Loading content...

News 14.05.2026

Copyright and Personal Data Protection in the Use of Artificial Intelligence

At the partner event organized by the Competence Centre for Design Management we presented certain legal aspects of the use of artificial intelligence, beginning with an overview of the AI Act and a discussion of copyright and personal data protection in the context of AI systems.

At the partner event organized by the Competence Centre for Design Management (Kompetenčni center za design management; KCDM), we presented certain legal aspects of the use of artificial intelligence, beginning with an overview of the AI Act and a discussion of copyright and personal data protection in the context of AI systems.

At a meeting of KCDM partners dedicated to overcoming barriers to innovation and the more effective use of design and artificial intelligence in business, Nejc Setnikar and Eva Gostiša presented key legal aspects of the use of artificial intelligence in companies. The presentation focused primarily on issues of compliance with the EU Artificial Intelligence Act, personal data protection, and copyright in the era of generative artificial intelligence.

The focus was on how companies can integrate artificial intelligence into their processes in a way that fosters innovation while minimizing legal and business risks. There was a particular emphasis on the practical implications of using AI tools in day-to-day business operations, ranging from the use of generative models to data management, internal rules of use and organizational accountability.

AI Act: companies must understand their role and the risks involved

The presentation of the AI Act highlighted that European regulation of artificial intelligence is based on a risk-based approach. The key question for organizations is therefore no longer simply whether they use artificial intelligence, but rather what kind of AI system they use, for what purpose, and in what role they operate – as a provider, deployer, distributor, or system integrator.

Compliance with the AI Act does not in itself imply compliance with the GDPR or other legal frameworks. Organizations will therefore need to establish a broader compliance framework that includes oversight of AI system usage, documentation of decisions, risk assessment and internal rules of use.

Among the practical recommendations for companies, the following were particularly emphasized:

  • developing internal rules for the use of generative AI,
  • identifying the AI systems used by the organization and classifying them according to risk,
  • reviewing contractual relationships with AI providers,
  • training and education (AI literacy),
  • observability and traceability.

Personal data protection remains a central issue regarding AI

In the segment of the presentation devoted to personal data protection, it was emphasized that the GDPR remains the fundamental legal framework, even in the context of artificial intelligence. The AI Act does not replace it but rather refers to it.

Special attention was given to the challenges that large language models and generative AI pose for personal data protection. The following key risks were highlighted:

  • the use of large amounts of data, including personal data, in training models,
  • the possibility of disclosure of personal data in the model’s outputs,
  • profiling, automated decision-making and inferential profiling,
  • the issue of transparency and the content of notifications to individuals regarding the processing of personal data.

The presentation also highlighted the increasingly active role of European supervisory authorities and courts.  It is becoming particularly important to understand the lifecycle of an AI system – from data collection to the deployment of the model in a production environment – since each phase may involve separate processing of personal data, each with its own legal requirements.

Copyright and generative AI

As part of a presentation on the copyright aspects of AI, it was noted that generative AI raises new questions regarding the use of copyrighted content, model training, and rights to results created with the help of AI.

Particular attention was paid to the question of when a result created with the help of AI can actually be protected by copyright. The key criterion remains human creative contribution – if the result reflects human creative decisions, it can be protected as a copyrighted work even if AI was used in its creation.

The speakers also highlighted the importance of rules regarding text and data mining, which represent one of the key legal foundations for the use of content in training AI models.

AI as a business opportunity – with appropriate risk management

The event demonstrated that AI is no longer merely a technological issue, but rather an important area of legal, organizational, and business risk management. At the same time, clear rules, sound internal organization, and an understanding of the regulatory framework can enable companies to use AI solutions more safely and effectively in practice.

At Jadek & Pensa, we monitor the development of European regulations on artificial intelligence and advise companies on issues of compliance, personal data protection, copyright, and legal risk management in the use of artificial intelligence.