Generative AI development and deployment is exploding, but the recent EDPB Opinion 28/2024 and early enforcement actions (notably the fine against OpenAI by the Garante in Italy) signal that compliance with the GDPR must be taken seriously from the outset. Against this backdrop, our panel will explore how to build trust and avoid pitfalls when developing and deploying LLMs in Europe. We’ll examine the evolving legal landscape—and whether it leaves enough room for meaningful innovation.

Key Questions to Be Examined

• Legitimate Interest & the Balancing Act: How can organizations demonstrate “strict necessity” under legitimate interest following the EDPB Opinion? What does the EDPB's balancing test mean for data collection practices, and how will it impact Europe’s competitiveness in cutting-edge AI systems?
• Unanswered Questions: What critical topics—like using special categories of data to train LLMs—did the EDPB Opinion leave unresolved, and how can organizations navigate these uncertainties?
• Industry Adaptation: Which concrete technical, legal, and organizational measures are emerging as best practices for AI creators and users seeking to align with the new regulatory expectations?
• Enforcement Trends: How do recent investigations, bans, and fines—such as the Italian Garante’s actions, or the regulatory storm that followed DeepSeek’s release—reshape compliance strategies for generative AI providers?