AI how-to sheets
This content is a courtesy translation of the original publication in French. In the event of any inconsistencies between the French version and this English translation, please note that the French version shall prevail.
Introduction
What is the scope of the AI how-to sheets?
The CNIL provides concrete answers for the creation of databases used to train artificial intelligence (AI) systems, which involve personal data.
Sheet 1
Determining the applicable legal regime
The CNIL can help you determine the legal regime applicable to the processing of personal data during the development phase.
Sheet 2
Defining a purpose
The CNIL can help you define the purpose(s), taking into account the specificities of developing AI systems.
Sheet 3
Determining the legal qualification of AI system providers
Data controller, joint controller or processor: the CNIL is helping suppliers of AI systems to determine their status.
Sheet 4
(1/2)
Ensuring the lawfulness of the data processing - Defining a legal basis
The CNIL helps you determine your obligations based on your responsibility and the means of collecting or reusing the data.
Sheet 4
(2/2)
Ensuring the lawfulness of the data processing - In case of re-use of data, carrying out the necessary additional tests and verifications
The CNIL helps you determine your obligations, depending on the means of collecting the data and its source.
Sheet 5
Carrying out a data protection impact assessment when necessary
Creating a dataset for the training of an AI system can lead to high risks to people’s rights and freedoms. In this case, a data protection impact assessment is mandatory. The CNIL explains how, and in which cases, it should be realised.
Sheet 6
Taking into account data protection when designing the system
To ensure that the development of an AI system respects data protection, it is necessary to carry out a prior reflection when designing it.
Sheet 7
Taking data protection into account in data collection and management
The CNIL details how data protection principles relate to training data management.