The Ger­man Data Pro­tec­tion Con­fe­rence, the con­fe­rence of inde­pen­dent data pro­tec­tion super­vi­so­ry aut­ho­ri­ties at fede­ral and sta­te level, has published gui­dance on “Arti­fi­ci­al intel­li­gence and data pro­tec­tion” (Ver­si­on 1.0 from May 6, 2024 – The fact that the gui­dance will be adapt­ed in the future is expli­ci­t­ly mentioned).

The ori­en­ta­ti­on gui­de (OH) focu­ses on Gene­ra­ti­ve AI and pri­ma­ri­ly addres­ses the Respon­si­blewho want to use AI appli­ca­ti­ons; other func­tions such as deve­lo­pers, manu­fac­tu­r­ers and pro­vi­ders are only indi­rect­ly affected.

The OH goes through the usu­al data pro­tec­tion requi­re­ments and distin­gu­is­hes bet­ween the con­cep­ti­on of the use and sel­ec­tion of AI appli­ca­ti­ons, their imple­men­ta­ti­on and their use. Howe­ver, the expl­ana­ti­ons over­lap; some of the infor­ma­ti­on for the con­cep­ti­on pha­se, for exam­p­le, also rela­tes to the use pha­se. The fol­lo­wing points should be emphasized:

Con­cept phase

• The OH places the empha­sis here on an exami­na­ti­on of how and for what pur­po­se the model is to be used – the OH is the­r­e­fo­re pri­ma­ri­ly direc­ted against fly­ing blind, per­haps out of curio­si­ty or the hope of vague advan­ta­ges. As far as pos­si­ble, data con­trol­lers should refrain from using per­so­nal data. Howe­ver, becau­se the con­cept of per­so­nal data is broad, data con­trol­lers can­not pre­ma­tu­re­ly hope to fall out­side the scope of data pro­tec­tion law.
• At LLMs the DSK points out that the pro­ce­s­sing of per­so­nal data can also lie in the fact that the model its­elf con­ta­ins per­so­nal data. Howe­ver, it remains unclear to what ext­ent this should fall within the area of respon­si­bi­li­ty of the controller.
• With refe­rence to the Trai­ning the con­trol­ler must ask hims­elf whe­ther errors during trai­ning can have an impact on his own data processing.
• A sepa­ra­te Legal basis (the OH refers to a Paper from the Baden-Würt­tem­berg data pro­tec­tion aut­ho­ri­ty) would be requi­red if per­so­nal data is used for trai­ning pur­po­ses, even if the con­trol­ler uses a third-par­ty system that is fur­ther trai­ned by input;
• Secret regu­la­ti­ons may be applicable;
• Infor­ma­ti­on and trans­pa­ren­cy obli­ga­ti­ons must be obser­ved. Inso­far as an auto­ma­ted indi­vi­du­al decis­i­on is made, the con­trol­ler must, among other things, pro­vi­de infor­ma­ti­on about the “Logic” of the decis­i­on inform. Accor­ding to the OH, this means “explai­ning the method of data pro­ce­s­sing in rela­ti­on to the func­tio­ning of the pro­gram sequence in con­nec­tion with the spe­ci­fic appli­ca­ti­on”. Visua­lizati­ons and inter­ac­ti­ve tech­ni­ques” can help to “break down the com­ple­xi­ty of the logic to an under­stan­da­ble level”;
• Data sub­ject rightsAn AI model must be able to cor­rect incor­rect per­so­nal data, e.g. through retrai­ning or fine tuning. An out­put fil­ter is not suf­fi­ci­ent in its­elf for the right to era­su­re, but they are at least a “con­tri­bu­ti­on”.

Imple­men­ta­ti­on

For the imple­men­ta­ti­on pha­se, the OH sta­tes the fol­lo­wing, among other things:

• The third-par­ty pro­vi­der of the system is usual­ly a pro­ces­sor. A joint respon­si­bi­li­ty can be con­side­red, howe­ver, if
  

  a AI appli­ca­ti­on fed or trai­ned with dif­fe­rent data sets or on the plat­form of one body their AI appli­ca­ti­on from other bodies fur­ther deve­lo­ped into new AI appli­ca­ti­ons beco­mes. It is not neces­sa­ry for the con­trol­ler to actual­ly have access to the pro­ce­s­sed data in order to be clas­si­fi­ed as a joint controller.

• The dis­clo­sure of per­so­nal data bet­ween joint con­trol­lers requi­res a sepa­ra­te legal basis, so this rela­ti­on­ship is not pri­vi­le­ged in this sen­se (which is also evi­dent from the case law of the ECJ).
• At inter­nal ratio, mana­gers should set clear rules on how employees should or may use AI appli­ca­ti­ons. In addi­ti­on, employees should be pro­vi­ded with their own work devices and accounts for this pur­po­se, with non-blocking accounts (e.g. a func­tion­al email address).
• For AI appli­ca­ti­ons, a data pro­tec­tion impact assess­ment (DSFA) is neces­sa­ry. The “black list” of the DSK also sti­pu­la­tes that a DPIA is man­da­to­ry when using AI to “con­trol the inter­ac­tion with the data sub­jects or to eva­lua­te per­so­nal aspects of the data sub­ject” if per­so­nal data is pro­ce­s­sed in the pro­cess (e.g. in the case of a sen­ti­ment ana­ly­sis of a call cen­ter or a chat­bot that “inter­acts with cus­to­mers through con­ver­sa­ti­on” and uses per­so­nal data for the consultation).

Use of AI applications

Among other things, data con­trol­lers should keep the input of per­so­nal data to a mini­mum. If a per­so­nal data is gene­ra­ted by an AI, this should also be a Legal basis is requi­red, i.e. when the user assigns an out­put to a spe­ci­fic per­son. The OH exam­p­le is a sug­ge­sted play­er line-up for a foot­ball coach.

The results of the AI must then be checked for their Cor­rect­ness be checked if they rela­te to indi­vi­du­als, and such results must not be not in a dis­cri­mi­na­to­ry man­ner can be used.