Spotlight on agentic AI | Agentic AI and data protection

The dependency of AI on data is a well-trodden subject. To-date, however, the focus has primarily been on vast quantities of data required to train and fine-tune AI models. With agentic AI, the data protection issues continue from development into deployment –  because AI agents can perform actions on personal data with limited or no human intervention. This creates new potential risks, as well as giving rise to novel questions on the interpretation of GDPR concepts.

Data protection authorities in Europe and around the world are increasingly interested in agentic AI, with the UK ICO and the Spanish AEPD both issuing guidance at the start of 2026. In this article, we explore some of the particular challenges agentic AI poses for data protection compliance.

Who is determining the purposes and means of processing?

Any assessment of obligations under GDPR and similar data protection laws must start by identifying the controller: the natural or legal person who determines the purposes and means of processing (the “how and why”). With agentic AI, we run into difficulties even at this first hurdle – where an agent is making decisions about the purposes and means of processing, who is the controller? Is it the developer who created the agent, and so presumably designed its functionality, controls and safeguards? Or is it the party deploying the agent, who set it the specific task? What if an agent built the agent? What if an agent assigned the task?

We are always saying that controllership is a matter of fact – but agentic AI arguably demands a more nuanced and policy-driven approach. The default approach for data protection authorities and the Courts is to assign controllership to the party best placed to protect the rights of individuals; plainly speaking, whoever is best resourced, and most able to effect change. Often this will be the developer, given they can make universal changes at a product level. But the GDPR itself is focused on the processing of personal data itself, rather than the development of tools for processing (the latter being the contrasting approach of the AI Act).

A potential route through the difficulty – paved by the DPAs’ approach to the adtech industry and a raft of CJEU decisions – is to find joint control between developers, deployers and any intermediaries. That way, everyone has a share of the responsibility (and we avoid having to actually answer the question…).

How can we ensure the agent acts responsibly?

There are obvious risks with enabling agents to act on personal data. They could delete it, amend it, or disclose it in a manner that is non-compliant. AI agents have not dutifully completed their annual compliance training – although they can be trained to understand compliance controls. There have been plenty of scare stories of agents inappropriately forwarding email chains, or indeed deleting whole databases. Moreover the ability of agentic AI to generate large quantities of personal data at scale, and then rapidly use that data, magnifies the impact of any errors in a dataset.

Even if the agent does everything right, it still poses novel compliance challenges. Data protection law demands that you think in advance about your data processing. Many obligations must be ticked off when you know what you want to do and how you’re going to do it, but before you get started: transparency, determining a lawful basis, conducting a DPIA. What happens when you don’t know in advance the details of what you’re going to do - because you’re delegating it to an agent to decide? There may need to be limits to what you can allow the agent to do, if you’ve not had an opportunity to satisfy your compliance requirements.

Solely automated decision-making

The GDPR was arguably well ahead of the game in attempting to regulate AI agents with rules on “solely automated decision-making”. These rules have been around since the 1995 Directive, but are becoming increasingly relevant with the adoption of agentic AI. This is also an area where the EU and UK now diverge, with the UK adopting a more permissive approach.

Article 22 of the EU GDPR prohibits solely automated decisions which have a legal or similarly significant effect, except under three conditions: with the individual’s explicit consent, if it’s necessary to perform a contract with the individual, or if the automated decision is authorised by law. Where someone is subject to a solely automated decision, they have the right to challenge that decision and obtain human review.

There has been much debate about numerous aspects of this prohibition – including its scope, how the exemptions work, and what constitutes human review. This debate will no doubt grow in the coming months and years, as organisations seek to capitalise on agentic AI.

In an attempt to soften the impact of Article 22 and support the adoption of AI, the UK recently amended this provision so that the prohibition only applies to decisions made using special category (aka ‘sensitive’) data - although all decisions will still need to allow for challenge and human review. The UK rules make life easier, but it’s worth bearing in mind just how much special category data is woven into our everyday lives – job applicants, for example, frequently disclose information about health conditions, racial identity and political opinions; call centres and customer workflows may face similar challenges with customers voluntarily disclosing sensitive information about their personal lives. Which means the UK prohibition still has broad application.

Accountability

Accountability is one of the fundamental principles of GDPR (found in Article 5(2)), but is also critical to responsible agentic AI deployment well beyond GDPR. Fairly obviously, organisations will be accountable for the actions of their AI agents. A compliance approach built on the GDPR principle of accountability is a good place to start when looking at AI governance more generally. Read the governance article in this agentic AI series here.