Balancing AI Development and Privacy Compliance - An Analysis of the Principles of 'Complete Data Sets' in the AI Act and 'Data Minimization' in the GDPR

Avsar, Firat

Balancing AI Development and Privacy Compliance - An Analysis of the Principles of 'Complete Data Sets' in the AI Act and 'Data Minimization' in the GDPR

Mark

Avsar, Firat ^LU (2025) HARN63 20251
Department of Business Law

Abstract (Swedish): This thesis explores the relationship between two important legal principles in European Union law: the requirement for ‘complete data sets’ in Article 10 of the Artificial Intelligence Act (AI Act) and the principle of ‘data minimisation’ in Article 5(1)(c) of the General Data Protection Regulation (GDPR).
The AI Act requires that high-risk AI systems be trained on data that is representative, accurate, and complete, in order to reduce bias and promote fairness. At the same time, the GDPR limits the collection and use of personal data to what is strictly necessary for a specific purpose. This difference creates tension when developing AI systems that depend on large and diverse datasets.
The aim of the thesis is to clarify the legal... (More); This thesis explores the relationship between two important legal principles in European Union law: the requirement for ‘complete data sets’ in Article 10 of the Artificial Intelligence Act (AI Act) and the principle of ‘data minimisation’ in Article 5(1)(c) of the General Data Protection Regulation (GDPR).
The AI Act requires that high-risk AI systems be trained on data that is representative, accurate, and complete, in order to reduce bias and promote fairness. At the same time, the GDPR limits the collection and use of personal data to what is strictly necessary for a specific purpose. This difference creates tension when developing AI systems that depend on large and diverse datasets.
The aim of the thesis is to clarify the legal scope and meaning of each of these two provisions, to examine the challenges that may arise when they are applied together, and to assess whether and how they can be aligned in practice.
By using doctrinal legal research and drawing on academic literature, legal texts, regulatory guidance, and policy sources, the thesis finds that the two principles are not necessarily in conflict. Although they are based on different regulatory goals, they can be applied in a complementary way. A risk-based approach that uses privacy-preserving technologies, legal safeguards, and cooperation between regulators can help support both innovation in AI and compliance with fundamental rights. (Less)

Please use this url to cite or link to this publication: http://lup.lub.lu.se/student-papers/record/9194982

author

Avsar, Firat ^LU

supervisor

Johan Axhamn ^LU

organization

Department of Business Law

course

HARN63 20251

year

2025

type

H1 - Master's Degree (One Year)

subject

Law and Political Science

keywords

EU AI Act, GDPR, data minimisation, complete data sets, AI governance, high-risk AI systems, data protection, legal compliance

language

English

id

9194982

date added to LUP

2025-06-10 11:38:24

date last changed

2025-06-10 11:38:24

@misc{9194982,
  abstract     = {{This thesis explores the relationship between two important legal principles in European Union law: the requirement for ‘complete data sets’ in Article 10 of the Artificial Intelligence Act (AI Act) and the principle of ‘data minimisation’ in Article 5(1)(c) of the General Data Protection Regulation (GDPR). 
The AI Act requires that high-risk AI systems be trained on data that is representative, accurate, and complete, in order to reduce bias and promote fairness. At the same time, the GDPR limits the collection and use of personal data to what is strictly necessary for a specific purpose. This difference creates tension when developing AI systems that depend on large and diverse datasets.
The aim of the thesis is to clarify the legal scope and meaning of each of these two provisions, to examine the challenges that may arise when they are applied together, and to assess whether and how they can be aligned in practice.
By using doctrinal legal research and drawing on academic literature, legal texts, regulatory guidance, and policy sources, the thesis finds that the two principles are not necessarily in conflict. Although they are based on different regulatory goals, they can be applied in a complementary way. A risk-based approach that uses privacy-preserving technologies, legal safeguards, and cooperation between regulators can help support both innovation in AI and compliance with fundamental rights.}},
  author       = {{Avsar, Firat}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Balancing AI Development and Privacy Compliance - An Analysis of the Principles of 'Complete Data Sets' in the AI Act and 'Data Minimization' in the GDPR}},
  year         = {{2025}},
}

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Balancing AI Development and Privacy Compliance - An Analysis of the Principles of 'Complete Data Sets' in the AI Act and 'Data Minimization' in the GDPR