Glossary term
Glossary term
Governance and Compliance
Information relating to an identified or identifiable person. AI governance should track personal data in training, prompts, retrieval stores, logs, outputs, and monitoring systems including prompts, uploads, embeddings, logs, monitoring records, vendor processing, and generated outputs.
GDPR Article 4(1) defines personal data as any information relating to an identified or identifiable natural person.
California Consumer Privacy Act (CCPA) and CPRA define personal information broadly, including inferences drawn to create a profile.
The Italian Garante's March 2023 enforcement against OpenAI focused on the lawful basis for processing personal data in ChatGPT training.