AI how-to sheets

To help professionals reconcile innovation and respect of people’s rights, the CNIL has published its first recommendations on the application of the GDPR to the development of artificial intelligence systems.

> Read more

The CNIL provides concrete answers for the creation of databases used to train artificial intelligence (AI) systems, which involve personal data.

> Read more

The CNIL can help you determine the legal regime applicable to the processing of personal data during the development phase.

> Read more

The CNIL can help you define the purpose(s), taking into account the specificities of developing AI systems.

> Read more

Data controller, joint controller or processor: the CNIL is helping suppliers of AI systems to determine their status.

> Read more

The CNIL helps you determine your obligations based on your responsibility and the means of collecting or reusing the data.

> Read more

The CNIL helps you determine your obligations, depending on the means of collecting the data and its source.

> Read more

Creating a dataset for the training of an AI system can lead to high risks to people’s rights and freedoms. In this case, a data protection impact assessment is mandatory. The CNIL explains how, and in which cases, it should be realised.

> Read more

To ensure that the development of an AI system respects data protection, it is necessary to carry out a prior reflection when designing it.

>Read more

 The CNIL details how data protection principles relate to training data management.

> Read more

Controllers will most commonly rely on their legitimate interests for the development of AI systems. However, this legal basis cannot be used without respecting its conditions and implementing sufficient safeguards.

> Read more

The collection of data accessible online via web scraping must be accompanied by measures aimed at safeguarding the rights of the data subjects.

> Read more

Organizations that process personal data to develop AI models or systems must inform concerned data subjects. The CNIL specifies the obligations in this regard.

> Read more

Individuals whose data is collected, used or reused to develop an AI system have rights over their data that allow them to maintain control over it. The controllers are responsible to comply with them and to facilitate their exercise.

> Read more

The data annotation phase is crucial to ensure the quality of the AI model. This challenge can be achieved by means of a rigorous methodology guaranteeing performance for the system and protection of personal data.

> Read more

The security of AI systems is an issue too often overlooked by their designers. However, it remains an obligation to guarantee data protection both during the development of the system and in anticipation of its deployment. This how-to sheet details the risks and measures to be taken.

> Read more

AI models may be subjected to the GDPR if they store personal data from their training process. The CNIL proposes a method for providers to assess whether or not their models are subjected to the GDPR.

> Read more

The CNIL provides a checklist of points to verify, based on its recommendations for the development of AI systems compliant with the GDPR.

> Read more