This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Asset 3
  • About
  • People
  • Capabilities
  • Insights
  • Careers
  • Public Interest
  • Inclusion
  • Contact us
    Contact us
  • Locations
    Locations
  • Search
    Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series
  • Contact Us
  • Location
  • Search
  • About
    • About
    • Message From the CEO
    • Firm History
    • Alumni
    • Alumni
    • In Memoriam
  • People
  • Capabilities
    • Practices
    • Industries
    • Global Reach: The Law Firm Network
    • Bankruptcy & Restructuring
    • Brand & Reputation Management
    • Intellectual Property
    • Litigation & Dispute Resolution
    • Special Situations, Distressed Debt and Debt Trading
    • Transactions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Energy & Environmental
    • Entertainment & Media
    • Investment Management 
    • Life Sciences
    • Technology
    • Real Estate
    • Bankruptcy & Restructuring
    • Bankruptcy Litigation
    • Mass Torts Bankruptcy
    • Intellectual Property
    • Intellectual Property Litigation
    • Patents
    • Trademark, Copyright & Advertising
    • Patent Trial and Appeals Board (PTAB)
    • Litigation & Dispute Resolution
    • Civil Fraud Litigation
    • Employment Practices and Litigation
    • Government Contracts Litigation
    • Intellectual Property Litigation
    • Insurance Recovery
    • Litigation Funding
    • M&A and Private Equity Litigation
    • Real Estate Litigation
    • Patent Trial and Appeals Board (PTAB)
    • UK Tax Controversy & Litigation
    • Special Situations, Distressed Debt and Debt Trading
    • Distressed Debt & Claims Trading
    • Litigation Funding
    • Finance
    • Real Estate Special Situations
    • Transactions
    • Capital Markets
    • Cross-Border Transactions
    • Emerging Growth Companies & Venture Capital
    • Employment
    • Finance
    • Franchising
    • Mergers & Acquisitions
    • Tax
    • White Collar Defense, Investigations & Compliance
    • Economic Sanctions & Export Controls
    • Energy & Environmental
    • Energy
    • Energy Transition
    • Environmental
    • Entertainment & Media
    • Brand & Reputation Management
    • Intellectual Property
    • Sports
    • Investment Management
    • Fund Formation
    • Private Equity Transactions
    • Distressed Debt
    • Emerging Growth Companies & Venture Capital
    • Family-Owned & Closely Held Businesses
    • Private Equity Litigation
    • Life Sciences
    • BR BioAdvisory Services
    • Technology
    • Artificial Intelligence
    • Cybersecurity & Data Privacy
    • Digital Commerce
    • Fintech
    • Real Estate
    • Hospitality & Leisure
    • Distressed Real Estate
    • Real Estate Special Situations
    • Real Estate Litigation
    • Wireless Network Infrastructure
  • Insights
    • Client News
    • Firm News
    • Briefings
    • Events
  • Careers
    • Experienced Lawyers
    • U.S. Law Students
    • London Trainee Program
    • Business Professionals
    • Professional Development
  • Public Interest
    • Brown Rudnick Charitable Foundation
    • Pro Bono & Community Service
  • Inclusion
    • Inclusion
    • Women in Business Series

Search People

Search by last name

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

see all people

Asset 3
  • LinkedIn
  • X (formerly known as Twitter)
  • Instagram
  • YouTube
  • Contact Us
  • Terms of Use
  • Privacy
  • Sitemap
  • LinkedIn
  • X (formerly known as Twitter)
  • Instagram
  • YouTube

© 2024 Brown Rudnick LLP. Attorney advertising.

All Rights Reserved.

All Posts Subscribe
print-logo
11/9/2023 6:14:38 PM | 2 minute read

France Says "Oui" to AI

3
5

Get in touch

Avatar
Morgan Jones
Associate

Get in touch

Avatar
Morgan Jones
Associate
Businessman touching the brain working of Artificial Intelligence (AI) 
Automation, Predictive analytics, Customer service AI-powered chatbot, analyze customer data, business and technology
3
5

France’s data protection authority, Commission Nationale Informatique & Libertés (the "CNIL"), recently issued very important news, namely that artificial intelligence (AI) is compatible with the European Union’s General Data Protection Regulation (GDPR). 

