GovCompass
Nederlands
The GovCompass-7

Element 3 of the GovCompass-7

Privacy

Personal data is processed lawfully and proportionately, across the training data, the model itself, and the outputs.

What it means

Privacy is the property that an AI system processes personal data lawfully, proportionately, and in a way that respects the rights of the individuals whose data is involved. For AI systems this is governed primarily by the GDPR, which operates alongside the EU AI Act rather than being replaced by it. The two frameworks meet at several points: the Art. 26.9 obligation to use provider documentation to support a data protection impact assessment, the data-quality requirements of Art. 10, and the individual rights that attach to automated decision-making under GDPR Art. 22.

Privacy in AI has a dimension that traditional data protection does not fully anticipate. A trained model can memorise and leak elements of its training data. The outputs of a model can permit inference of attributes the individual never disclosed. The aggregation of data needed to train a useful model can itself create a privacy exposure that none of the individual data points carried. The control set has to address privacy across the full lifecycle: in the training data, in the model itself, and in the system's outputs.

Why it matters

The exposure is doubled, because an AI privacy failure is simultaneously a GDPR breach and, frequently, an EU AI Act data-governance failure, with two regulators and two timelines. The financial ceiling under the GDPR is among the highest in EU law. Beyond the regulatory exposure, privacy failures in AI tend to be irreversible: once a model has memorised personal data or an inference has been made and acted upon, the harm cannot be recalled.

Governing privacy

Privacy controls have to span data minimisation at the input, protection of the model itself, and discipline over what the outputs reveal. The most efficient design integrates these with the organisation's existing GDPR controls rather than building a parallel structure.

Control layerControl
PreventiveConduct a combined DPIA and, where applicable, FRIA before deployment, using the provider documentation as required by Art. 26.9. Apply data minimisation: train and operate on the least personal data sufficient for the purpose. Apply pseudonymisation or anonymisation to training data where the use case permits. Define and document the lawful basis for each processing activity.
PreventiveEstablish data processing agreements with every processor in the AI supply chain, and confirm the transfer mechanism for any processor outside the EEA.
DetectiveAudit access to training data and model outputs. Test the model for memorisation and data leakage where the risk profile warrants it. Monitor for function creep, where data collected for one purpose is gradually used for another. Maintain a process for handling data-subject requests that reaches into the AI system, including access, rectification, and erasure.
CorrectiveOperate a breach-response process that satisfies both the GDPR Art. 33 timeline and the Art. 73 incident timeline where both apply. Define remediation for a memorisation or leakage finding, which may require retraining the model on corrected data. Honour rectification by re-evaluating any decision that relied on corrected data.