Can data subjects be data controllers?

November 25, 2024

Can data subjects be data controllers?

With the rise of AI trained on user data, the question of whether data subjects be considered data controllers for the personal data in their AI prompts and outputs has once again taken the spotlight. This is not a new issue, the possibility of the data subjects acting as data controllers has been explored as far back as the beginning of modern media and the conclusion has been mostly consistent.

In the report May report of the EDPB’s ChatGPT Taskforce, it is stated that:
“(T)he responsibility for ensuring compliance with GDPR should not be transferred to data subjects, for example by placing a clause in the Terms and Conditions that data subjects are responsible for their chat inputs. Rather, if ChatGPT is made available to the public, it should be assumed that individuals will sooner or later input personal data. If those inputs then become part of the data model and, for example, are shared with anyone asking a specific question, OpenAI remains responsible for complying with the GDPR and should not argue that the input of certain personal data was prohibited in first place.”

The principle of fairness dictates that enterprises should not transfer the risks and responsibilities of the data controller to the data subjects. As such, it would be hard for AI developers and distributors to declare that the users of AI are also data controllers regarding the data they input into the AI.

For more details, please access: https://lnkd.in/eGc6-wB2


Privacy Compliance

Personal Data Protection Workshop – Course 03 Now Open for Registration!

🎓 Personal Data Protection Workshop – Course 03 Now Open for Registration! Building on the success of the first two editions of the Personal Data Protection Workshop Series, PrivacyCompliance is pleased to introduce Workshop 03, designed to help organisations stay up to date with the latest legal developments and strengthen their personal data protection compliance […]

Learn more

Privacy Compliance

RECAP OF THE “PERSONAL DATA PROTECTION” WORKSHOP SERIES

RECAP OF THE “PERSONAL DATA PROTECTION” WORKSHOP SERIES ✨ The specialized Personal Data Protection workshop series organized by PrivacyCompliance has officially concluded, supporting participants in strengthening their legal compliance capabilities in the field of personal data protection. 📚 The program was structured around four key modules: 🔹 Legal framework for personal data protection. 🔹 Establishing […]

Learn more

Privacy Compliance

Legal Update | Guidance on Submitting Soft Copies of Personal Data Protection Impact Assessment Dossiers

Recently, the Department for Receiving and Returning Administrative Procedure Results on Personal Data Protection issued guidance on the submission of soft copies of the Personal Data Processing Impact Assessment Dossier and/or the Cross-border Personal Data Transfer Impact Assessment Dossier. Under the guidance, organizations and enterprises are required to submit the dossier in a .ZIP compressed […]

Learn more