EDPB Opinion published: Data protection and AI models

The EDPB has today (18 December) issued its long awaited Opinion on data protection aspects related to the development and deployment of AI models. You can read it here.

There is plenty to digest here including lots of useful guidance on how to conduct legitimate interests assessments for the use of training data and how to assess the balancing test.

However, for many the most interesting section will be the analysis on whether AI models constitute or contain personal data. Essentially the EDPB categorises AI models into three groups:

1. Models specifically designed to make personal data available = in scope of GDPR.
    
2. Models which are not intentionally designed to make personal data available but which retain (in some form) the original information from the training data and which enable the extraction or obtaining of such information (with means reasonably likely to be used) = in scope of GDPR.
    
3. Models which do not enable such extraction or obtaining of information = out of scope of GDPR (even if the training process is in scope).

The EDPB sets a high bar for categorising a model as falling under group 3, requiring developers to conduct a "thorough evaluation" regarding the anonymity of the model taking into account a range of factors (including the characteristics of the training data, selection of sources, the context of the deployment, the model design, protective measures regarding outputs and the model's resistance to attacks).

The result of all this is that AI developers which take the position that their models are anonymous are likely to need to put in place detailed documentation to justify this (ideally mapping to the factors in the Opinion). It may be that much of this analysis is already covered by existing DPIAs and other accountability documents, but it may well be that new, standalone, documentation will need to be produced.

If models were trained in breach of GDPR, and the resulting model contains or enables "obtaining" or "extraction" of personal data, the Opinion leaves open the possibility that DPAs could take enforcement action impacting subsequent deployment of the model.

The Opinion also has implications for organisations which deploy models developed by third parties. The EDPB makes clear that such deploying controllers must conduct appropriate assessments to ascertain that the models were not developed through the unlawful processing of personal data. In this context, it will be relevant if the development phase was subject to a finding of infringement. Whilst deployers will still lean heavily on developer documentation, it is clear that they have their own responsibilities to properly diligence the models they use.