Can data subjects be data controllers?
With the rise of AI trained on user data, the question of whether data subjects be considered data controllers for the personal data in their AI prompts and outputs has once again taken the spotlight. This is not a new issue, the possibility of the data subjects acting as data controllers has been explored as far back as the beginning of modern media and the conclusion has been mostly consistent.
In the report May report of the EDPB’s ChatGPT Taskforce, it is stated that:
“(T)he responsibility for ensuring compliance with GDPR should not be transferred to data subjects, for example by placing a clause in the Terms and Conditions that data subjects are responsible for their chat inputs. Rather, if ChatGPT is made available to the public, it should be assumed that individuals will sooner or later input personal data. If those inputs then become part of the data model and, for example, are shared with anyone asking a specific question, OpenAI remains responsible for complying with the GDPR and should not argue that the input of certain personal data was prohibited in first place.”
The principle of fairness dictates that enterprises should not transfer the risks and responsibilities of the data controller to the data subjects. As such, it would be hard for AI developers and distributors to declare that the users of AI are also data controllers regarding the data they input into the AI.
For more details, please access: https://lnkd.in/eGc6-wB2
New Regulations on Sanction for Violations in Consumer Personal Data Protection
The Government has issued Decree No. 24/2025/ND-CP, amending Decree No. 98/2020/ND-CP, which takes effect on February 21, 2025. This decree introduces significant updates on administrative sanctions for violations related to consumer information protection. Notably, Decree 24/2025/ND-CP increases penalties for certain violations compared to Decree 98/2020/ND-CP and expands the list of offenses subject to administrative sanctions. […]
Learn more
HAPPY NEW YEAR 2025!
Dear Clients, Partners and Colleagues, As the Lunar New Year approaches, we at PrivacyCompliance would like to extend our warmest wishes to you and your loved ones for a year filled with happiness, health, and prosperity. 🐉🌙 This festive season is a time to reflect, celebrate new beginnings, and embrace the opportunities ahead. We deeply […]
Learn more
Merry Christmas!
Dear Clients, Partners and Colleagues This holiday season, we celebrate the spirit of togetherness, hope, and generosity. It’s a time to reflect on our accomplishments and look forward to the opportunities that lie ahead. We’re excited to continue growing, innovating, and achieving great things together in the coming year. May this festive season bring joy, […]
Learn more