Tricks of the Trade: How to Train an LLM in a GDPR Compliant Manner

Saskia Lensink, Product Manager GPT-NL, TNO
Lokke Moerel, Senior Of Counsel, Morrison & Foerster; Professor, Global ICT Law, Tilburg University
Félicien Vallet, Head of AI Department, CNIL

The Netherlands Institute of Applied Scientific Research obtained a government grant to create a competitive Dutch LLM that complies with European legislation and public values, including training based on privacy by design. We discuss the practical lessons learned and required innovations to train an LLM in a GDPR-compliant manner. We will discuss these practical findings and benchmark these against recent guidance on LLMs from EDPB and CNIL. We will review how to safeguard individual rights in the various phases of collection, training and ultimate deployment of the LLM. Finally, we will cover the responsibilities of the developers of the model reach versus the responsibilities of the deployers that use that model as part of their products or services.

What you will learn: 

• How to apply contextual anonymization to keep structure and meaning in text. 
• How to include information on public persons while excluding sensitive data categories during LLM training. 
• How to provide meaningful DSRs in the context of LLMs.