose personal data were used to train the model; as well as (ii) the likelihood of obtaining, intentionally or not, such personal data from queries” (EDPB, Opinion 28/2024, para. 43). 
  • When assessing the likelihood of identification of data subjects, supervisory authorities must consider “all the means reasonably likely to be used […] either by the controller or by another person to identify the natural person directly or indirectly” (EDPB, Opinion 28/2024, para. 43; cf Recital 26 GDPR). 

Legitimate interests as a legal basis: 

  • For example, (i) developing the service of a conversational agent to assist users; (ii) developing an AI system to detect fraudulent content or behaviour; and (iii) improving threat detection in an information system, may constitute a legitimate interest in the context of the use of AI models (EDPB, Opinion 28/2024, para. 69). 
  • In addition to such examples, the EDPB opinion includes, for the purpose of the well-known three-step test, several criteria to help to determine whether individuals can reasonably expect certain uses of their personal data, and examples of mitigating measures which can limit the negative impact of the processing on individuals if the balancing test reveals such risks (EDPB, Opinion 28/2024, para. 96). 

Consequences of unlawful data processing in the context of AI models: 

  • Whether the lack of a legal basis for the initial processing (development) impacts the lawfulness of the subsequent processing (deployment), should be assessed on a case-by-case basis, depending on the context of the case. The unlawfulness of the processing in the development phase may impact the lawfulness of the subsequent processing (EDPB, Opinion 28/2024, para. 122 et seq), unless the AI model is anonymous, which is to be carefully assessed by supervisory authorities according to the criteria identified above (see in particular EDPB, Opinion 28/2024, para. 134 et seq.). 
  • SAs should take into account whether the controller deploying the model conducted an appropriate assessment, as part of its accountability obligations to demonstrate compliance with the GDPR. The degree of the assessment may vary depending on diverse factors, including the type and degree of risks raised by the processing in the AI model (EDPB, Opinion 28/2024, para. 130). 
  • The EDPB also emphasized “the SAs’ competence to assess the lawfulness of the processing and to exercise their powers granted by the GDPR” (EDPB, Opinion 28/2024, para. 113). In case of an infringement of the GDPR, SAs may impose corrective measures. These may include “issuing a fine, imposing a temporary limitation on the processing, erasing part of the dataset that was processed unlawfully or, where this is not possible, depending on the facts at hand, having regard to the proportionality of the measure, ordering the erasure of the whole dataset used to develop the AI model and/or the AI model itself” (EDPB, Opinion 28/2024, para. 114). 
Author

Dr. Lukas Feiler, SSCP, CIPP/E, has more than eight years of experience in IP/IT and is a partner and head of the IP and IT team at Baker McKenzie • Diwok Hermann Petsche Rechtsanwälte LLP & Co KG in Vienna. He is a lecturer for data protection law at the University of Vienna Law School and for IT compliance at the University of Applied Science Wiener Neustadt.

Author

Mag. Adrian Brandauer is a junior associate of Baker McKenzie's IPTech Team in Vienna.

Author

Magalie Dansac Le Clerc is a partner in Baker McKenzie's Paris office. A member of the Firm's Information Technology and Communications Practice Group, she is a Certified Information Privacy Professional (CIPP).

Author

Vin leads our London Data Privacy practice and is also a member of our Global Privacy & Security Leadership team bringing his vast experience in this specialist area for over 22 years, advising clients from various data-rich sectors including retail, financial services/fin-tech, life sciences, healthcare, proptech and technology platforms.

Author

Elisabeth is a partner in Baker McKenzie's Brussels office. She advises clients in all fields of IT, IP and new technology law, with a special focus on data protection and privacy aspects. She regularly works with companies in the healthcare, finance and transport and logistics sectors.

Author

Prof. Dr. Michael Schmidl is co-head of the German Information Technology Group and is based in Baker McKenzie's Munich office. He is an honorary professor at the University of Augsburg and specialist lawyer for information technology law (Fachanwalt für IT-Recht). He advises in all areas of contentious and non-contentious information technology law, including internet, computer/software, data privacy and media law. Michael also has a general commercial law background and has profound experience in the drafting and negotiation of outsourcing contracts and in carrying out compliance projects.