Lausen Logo
Data protection and AI: German “DSK” publishes guidance paper

Data protection and AI: German “DSK” publishes guidance paper

Author
Dr. Tim Kraft
Dr. Tim Kraft Lawyer, Partner View profile

The “Conference of Independent Federal and State Data Protection Authorities” (“DSK”) is a coordinating body of the German data protection supervisory authorities. As such, the DSK has no executive power and its positions are not binding for the affiliated authorities, courts or those who have to apply the law in their everyday work. Nevertheless, it is worth paying attention to the DSK’s statements, as it is a strong voice in German data protection law and conclusions and forecasts for the application of the law can be drawn from its positions.

On May 6, 2024, the DSK published a guideline entitled “Artificial intelligence and data protection”. According to the DSK, this paper is intended to provide an overview of the relevant questions that arise from the perspective of data protection law when selecting, introducing and using artificial intelligence (“AI”) applications. Highlighting especially those issues which need to be answered before introducing AI applications into operations. The paper expressly does not claim to be exhaustive and will be supplemented and revised in the future.

In line with its objective, the paper provides a good overview of the data protection issues relating to AI applications. It can be understood as a quick round-trip through data protection law and stops at all its major points of interest in connection with AI – such as the question of the legal basis for processing, the problem of implementing the rights of data subjects and issues of employee data protection.

With the chosen approach, naturally, the guidance can only touch on topics and create an awareness among those responsible for data protection. However, it cannot and does not provide conclusive answers to the questions raised. These answers will need to be found “on the ground”, i.e. in a case-by-case consideration of the topics addressed in the guidance.

As an introduction and overview of the data protection issues relating to AI applications, the guidance can be seen as a success and its reading can be highly recommended. However, with the awareness reading the paper hopefully creates, the readers must then pursue the issues raised and seek and implement the answers in their everyday data protection practice.

We will be happy to help, if you need assistance in finding your answers.

More posts

Mandatory gender information in online store not legal

Mandatory gender information in online store not legal

In the online purchasing process, it is common to ask for gender in addition to name and shipping address. But why is this the case? After all, a person can only be identified by their name. On January 9, 2025 (case number C-394/23), the European Court of Justice ruled that it is no longer mandatory …

Read more
Wednesday talk “What publishers achieve – the future of publishing”

Wednesday talk “What publishers achieve – the future of publishing”

We cordially invite you to the digital meeting of the series “What publishers achieve – The future of publishing”. Wednesday, March 5, 2025 17:00 to 18:00 Digital via Zoom Our topic today is: “AI-generated vs. AI assisted” The boundaries between AI-generated content and AI-assisted content are blurred. A look beyond the publishing industry and into …

Read more
Infringement of German copyright only if there is a sufficient domestic connection

Infringement of German copyright only if there is a sufficient domestic connection

Cross-border copyright infringements occur frequently in practice, naturally above all in internet cases. An action for such a copyright infringement always raises questions of procedural law, private international law and substantive law: Does the German court seized have international jurisdiction to decide the dispute? Is the legal dispute to be judged according to German copyright …

Read more