Interplay between General Data Protection Regulation and AI Act – data minimisation principle

Abstract

The rapid advancement of artificial intelligence has brought into sharp focus the tension between technological innovation and fundamental rights protection within the European Union (EU). This thesis examines the interplay between the General Data Protection Regulation (GDPR) and the AI Act, with particular attention to the principle of data minimisation. It investigates whether the extensive data requirements of machine learning models are compatible with the legal obligation to limit personal data processing strictly to what is necessary. Through a doctrinal analysis of the GDPR, case law review, and a survey conducted among Latvian AI companies, the study reveals a fundamental conflict between current AI training practices and GDPR compliance. The findings suggest that without clearer legal standards and enhanced technical safeguards, the principle of data minimisation risks becoming symbolic rather than practically enforceable. Recommendations are provided for both policymakers and AI developers to bridge the gap between regulation and technological realities.