Can AI Training Data Violate GDPR?

But when we’re dealing with AI, we have to change the way we look at data. Information might have been collected properly — in line with GDPR —but AI technology demands we be mindful of how we use that information. Often, businesses end up using previously collected data to feed AI models, or to improve existing tools or AI decision making. That might not seem like anything significant, but from a privacy perspective it can have a huge knock-on effect.

The problem is that training AI models introduces a different variable: is the data being used for the same purpose it was originally collected for? 

As an example, if you’re collecting customer contact information to help resolve support issues, you might later use that information to improve a customer facing chat bot.  

Now, this might make commercial sense, but it also represents a change in purpose. This can have a snowball effect behind the scenes. The more data that’s reused across projects, the easier it is to lose sight of why it was collected in the first place. 

Unfortunately, that’s not always the case. 

Anonymising data helps, but if AI can identify patterns that point back to an individual, that’s classified as personal data under GDPR. Some models have even been found to be capable of reproducing fragments of training data. This can be exploited in a Training Data Extraction Attack to uncover user’s private information. 

There’s also the issue of inferred data. Even if your model doesn’t outright store a person’s name, it might use their data to generate insights about them based on behaviour, history, or correlation. While this doesn’t present as an immediate threat, it can still fall within the scope of personal data and GDPR if it leads to an individual being identifiable. 

The way we look at anonymisation of data has to change. It’s often looked at as a privacy checklist that needs ticking off. With AI, however, it needs to be constantly monitored and accounted for. 

AI projects often start small. With limited dataset and a clear objective. 

Most AI projects expand in scope over time, which means more data. Data improves performance, and the more broad a data set, the less edge cases you’re likely dealing with. This means models are often retrained multiple times on larger and larger sets of data. 

While this can be an argument for operational progress, GDPR doesn’t look at performance in isolation. Performance is great from a business perspective, but GDPR demands that the data you’re using be proportionate and necessary for its intended purpose. If a model can function effectively on less data, it becomes harder to justify the need for these larger data sets. Especially if we’re talking about old data that’s being used “just in case”.  

Documentation is everything and, in order to accurately document your data, you need to be continuously monitoring the entire lifecycle of your AI. The first step is to map out where your training data comes from. Not just the original system, but the context in which it was collected. You then need to work out from there. Has the purpose shifted since collection? If so, why? 

A short record of why the data is being used and who's responsible for that decision can go a long way. 

Training data is a governance concern, not a technical one. It should be treated appropriately. 

AI changes how data behaves, and we have to be prepared for that. Be aware that AI amplifies patterns and spreads information in ways that aren’t always immediately obvious to us. And because AI moves so fast, we can’t wait to see what problems occur later down the line. Proper governance puts the controls in place first. That way you can slow down momentum enough to ask the right questions and make sure you’re using data in the right ways.  

If your business is interested in getting ahead of the ever-changing regulatory expectations surrounding AI, it’s worth understanding how existing laws and frameworks overlap. The price of non-compliance is increasing and the demand on businesses is only expected to become higher. Training data is often the first place you’ll run into problems without the right guide rails in place.