Data Protection-Compliant Handling of Personal Data in AI Models
In September 2025, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) launched a consultation focusing on the data protection–compliant use of large language models (LLMs). The aim is to foster an open dialogue about the opportunities and risks of these technologies and to develop practical guidelines for their development and use.
With its statement, Bitkom is actively contributing to this process. The association welcomes the risk-based approach of the GDPR as a guiding principle and emphasizes the need to establish legally sound and innovation-friendly frameworks for AI systems. A key concern is to clarify that language models are not databases: they do not store personal data in its original form but rather learn from statistical patterns and structures that are represented within model weights.
The position paper assesses the challenges and opportunities for ensuring data protection–compliant AI use, explains the relevance for practical application, and formulates recommendations for regulation that enables innovation without neglecting the protection of personal data.
