web analytics

GDPR & Generative AI

Rate this post
  • The use cases for generative Al in the public sector present an exciting opportunity to improve the quality and efficiency of public services. At Microsoft we want to empower our customers to harness the full potential of new technologies like generative artificial intelligence (generative Al), while complying with their obligations under the General Data Protection Regulation (GDPR).
  • Microsoft is committed to ensuring its Al systems are developed responsibly and in a way that is worthy of people’s trust. We drive this commitment according to six key principles which align closely with public sector priorities and the fundamental principles set out in Article 5 of the GDPR
  • When considering GDPR compliance in the context of the procurement and use of generative Al services, the fundamental principles of the GDPR apply in the same manner as they do for processing personal data in any other context (e.g. the use of cloud services). So, while Al technology may be new, the principles and accordingly the processes for risk assessment and compliance with the GDPR remain the same. Hence, to ensure GDPR compliance, public sector organizations should be confident to approach Microsoft’s Al services in the same way as they have approached procuring other cloud services.
  • Microsoft’s existing privacy commitments including those provided in Microsoft’s Data Protection Addendum extend to our Al commercial products. Public sector customers can rest assured that the privacy commitments they have long relied on when using our enterprise cloud products also apply to Copilot for Microsoft 365 and the Azure OpenAI Service. Public sector customers can therefore be confident that their valuable data is safeguarded by industry-leading data governance and privacy practices in the most trusted cloud on the market today.
  • There are a number of key obligations under the GDPR which public sector organizations need to consider when procuring generative Al services. In this paper we have included details of these obligations and the associated support and resources which Microsoft can offer including in relation to international transfers of personal data, transparency, data subject rights, processor obligations, technical and organizational security measures, and DPIAS.
  • Our customers’ data belongs to our customers. Microsoft does not claim ownership of any customer prompts or output content created by Microsoft’s generative Al solutions. In addition, no Customer Data (including prompts or output content) is used to train foundation models. without customer permission.
  • As the regulatory landscape evolves and we innovate to provide new kinds of Al solutions, Microsoft will continue to offer industry-leading tools, resources and support to demonstrate our enduring commitment to meeting the needs and demands of our European public sector customers in their Al journey.

Views: 8

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post