Artificial Intelligence (AI) has revolutionized various sectors, bringing exciting innovations. However, along with its advantages, significant challenges arise, especially regarding the protection of data subjects.

AI employs a variety of mechanisms to collect and process data, including personal data, sourced from various online platforms such as social networks, websites, e-commerce, IoT devices, public databases, online surveys, gaming platforms, transportation and delivery services, travel and booking services, music and video streaming services, among others.

In employing AI in their operations, organizations are obligated to comply with specific legislation concerning the protection of privacy and personal data.

On the Data Protection General Law in force in Brazil (LGPD), for example, it is established clear criteria for processing personal data. In this sense, the use of AI may result in violation of the law, in case of excessive data collection without adequate justification. Furthermore, lack of transparency in data collection and usage by AI can violate principles such as transparency, minimization and accountability provided in the legislation above.

Nevertheless, automated decision-making by AI, without human review, can also infringe on the principle of non-discrimination provided in the Brazilian legislation, especially when these decisions affect data subjects’ rights, such as access to credit or employment opportunities.

This way, without adequate information security measures, AI can expose personal data to leaks or unauthorized access, resulting in financial and reputational damages to the organization.

To mitigate these risks and ensure compliance with the data protection legislation, companies using AI must implement adequate data protection measures and develop personal data governance programs, including policies on information and documents submitted for analysis, reading, supplementation, review, translation, or correction by AI tools containing personal data. Additionally, it is essential for the organization to maintain all mandatory documentation required by such rules, such as records of data processing operations and data protection impact assessments, in cases where data processing is carried out using AI.

Finally, organizations must stay updated on guidelines and regulations related to personal data protection and the use of Artificial Intelligence to ensure compliance.

The law firm Emerenciano, Baggio & Associados – Lawyers, through its specialized area in privacy, data protection, innovation, and technology, has been advising its clients in Brazil on adapting their processes and activities to data protection legislation and other applicable norms.

This content is for informational purposes only and does not constitute any type of consultancy, recommendation, or legal and/or technical guidance for specific cases regarding the topics covered herein.