Lausen Logo
Data protection and AI: German “DSK” publishes guidance paper

Data protection and AI: German “DSK” publishes guidance paper

Author
Dr. Tim Kraft
Dr. Tim Kraft Lawyer, Partner View profile

The “Conference of Independent Federal and State Data Protection Authorities” (“DSK”) is a coordinating body of the German data protection supervisory authorities. As such, the DSK has no executive power and its positions are not binding for the affiliated authorities, courts or those who have to apply the law in their everyday work. Nevertheless, it is worth paying attention to the DSK’s statements, as it is a strong voice in German data protection law and conclusions and forecasts for the application of the law can be drawn from its positions.

On May 6, 2024, the DSK published a guideline entitled “Artificial intelligence and data protection”. According to the DSK, this paper is intended to provide an overview of the relevant questions that arise from the perspective of data protection law when selecting, introducing and using artificial intelligence (“AI”) applications. Highlighting especially those issues which need to be answered before introducing AI applications into operations. The paper expressly does not claim to be exhaustive and will be supplemented and revised in the future.

In line with its objective, the paper provides a good overview of the data protection issues relating to AI applications. It can be understood as a quick round-trip through data protection law and stops at all its major points of interest in connection with AI – such as the question of the legal basis for processing, the problem of implementing the rights of data subjects and issues of employee data protection.

With the chosen approach, naturally, the guidance can only touch on topics and create an awareness among those responsible for data protection. However, it cannot and does not provide conclusive answers to the questions raised. These answers will need to be found “on the ground”, i.e. in a case-by-case consideration of the topics addressed in the guidance.

As an introduction and overview of the data protection issues relating to AI applications, the guidance can be seen as a success and its reading can be highly recommended. However, with the awareness reading the paper hopefully creates, the readers must then pursue the issues raised and seek and implement the answers in their everyday data protection practice.

We will be happy to help, if you need assistance in finding your answers.

More posts

Reeperbahnfestival – Panel “The State of the AI Dilemma – Protection vs. Music Licensing”

Reeperbahnfestival – Panel “The State of the AI Dilemma – Protection vs. Music Licensing”

Marco Erler, Specialised Lawyer for Copyright und Media at LAUSEN, will discuss one of the music industry’s most pressing issues on this panel at the Reeperbahn Festival: How do we deal with the use of music in the context of AI? Friday, September 19, 2025 13:30 – 14:30 East Hotel / Amber / HH In …

Read more
Reeperbahn Festival: The Legal Update 2025 – What the music industry needs to know now

Reeperbahn Festival: The Legal Update 2025 – What the music industry needs to know now

At the Legal Update 2025, Dr. Kerstin Bäcker, Specialist Lawyer for Copyright and Media Law at LAUSEN, will provide an overview of the latest relevant legal developments with a focus on AI and its impact. Thursday, September 18, 2025, 10:30 – 11:30 a.m. East Hotel / Ginger / HH The focus will be on: ▶️ …

Read more
Mandatory gender information in online store not legal

Mandatory gender information in online store not legal

In the online purchasing process, it is common to ask for gender in addition to name and shipping address. But why is this the case? After all, a person can only be identified by their name. On January 9, 2025 (case number C-394/23), the European Court of Justice ruled that it is no longer mandatory …

Read more