GDPR

the data protection regulation that was supposed to be about cookie banners but actually governs every piece of personal data your AI has ever touched, is touching, or will touch.

"a Berlin bank got fined €300k because their AI rejected a credit card application and nobody could explain why. turns out 'the algorithm said no' is not a lawful basis under Article 22."
"Clearview AI scraped billions of faces from the internet for facial recognition and got fined €90M+ across multiple European regulators. they said it was publicly available data. the regulators said no, that's not how consent works."
"our AI team trained a model on customer support tickets without checking if they contained personal data. they did. all of them did. the DPO found out from a LinkedIn post."
Share this one
Canonical Definition

General Data Protection Regulation (EU) 2016/679. The EU’s comprehensive data protection framework, in force since 25 May 2018. Key AI intersections: lawful basis for training data (Art. 6), data subject rights including access and erasure (Arts. 15–17), Data Protection Impact Assessment obligations for high-risk processing (Art. 35), and automated decision-making rights under Article 22 — the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Penalties up to €20 million or 4% of global annual turnover.

Why It Matters

GDPR was enacted before the current wave of generative AI, but its principles were designed to be technology-neutral. Every obligation that applies to a database of customer records also applies to that data when it is used to train, fine-tune, evaluate, or prompt a model. The regulation does not distinguish between a SQL query and an inference request. Both process personal data. Both require lawful basis.

The AI-specific challenge is that GDPR was built on assumptions that AI systems routinely violate. The right to erasure assumes data can be deleted — but personal data baked into model weights cannot be selectively removed. The right to explanation assumes decision logic can be articulated — but a neural network with billions of parameters does not have articulable decision logic. The principle of purpose limitation assumes data collected for one purpose will not be reused — but foundation models are trained on data scraped from the entire internet.

These tensions do not make GDPR inapplicable. They make compliance harder. And regulators are enforcing accordingly, with fines in the hundreds of millions for AI-related violations.

The Stress Test

A data subject exercises their Article 15 right of access and asks your organisation to provide all personal data processed about them. Your customer database returns their records. Your CRM returns their interactions. Then someone asks whether any of that data was used to train your AI models. Nobody knows. The training data pipeline was built eighteen months ago by a team that has since rotated. There is no data lineage from the training set back to individual records.

The data subject then exercises their Article 17 right to erasure. You delete their records from the database and CRM. But the model was trained on their data. The model weights still encode patterns derived from their personal information. You cannot “delete” someone from a neural network. You have a legal obligation you cannot technically fulfil without retraining. The clock is ticking on the 30-day response deadline.

In the Wild

Enforcement — Clearview AI, 2022–2024
€90M+ in Fines Across Europe for Facial Recognition

Clearview AI scraped billions of publicly available photos from social media platforms to build a facial recognition database used by law enforcement. Data protection authorities across Europe — France (CNIL, €20M), Italy (Garante, €20M), Greece (Hellenic DPA, €20M), and the UK (ICO, £7.5M) — each independently found Clearview in violation of GDPR. The violations included: no lawful basis for processing (Art. 6), failure to meet transparency obligations (Arts. 12–14), no data retention limits, and failure to honour data subject access and deletion requests.

Clearview argued the data was publicly available. Every regulator reached the same conclusion: “publicly available” does not mean “free to scrape for AI training.” Lawful basis is not optional because the data was on the internet.

Enforcement — Berlin, 2023
Bank Fined €300K for AI Credit Decisions Without Explanation

The Berlin Commissioner for Data Protection fined a bank approximately €300,000 for using an AI system to reject credit card applications without providing adequate explanations to applicants. The system made automated decisions with legal effects on individuals — credit denial — without meaningful information about the logic involved, as required under Article 22(3) GDPR. Applicants received generic rejection letters that did not reference the automated nature of the decision or the factors considered.

Article 22 does not require you to explain neural network weights. It requires you to provide meaningful information about the logic involved. “The algorithm said no” is not meaningful information.

Enforcement — OpenAI, 2024
Italy Fines OpenAI €15M for ChatGPT Data Processing

The Italian Garante fined OpenAI €15 million in December 2024 for GDPR violations related to ChatGPT, following the temporary ban in March 2023. The findings included: insufficient transparency about data processing, no adequate lawful basis for processing personal data to train the model, and failure to implement age verification. The relatively modest fine (relative to OpenAI’s scale) was accompanied by an order to conduct a six-month public information campaign on data subjects’ rights — a reputational penalty that no fine amount can offset.

The Garante did not say AI cannot process personal data. It said you need a lawful basis before you start, not an apology after you are caught.

How to Govern It

GDPR compliance for AI is not a legal exercise. It is a data architecture exercise with legal consequences.

Within the AI Control Index, GDPR governance for AI operates across multiple layers and shields:

  • Data (L6) — Data lineage tracking from source to training set to model, data quality documentation, lawful basis mapping per data source, and purpose limitation controls. If you cannot trace which personal data entered which model, you cannot respond to a subject access request.
  • GRC (S1) — Evidence Factory captures DPIAs, Records of Processing Activities (ROPA) that include AI processing, lawful basis assessments, and data subject request response logs. The Evidence Factory is where GDPR compliance becomes demonstrable, not just claimed.
  • Ethics & Fairness (L2) — Contestability mechanisms that enable meaningful human review of automated decisions, ensuring Art. 22 rights are operationally feasible, not just documented in a policy.
  • Observability (S4) — Runtime monitoring of data flows to detect personal data entering AI pipelines without lawful basis, and audit trails for data subject request fulfilment.
  • Security (S3) — Technical measures to prevent data exfiltration through model outputs, membership inference attacks, and training data extraction — all of which create GDPR exposure.

When It’s Relevant

Every AI system that processes personal data of individuals in the European Economic Area. This includes training data, fine-tuning data, prompt data, retrieval corpora, evaluation data, and output data. If personal data enters the system at any stage, GDPR applies at that stage.

GDPR risk is highest when:

  • Training data was collected without a documented lawful basis per data source
  • The AI system makes or materially influences decisions with legal or similarly significant effects on individuals
  • Data lineage from source to model is incomplete or absent
  • The organisation cannot technically fulfil erasure requests for data encoded in model weights
  • The AI system processes special category data (health, biometrics, political opinions) without explicit consent or another Art. 9 basis

See this control in the framework. GDPR governance for AI is operationalised across L6, S1, L2, S4, and S3 in the AI Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] European Parliament and Council of the European Union (2016) Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation). Official Journal of the European Union, L 119, 4 May 2016.
  2. [2] Commission Nationale de l’Informatique et des Libertés (2022) Délibération SAN-2022-023: Clearview AI. CNIL, 20 October 2022.
  3. [3] Garante per la protezione dei dati personali (2024) Decision regarding OpenAI — ChatGPT, December 2024. Rome.
  4. [4] European Data Protection Board (2024) Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR. EDPB, Brussels.
  5. [5] Wachter, S., Mittelstadt, B. and Floridi, L. (2017) ‘Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation’, International Data Privacy Law, 7(2), pp. 76–99. doi: 10.1093/idpl/ipx005.
  6. [6] Selbst, A.D. and Powles, J. (2017) ‘Meaningful Information and the Right to Explanation’, International Data Privacy Law, 7(4), pp. 233–242. doi: 10.1093/idpl/ipx022.
  7. [7] Berliner Beauftragte für Datenschutz und Informationsfreiheit (2023) Jahresbericht 2022. Berlin Commissioner for Data Protection and Freedom of Information.

AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens