Privacy & Data Protection: GDPR, AI Act, and Your Data

AI systems consume data voraciously. Privacy laws (GDPR, CCPA) demand data minimization. This conflict is one of the hardest challenges for modern CISOs.

Based on OWASP Privacy Guidelines, this section outlines how to reconcile AI capabilities with regulatory obligations.

1. The "Right to Erasure" Problem

The Challenge: GDPR Article 17 gives users the "Right to be Forgotten."

• Traditional DB: DELETE FROM users WHERE id = 123. Easy.
• Trained Model: You cannot delete a specific fact from a model's weights without expensive retraining.
• Vector DB: You can delete embeddings, but finding which chunks contain the user's data is complex if the data was anonymized or aggregated.

The Solution: Avoid baking PII into model weights. Use RAG (Retrieval-Augmented Generation).

• Keep the foundation model generic (no PII).
• Store customer data in a standard database or controlled Vector DB.
• When a user asks to be forgotten, delete the record from the database. The AI immediately "forgets" them.

2. Data Minimization & Sanitization

OWASP Recommendation: "Treat all training data as if it will become public."

Before feeding data to a model (training or RAG context):

1. PII Discovery: Scan data lakes for SSNs, emails, and names.
2. Redaction/Tokenization: Replace PII with tokens ([PERSON_1]) or synthetic data.
3. Anonymization: Ensure k-anonymity for datasets to prevent re-identification.

Tools: Platforms like Private AI and Nightfall specialize in this pre-processing layer.

3. The EU AI Act & The Global Regulatory Patchwork

The EU AI Act imposes strict requirements on "High-Risk" AI systems (e.g., HR recruiting, credit scoring), but it's part of a broader, fragmented landscape.

The Risk-Based Approach

Regulators globally are converging on a risk-based model. Not all AI is treated equally:

• Unacceptable Risk: Banned outright (e.g., social scoring, real-time biometric surveillance in public spaces).
• High-Risk: Subject to strict conformity assessments (see below).
• Limited Risk: Transparency obligations (e.g., "you are talking to a bot").
• Minimal Risk: No restrictions (e.g., spam filters).

Privacy Requirements for High-Risk AI:

• Data Governance: You must prove your training/validation data is representative and error-free.
• Record Keeping: You must log every time the system processes personal data.
• Human Oversight: A human must be able to intervene if the AI makes a privacy-violating decision.

Emerging Global Standards

While the EU leads with comprehensive legislation, the US is adopting a "patchwork quilt" approach, often relying on NIST standards and sector-specific rules (healthcare, finance).

• EU: GDPR + AI Act (Alignment is critical; regulatory frameworks continue to evolve, e.g., Schrems II).
• US: NIST AI RMF + State Laws (CA, CO).
• Global: Countries aligning with GDPR will likely align with the EU AI Act.

Organizations that adopt a security-first, agile approach based on NIST/ISO standards will have a competitive advantage as these regulations solidify.

4. RAG-Specific Privacy Risks

Retrieval-Augmented Generation (RAG) is safer than fine-tuning, but introduces Access Control risks.

• The Scenario: An employee asks the internal AI: "Show me the salary of my peer."
• The Breach: The RAG system retrieves the "Salary Spreadsheet" because it is semantic relevant, ignoring the fact that the employee lacks read permission.
• The Fix: Permission-Aware Retrieval. The Vector DB must filter results based on the user's existing ACLs (Active Directory/Okta) before passing them to the LLM.

CISO Takeaway

Privacy is not just a legal checkbox; it's an architectural constraint.

Default to RAG. Avoid fine-tuning on sensitive data unless absolutely necessary. And assume that any data sent to a model could leak.

Continue to the next section: Operational Checklist