Data is typically added to an AI to explain a problem, situation, or request (“input data”). Some AI providers, particularly those that provide natural language or large language models, refer to “prompts” as a subset of input data that describes the instructions that have been provided to the AI model (i.e., “please summarize the following ten documents”) as opposed to other types of input data that the user intends the AI will leverage (i.e., the ten documents that the AI is being asked to summarize). Companies that include personal information in prompts or input data may either be acting as a controller or a processor depending on the degree of discretion they exercise in selecting an AI, deciding how the AI will function, the type of personal information that will be included in a prompt, the type of personal information that will be accessible to the AI as input data, and the conditions by which the AI will be allowed to retain or share the personal information provided to it.
If a company is considered a controller, it must satisfy the following requirements under the GDPR with respect to data that is processed using an AI:
GDPR Requirement | GDPR Citation | Impact on Controller’s Use of Prompts and Input Data |
Lawful basis of processing | Art. 6 | Controllers are required to identify one of six lawful purposes of processing.[1] While there is little judicial or supervisory authority guidance regarding the lawful purposes that might be utilized for processing data using AI, the most likely lawful purposes are: (1) the consent of the individuals whose personal information will be processed, or (2) the legitimate interest of the controller. |
Record of processing activities | Art. 30(1) | Controllers are required to record within their records of processing activities, among other things, the type of personal information processed using an AI, the individuals about whom the personal information is related, the purpose for which the data was utilized, and any restrictions imposed upon the AI’s use or retention of such data. |
Data minimization | Art. 5(1)(c), (e) | Controllers are required to minimize the extent to which personal information is utilized, and the duration in which it is kept in identifiable form. In the context of using an AI to process personal information, the controller should consider how to minimize the type and amount of data provided to the AI, as well as the length of time to which the AI will have access to such data after its processing has been completed. |
Privacy notice | Art. 12 – 14 | Controllers are required to provide individuals with information relating to how personal information is processed.[2] If a controller is processing publicly sourced data (e.g., data scraped from the internet) some supervisory authorities have suggested that it may be appropriate for controllers to inform the public via mass media (e.g., radio, television, newspapers) about the scraping and how they can find the company’s privacy notice.[3] |
Access rights | Art. 15 | Controllers are required to permit individuals to access any personal information held about them. In the context of AI processing, a controller should be prepared to respond to an individual’s request for access to the personal information about them that may have been processed by an AI (e.g., included in a prompt or as input data) or may be retained within a data set accessible to an AI (i.e., for further training and fine tuning). |
Correction rights | Art. 16 | Controllers are required to permit individuals to request that inaccurate information be corrected. In the context of using an AI to process personal information, some supervisory authorities have taken the position that companies which use publicly sourced data (e.g., data scraped from the internet) should create an online tool “by which to request and obtain rectification of any personal data relating to them” both in the context of data used to train an AI and any data created by the AI. [4] The requirement to correct data may implicate any record of prompts that contained potentially inaccurate personal information. |
Erasure rights | Art. 17 | Controllers are required to permit individuals to request that personal information about them be deleted if processing is no longer necessary in relation to the purposes for which it was collected. In the context of using an AI to process personal information, if a controller receives a deletion request it should consider whether personal information from the requester can be deleted from any information that is being retained within the AI.[5] The requirement to erase data may implicate any logs of prompts. |
Right to withdraw consent / object | Art. 7(3), 21 | If a controller has based their use of an AI on the consent of individuals, the GDPR requires that they provide individuals the ability to withdraw consent. Similarly, if a controller has based their use of an AI on the controller’s legitimate interest, the GDPR requires that the controller provide an ability for users to object to the continued use of their data.[6] The right to withdraw likely does not have an impact upon personal information historically utilized in a prompt, to the extent that such information does not continue to be used. |
Data protection impact assessments | Art. 35 | The GDPR requires that controllers conduct data protection impact assessments (DPIAs) if they are using new technologies that are “likely to result in a high risk” to individuals. As a result, a controller should consider whether it is appropriate to conduct a DPIA in connection with including personal information in prompts or providing it as part of input data to an AI. |
Cross-border data transfers | Art. 44-50 | To the extent that personal information in the form of a prompt or input data will be sent to an AI that is hosted outside of the European Economic Area, a controller may need to take steps to ensure that such data is adequately protected in the jurisdiction to which it is sent. |
Vendor management | Art. 28 | To the extent that a controller will rely on a third party to host personal information transmitted to an AI (e.g., a third-party-hosted AI product), the GDPR may require that the third party agree to specific contract provisions required of processors. |
[1] EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) at para. 60 (June 18, 2021).
[2] EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) at para. 60 (June 18, 2021) (stating that data subjects should be informed when their data is used for AI training).
[3] Garante Per La Protezione Dei Dati Personali, Provision of April 11, 2023 [9874702] (English translation).
[4] Garante Per La Protezione Dei Dati Personali, Provision of April 11, 2023 [9874702] (English translation).
[5] See EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) at para. 60 (June 18, 2021) (stating that data subjects have a right to deletion/erasure in connection with their personal data being used to train an AI).
[6] See EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonized rules on artificial intelligence (Artificial Intelligence Act) at para. 60 (June 18, 2021) (stating that data subjects have a right to restriction in connection with their personal data being used to train an AI).