Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Netherlands: AP announces data breaches from use of AI

On August 6, 2024, the Dutch data protection authority (AP) announced that it had received several reports of data breaches owing to the use of artificial intelligence (AI).

In particular, the AP highlighted that employees may often use chatbots on their own initiative and against agreements made with employers. The AP provided such a case, where personal data is entered, constitutes a data breach. On the other hand, the AP clarified that where the use of a chatbot by employees is permitted by employer policy, it is not a data breach, but still may not be legally permitted.

The AP noted that it received one report concerning the sharing of personal data with a chatbot that uses AI by an employee of a GP practice who shared patient medical data, contrary to employer policy. Likewise, the AP detailed that it received a report of a telecoms company where an employee entered personal information including customer addresses into a chatbot.

Accordingly, the AP recommended that organizations first make clear agreements with employees about the use of chatbots. Secondly, the AP outlined that organizations that allow the use of chatbots must make clear what data may be entered into such AI systems.

You can read the press release, only available in Dutch, here.