This is incredibly welcomed news for AI-centric companies (as well as those that are just dabbling in AI, which is most companies these days), which have been treading lightly and trying to create an AI-donut hole around the EU (and the U.K.) to avoid the GDPR (and potentially the EU AI Act, which may become law in the next few months).

The CNIL is basing its assessment on the premise that the AI models can be designed (from the outset) to align with the GDPR principles, such as purpose limitation, transparency, data minimization and storage limitation, and ensuring there is a lawful basis to process the data (depending on the circumstances of the collection). This boils down to the CNIL promoting a Privacy by Design approach for AI development.

The CNIL also shed light on some benefits for compliant models, data set ‘re-use’ and retention. Data set re-use refers to the use of publicly accessible data which is extracted by a company from third-party sources (e.g., web scraping). Such a practice can be GDPR compliant, according to the CNIL, if it: limits collection to freely accessible data; defines precise collection criteria before collection; and deletes irrelevant data right after collection. The CNIL goes on to say that data sets used for training purposes, because of their importance and the cost often associated with them, can be retained for longer periods of time (even for several months) than other data fed into the model, if the other aspects of the storage limitation principle are observed (e.g., analyzing and justifying the need for pro-longed use).

So what does this all mean for the average AI developer? In France, at least, it means that: developers should build their model(s) to meet the GDPR principles; web scraping, in certain circumstances, is a valid means of building data sets; and training data can be kept longer to help develop the model(s). 

There could be additional benefits as well in that the developers that follow this guidance in the form of an advantage over competitors that cannot say they are compliant (and perhaps enhanced usability), and by spending less time worrying about, and dealing with fines and enforcement actions (in addition to the GDPR, the EU AI Act offers fines ranging from the higher of €10 million or 2% of annual revenue to the higher of €30 million or 6% of annual revenue – and while the CNIL isn’t the most active regulator, its fines typically start in the six figure range, but it has also issued several ranging from €20 to €90 million). 

Developers should not rely blindly on this recent guidance from the CNIL as other EU data privacy regulators may disagree, leading to a split in GDPR enforcement. Earlier this year, for instance, we saw the Italian data protection authority (the "Garante") ban the use of ChatGPT (and other generative AI chatbots) because it did not conform to the GDPR principles. However, this Italy-wide ban was recently lifted after OpenAI made several adjustments to ChatGPT, including switching to consent- and legitimate interest-based processing, enabling data subjects to correct their data, and creating a plan to implement an awareness campaign for, and age verification system within, ChatGPT in the country. 

With this in mind, and the prevalence of AI being incorporated into virtually all technology these days, it may benefit developers to take the carrot (GDPR/Privacy by Design approach) here, instead of the stick (country-wide bans and/or fines).

Sign up to receive our latest BRiefings delivered directly to your inbox. Subscribe

Tags

cybersecurity & data privacy, cross-border, cybersecurity and data privacy, emerging growth companies & venture capital, technology, cnil, gdpr, privacy by design, ai, data protection, personal data, france

Get in touch

Avatar
Morgan Jones
Associate

Get in touch

Avatar
Morgan Jones
Associate
Walters v. OpenAI: A Game-Changing Verdict Reshaping AI, Defamation and Tech's Future
5/27/2025 9:16:20 PM

Walters v. OpenAI: A Game-Changing Verdict Reshaping AI, Defamation and Tech's Future

By Erick Robinson
In a decision that could reshape the legal and technological landscape, the Superior Court of Gwinnett County, Georgia, issued a ruling...
4
3
7

Latest Insights

In the Financial Times, Partner Matthew Sharp discusses UK Renewable Transport Fuel Obligation (RTFO) compliance
5/30/2025 8:28:25 AM

In the Financial Times, Partner Matthew Sharp discusses UK Renewable Transport Fuel Obligation (RTFO) compliance

By Matthew Sharp
German Court Allows Meta to Use Public Data for AI Training: Implications for Europe’s AI Landscape
5/27/2025 3:16:48 PM

German Court Allows Meta to Use Public Data for AI Training: Implications for Europe’s AI Landscape

By Erick Robinson
3
3
NY Court of Appeals Applies Internal-Affairs Doctrine to Standing in Derivative Actions on Behalf of Foreign Corporations
5/21/2025 8:19:59 PM

NY Court of Appeals Applies Internal-Affairs Doctrine to Standing in Derivative Actions on Behalf of Foreign Corporations

By Jonathan Richman
1
25
26