Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Netherlands: AP announces data breaches from use of AI
On August 6, 2024, the Dutch data protection authority (AP) announced that it had received several reports of data breaches owing to the use of artificial intelligence (AI).
In particular, the AP highlighted that employees may often use chatbots on their own initiative and against agreements made with employers. The AP provided such a case, where personal data is entered, constitutes a data breach. On the other hand, the AP clarified that where the use of a chatbot by employees is permitted by employer policy, it is not a data breach, but still may not be legally permitted.
The AP noted that it received one report concerning the sharing of personal data with a chatbot that uses AI by an employee of a GP practice who shared patient medical data, contrary to employer policy. Likewise, the AP detailed that it received a report of a telecoms company where an employee entered personal information including customer addresses into a chatbot.
Accordingly, the AP recommended that organizations first make clear agreements with employees about the use of chatbots. Secondly, the AP outlined that organizations that allow the use of chatbots must make clear what data may be entered into such AI systems.
You can read the press release, only available in Dutch, here.