Taking data protection into account in the system design choices

16 October 2023

To ensure the development of a privacy-friendly AI system, it is necessary to give careful thought to the design of the system. This sheet details the steps involved.

When considering the design choices for an AI system, data protection principles, and in particular the principle of minimisation, must be respected. This approach is based on five levels. A data controller must therefore ask himself/herself about:

  • the goal of the system he/she wishes to develop;
  • the system’s technical architecture, which will influence the characteristics of the dataset;
  • the data sources to be used (see the how-to sheet on the legal compliance, open sources, third parties, etc.);
  • from these sources, the selection of strictly necessary data, having regard to the usefulness of the data and the potential impact of their collection on the rights and freedoms of the persons concerned;
  • the validity of the choices previously made. Such validation may take different (non-exclusive) forms, such as a pilot study or the opinion of an ethical committee.




Specification of the objective pursued

Definition of the technical architecture of the system

Identification of the necessary data

Validation of design choices