French Data Protection Authority published AI Action plan for development of AI systems, which are compliance with GDPR: How Member States and companies are affected?

On May 16th, CNIL (the French Data Protection Authority) launched an AI Action plan aimed at establishing guidance and clear rules in order to ensure that AI systems, particularly generative AI (i.e. ChatGPT, Dall-E-) does not become a threat to data protection while it keeps being developed at giant strides.

As a result of that, this Action plan provides guidance to achieve four goals, which are:

1. Understanding the functioning of AI systems and their impacts on people, such as the fairness and transparency of the data processing and the protection of publicly available data on the web. This raises questions regarding the output generated by AI, since it is based on an immense storage of data and consequently, provoking legal queries.

2. Allowing and guiding the development of AI that respects personal data, which will be seen in the soon coming submission of a consultation guide on the rules applicable to the sharing and re-use of data, which will be accompanied with several publications starting in the summer of 2023, to suggest specific recommendations.

3. Support innovative players in the AI ecosystem in France and Europe, which can be seen in first place, by launching sandboxes. This year’s upcoming sandbox will be on the use of AI in the public sector and so provide, tailored advise to participants and providing effective assistance in GDPR compliance to innovative companies in the field of AI.

In that sense, CNIL is open to dialogue with different European companies that are developing or considering developing AI systems aimed at complying with the GDPR.

4. Audit and control AI systems and protect people so AI used for enhanced video surveillance or as a tool for fighting against fraud -as individual rights and freedoms come into play- will be subject to an ex-ante and ex-post audit.

In conclusion, CNIL wants to set clear rules aimed at the development of a privacy-friendly AI to ensure data protection at its highest level among European citizens and on the other hand will make it possible to prepare for the entry into application of the draft European AI Act, while at the same time companies will be supported with additional advice.

If you would like to read more, please click here: