On December 19, 2024, the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW) provided a data protection and artificial intelligence (AI) overview of 2024 and projections for 2025.

Overview of data protection 2024

The LDI NRW outlined that an important topic affecting data protection in 2024 was the technical development in the use of AI and digitization and networking in the health and science sectors.

Regarding the cases in 2024, the LDI NRW stated that it:

• looked into two major providers of large language models (LLMs);
• is concerned over the use of emotion recognition software for calls to the call center; and
• was informed of large unauthorized exchange of data between companies in Germany and German-speaking countries, and investigations with relevant data protection authorities (DPAs) have been initiated.

Predictions for 2025 and AI challenges

The LDI NRW provided the following observations for 2025:

• continued concern for the use of AI, particularly national identification of competent authorities under the EU Artificial Intelligence Act (AI Act); and
• arrival of the electronic patient file, particularly regarding the issues with the technical system providing objection options for individuals with statutory insurance.

In particular, the LDI NRW highlighted several challenges for AI:

• a lack of harmonization between the General Data Protection Regulation (GDPR) and the AI Act;
• dealing with models that were trained outside the EU and contradict our data protection standards; and
• exclusion of compliance with data subject rights in LLMs.

You can read the press release, only available in German, here.