French data protection authority Cnil presents action plan to regulate AI

On September 11, 2023, the National Assembly Committee on AI and personal data protection heard Marie-Laure Denis, the president of the Cnil. She outlined her action plan to regulate AI uses.

First off, she listed the many fears born from the growth of generative AI: “loss of jobs, use for malicious purposes, violation of intellectual property, illegal use of personal data…”

She therefore called for “understanding, supporting and monitoring” AI, in order to “create the conditions for an ethical, responsible and respectful use of our values.” The AI Act, currently being finalized on a European level, will establish a legal framework based on the risks entailed by the various uses of AI. However, it will only come into effect in 2025, at the earliest.

Marie-Laure Denis considers that, until then, the Cnil must provide “real solutions for innovative businesses” and “citizens, in regard to their rights”. She therefore wants to quickly roll out the necessary “tools” to audit the processing of personal data by AI models, on three levels:

• generative AI apps themselves, to ensure they comply with regulation on personal data processing for their users;
• databases used for generative AI learning, to make sure they respect the rights of people concerned by the data;
• underlying model of already trained algorithms.