Navigating the Legal Maze of AI: Data Minimisation and Purpose Limitation

Moderator: Cari Benn, Chief Privacy Officer, Microsoft
Michel Combot, Director of Technology and Innovation, CNIL, France
Amit Datta, Associate General Counsel, Aleph Alpha
Michael Will, President, Bavarian State Office for Data Protection Supervision

As artificial intelligence models increasingly rely on vast datasets — including sensitive information — to ensure accuracy and mitigate bias, core GDPR principles such as necessity, data minimisation and purpose limitation face new challenges. This panel will explore how these principles can be upheld in the context of AI training, particularly in light of Article 10(5) of the AI Act. While this provision acknowledges the need for representative data in high-risk systems, its limited scope raises important questions for broader AI development. We hope to foster a critical exchange of views on aligning data protection with responsible AI innovation. 

What you will learn:

• What questions are still outstanding after the EDPB’s opinion of 28/2024. 
• Reflections on how to reconcile the data minimisation principle (article 5 c) GDPR) with the data quality requirements in article 10 AI Act.  
• Approaches towards sensitive data in AI training.

Sponsored by: Microsoft