The Commission Nationale de l’Informatique et des Libertés (CNIL), the French data protection authority, recently published two recommendations to support innovation in the field of artificial intelligence (AI) in accordance with the General Data Protection Regulation (GDPR). It adopts a didactic approach, issuing recommendations, best practice and explanations on how to apply the principles of the GDPR in the context of AI.

The global AI regulatory landscape is undergoing significant changes, with governments adopting divergent approaches to artificial intelligence governance. In Asia, North America, and Europe, policymakers are setting new standards that could reshape the future of AI development and deployment.

In a decision rendered on 30 December, 2024, the Conseil d’État (Council of State) dismissed the appeal made by four associations against Decree 2023-283 on the use of drones by law enforcement agencies.  The Conseil d’État has reversed its position and authorised law enforcement agencies to use drones.  It stated that the existing legal framework guaranteed compliance with the requirements for the protection of personal data and privacy as laid down by national and European law.

The United States’ Intelligence Community1 (IC) has released Interim Guidance about the acquisition and use of foundation AI models (FMs).  This guidance has been provided by inter-agency lawyers and concerns the application of AG guidelines and policies to the IC’s acquisition and use of FMs. As well as clearly suggesting that IC elements will use FMs for intelligence purposes, the document provides additional guidance concerning model acquisition, modification, augmentation, prompts and outputs.

The Information Commissioner’s Office (ICO) has published its final response to the public consultation on the application of UK data protection law to generative AI (GAI). The response marks the culmination of an extensive consultation process aimed at clarifying key data protection principles in the context of generative AI systems.

In October 2024 the International Enforcement Cooperation Working Group (IECWG) from the Global Privacy Agency(GPA) issued a Concluding Joint Statement on data scraping and the protection of privacy. It completes the Initial Joint Statement on data scraping and the protection of privacy published in August 2023. It contains three objectives: firstly, to outline the key privacy risks associated with data scraping; secondly, to set out how Social Media Companies (SMCs) and other organisations should protect individual personal information; and thirdly, to set out measures that individuals can take to protect their personal data. 

The European Commission’s Artificial Intelligence (AI) office has initiated a targeted consultation with stakeholders on guidelines for defining AI systems and applying prohibitions on certain high-risk AI practices, as outlined in the EU AI Act. This consultation represents a significant step in preparing for the implementation of these provisions, which will come into effect on 2 February 2025, six months after the AI Act’s entry into force. The guidelines are expected to be finalised and published in early 2025, providing practical assistance to businesses, regulators, and other stakeholders in meeting their obligations under the Act.

The Chair AI-Regulation announces the participation of its two research fellows, Cornelia Kutterer and Dr. Theodoros Karathanasis, as plenary experts to the European Commission (EC) consultation on a Code of Practice (CoP) for providers of General-Purpose Artificial Intelligence (GPAI) models.