Data Governance – Privacy – Datenschutz Datenschutzrecht Europarecht DOI: 10.38023/8e7c944d-b21c-48d9-bde8-9f1078d72295

Using AI the right way

Privacy-friendly processing of images and text in leaked identity data

Florian Idelberger

Stephanie von Maltzan

Daniel Vogel

Marc Ohm

Zitiervorschlag: Florian Idelberger / Stephanie von Maltzan / Daniel Vogel / Marc Ohm, Using AI the right way, in: Jusletter IT 26. März 2025

This contribution proposes a method to process identity data from data leaks with AI in a privacy-friendly way so that it can be utilized for preventing misuse of identity data without exposing the data or risking additional damages to data subjects. As AI-based algorithms are used more by public administrations, legislators and legal researchers investigate the use of AI and its dangers. Especially when processing sensitive data such as identity data, the dangers are many, and their prevention is paramount. In this article, we show that the careful use of AI and the use and storage of personal identity data do not have to be an oxymoron but can actually help in preventing the further misuse of identity data.

Inhaltsverzeichnis

1. Introduction
2. Technical Description of the System
- 2.1. Technical and organizational measures
- 2.2. Usage of local, privacy-conscious, usage-specific AI models
  - 2.2.1. Identification of ID Card Data
  - 2.2.2. Text detection
3. Legal assessment
- 3.1. GDPR
  - 3.1.1. Lawfulness
  - 3.1.2. Principles relating to data processing
    - 3.1.2.1. Legal basis
    - 3.1.2.2. Purpose limitation
    - 3.1.2.3. Data-minimization
    - 3.1.2.4. Data accuracy
    - 3.1.2.5. Only allow identification as long as necessary
  - 3.1.3. Appropriate security
- 3.2. AI-Act
4. Conclusion and Outlook
5. Bibliography