A comprehensive guide for the use of AI

The Data Protection Conference has published a new guide detailing the data protection-compliant use of artificial intelligence (AI) in companies and public authorities. “Artificial Intelligence and Data Protection” provides comprehensive guidelines that cover in particular the use of Large Language Models (LLM), which are often integrated into chatbots and other applications.

The main contents of the guide

Conception and selection

  • When identifying the fields of application and purposes, the legality of the planned applications and the handling of personal data are checked.
  • Data protection-compliant training of AI applications is emphasized to ensure that no automated decisions are made without human control.
  • The decision between open and closed systems influences transparency and the possibility of exercising data subject rights such as rectification and erasure


  • The definition of responsibilities and the creation of internal regulations are essential for compliance with the GDPR.
  • A data protection impact assessment is usually required, especially when processing sensitive data.
  • Technology design and ensuring data security play a central role and must be ensured to an appropriate extent


  • The processing of personal data requires special security measures, especially for sensitive data categories.
  • Accuracy of results and checking for discrimination are essential aspects to ensure fair and accurate AI applications

Support for developers and providers

In addition to the guidelines for the use of AI, the guide also offers valuable insights for developers and providers of AI systems. The information on selecting data protection-compliant applications should lead to data protection-friendly products as early as the development phase.

Summary: Using AI responsibly

The Data Protection Conference’s guidelines are a good tool to help organizations use AI applications securely and in compliance with data protection law. However, it is important to note that the guidelines only cover one area of data protection law and that further regulations, in particular the European Union’s AI Act, must also be examined for full AI compliance.

Guidance document “Artificial intelligence and data protection”: https://www.datenschutzkonferenz-online.de/orientierungshilfen.html

Subscribe to our newsletter

and stay always updated on data protection.