Can data subjects be data controllers?

With the rise of AI trained on user data, the question of whether data subjects be considered data controllers for the personal data in their AI prompts and outputs has once again taken the spotlight. This is not a new issue, the possibility of the data subjects acting as data controllers has been explored as far back as the beginning of modern media and the conclusion has been mostly consistent.

In the report May report of the EDPB’s ChatGPT Taskforce, it is stated that:
“(T)he responsibility for ensuring compliance with GDPR should not be transferred to data subjects, for example by placing a clause in the Terms and Conditions that data subjects are responsible for their chat inputs. Rather, if ChatGPT is made available to the public, it should be assumed that individuals will sooner or later input personal data. If those inputs then become part of the data model and, for example, are shared with anyone asking a specific question, OpenAI remains responsible for complying with the GDPR and should not argue that the input of certain personal data was prohibited in first place.”

The principle of fairness dictates that enterprises should not transfer the risks and responsibilities of the data controller to the data subjects. As such, it would be hard for AI developers and distributors to declare that the users of AI are also data controllers regarding the data they input into the AI.

For more details, please access: https://lnkd.in/eGc6-wB2

Privacy Compliance

IN-HOUSE DPO VS. OUTSOURCED DPO – WHICH SOLUTION SAVES COSTS AND ENSURES COMPLIANCE?

💥 IN-HOUSE DPO VS. OUTSOURCED DPO – WHICH SOLUTION SAVES COSTS AND ENSURES COMPLIANCE? 🔒 Decree No. 13/2023 and the Draft Law on Personal Data Protection require all businesses to appoint a Data Protection Officer (DPO). The draft law explicitly gives businesses the right to choose between appointing an internal DPO or engaging […]

Learn more

Privacy Compliance

THE DPO AND A CULTURE OF DATA PROTECTION – THE KEY TO BUILDING LASTING TRUST

🌟 THE DPO AND A CULTURE OF DATA PROTECTION – THE KEY TO BUILDING LASTING TRUST In the digital age, personal data is both a valuable asset and a vulnerable one. That’s why the role of the Data Protection Officer (DPO) goes beyond legal compliance—it serves as a foundation for embedding a strong culture of […]

Learn more

Privacy Compliance

WHICH BUSINESSES ARE REQUIRED TO APPOINT A DATA PROTECTION OFFICER (DPO)?

Here is the English translation of your content, localized for clarity and professional tone: 🔒 WHICH BUSINESSES ARE REQUIRED TO APPOINT A DATA PROTECTION OFFICER (DPO)? 👉 Under Decree No. 13/2023/NĐ-CP, any organization that processes sensitive personal data—such as health information, biometric data, financial data, religious beliefs, etc.—is required to appoint a Data Protection Officer […]

Learn more

Cookie name	Type	Description	Expiration
cookie_consent	First Party	Remembers user’s cookie preferences (e.g., which types of cookies you accepted or declined) so that these settings are applied on future visits	12 months
pll_language	First Party	Stores the user’s language preference to display appropriate content	12 months

Cookie name	Type	Description	Expiration
_gcl_au	Third Party	Cookie used by Google AdSense to evaluate advertising effectiveness across websites	3 months
test_cookie	Third Party	Cookie used by DoubleClick (Google) to check if your browser supports cookies	15 minutes
IDE	Third Party	Cookie used by DoubleClick (Google) to store details about how the end user interacts with the website and ads they may have seen before visiting	12 months
ad_user_data	Third Party	Cookie used by Google to determine whether the user has consented to the use of their data for advertising purposes, including audience segmentation	13 months
ad_personalization	Third Party	Cookie used by Google to store user preferences related to personalized advertising, enabling more relevant ad delivery	13 months

Can data subjects be data controllers?