Respect and facilitate the exercise of data subjects’ rights

02 July 2024

Individuals whose data is collected, used or reused to develop an AI system have rights over their data that allow them to maintain control over it. The controllers are responsible to comply with them and to facilitate their exercise. 

The exercise of rights is closely linked to the provision of information on processing operations, which is also an obligation.

This content is a courtesy translation of the original publication in French. In the event of any inconsistencies between the French version and this English translation, please note that the French version shall prevail.

General reminder on applicable rules

Data subjects have the following rights over their personal data:

They must be able to exercise their rights on both training datasets and AI models if the latter are not considered anonymous (see the questionnaire on the application of the GDPR to AI models).

It must be possible for data subjects to exercise their rights on simple written or oral request.

The controller must inform the data subjects of the person to be contacted for this and implement an internal procedure laying down the conditions for the management and monitoring of the exercise of rights.

With regard to the development of AI models or systems: how to respond to data subject rights?


Derogations from the exercise of rights on datasets or on the AI model