{"id":20083,"date":"2026-03-09T08:00:45","date_gmt":"2026-03-09T08:00:45","guid":{"rendered":"https:\/\/letslaw.es\/cuidado-con-lo-que-le-confias-aepd\/"},"modified":"2026-03-06T12:13:36","modified_gmt":"2026-03-06T12:13:36","slug":"commandments-aepd","status":"publish","type":"post","link":"https:\/\/letslaw.es\/en\/commandments-aepd\/","title":{"rendered":"\u201cCuidado con lo que le confIAs\u201d, the new AEPD ten-point guide"},"content":{"rendered":"

On 27 January 2026, the day before International Data Protection Day (28 January), the Spanish Data Protection Agency (AEPD) published the \u201cCuidado con lo que le confIAs<\/a>\u201d ten-point guide, with practical recommendations to reduce privacy risks when we interact with AI systems.<\/p>\n

Objectives of the AEPD ten-point guide<\/h2>\n

Aware of the growing use ofand the already tangible potential of Artificial Intelligence systems, the Agency considers it important to provide a set of tips to help people understand and prevent privacy risks<\/strong> arising from the improper use of these tools.<\/p>\n

In the Agency\u2019s own words, this ten-point guide \u201caims to offer the public key pointers to promote a safe, responsible and informed use of artificial intelligence and to foster a digital environment that respects people\u2019s fundamental rights.\u201d<\/p>\n

In addition, this initiative follows the direction set out by the AEPD in its 2025-2030 Strategic Plan<\/a> on Responsible Innovation and the defence of dignity in the digital era<\/strong>, where it reaffirmed its commitment to promoting a culture of privacy and data protection<\/a> among both citizens and organisations, as well as supporting technological innovation with safeguards.<\/p>\n

Responsible use of artificial intelligence<\/h2>\n

Talking about \u201cresponsible use\u201d is not only an ethical matter; it is also a practical one. In day-to-day use of generative AI, there are four ideas worth keeping in mind:<\/p>\n

1. Your prompt is not always \u201cjust text\u201d<\/h3>\n

When you write a query, it is not only the content of the message that travels. In many services, use may involve technical and contextual data (browsing data, identifiers, metadata, etc.). In other words, even if your question is harmless, the surrounding ecosystem might not be.<\/p>\n

2. Privacy is not breached only by sharing your name and surname<\/h3>\n

Some data may not look personal at first, but can become personal through accumulation: habits, frequent locations, routines, concerns, or preferences. With enough repetition, small clues add up to a profile.<\/p>\n

3.AI doesn\u2019t \u201cunderstand\u201d like a professional<\/h3>\n

These tools can sound convincing even when they are wrong. And in sensitive matters (health, legal advice, psychological support), the risk is not only privacy-related: it can also lead to poorly informed decisions.<\/p>\n

4. It\u2019s not only your privacy: you are also responsible for other people\u2019s data<\/h3>\n

A common mistake is to think \u201cthis isn\u2019t mine\u201d and let your guard down: a client\u2019s data, a candidate\u2019s details, a supplier\u2019s information, a colleague, a minor, a screenshot with names, a forwarded email\u2026 If you input these into an AI tool, you are processing personal data and may be exposing third-party information without a legal basis, without necessity, and without control.<\/p>\n

The good practices recommended by the AEPD<\/h2>\n

The value of the ten-point guide lies precisely in the fact that it does not stay at generalities: it proposes concrete habits. These are the 10 recommendations set out by the Agency:<\/p>\n

1. Don\u2019t upload your personal information to AI<\/h3>\n

Avoid including information that directly identifies you (e.g., contact details, documents, personal images). If you need to describe a case, anonymise it or use a fictional scenario.<\/p>\n

2. Be especially careful not to upload sensitive or delicate information<\/h3>\n

Some categories are best kept out by default: health data, financial information, contractual matters, locations or stays. These are high-impact data if exposed.<\/p>\n

3. Respect the privacy of third parties<\/h3>\n

If your query involves other people, remove any element that could identify them. And as a rule of thumb: don\u2019t upload images of third parties to generate new content, especially when minors are involved.<\/p>\n

4. Don\u2019t include professional information<\/h3>\n

If you use AI in a professional context, apply the \u201cas if you were going to paste it into a public channel\u201d standard (because, in practice, the risk of exposure exists). No contracts, reports, strategies, client data, or employee information.<\/p>\n

5. Review the AI service\u2019s terms before using it and choose the safest options<\/h3>\n

Before using a tool, check what happens to your information (retention, use for improvement, privacy settings, permissions). Prioritise solutions that collect only what is strictly necessary and provide clear controls.<\/p>\n

6. If you need specialised professional advice, emotional support or psychological help, go to a professional rather than AI<\/h3>\n

If you need a diagnosis, clinical guidance, legal advice, or psychological support, don\u2019t replace it with a conversation with AI. You can use AI as support, but not as \u201cthe professional\u201d.<\/p>\n

7. Don\u2019t believe everything an AI says: keep a critical stance towards its answers<\/h3>\n

Maintain a critical mindset. Don\u2019t delegate important decisions without verification, and cross-check against reliable sources (especially for matters with legal, financial, or personal impact).<\/p>\n

8. Advise and guide the minors in your care<\/h3>\n

Explain what risks exist, what types of data should not be shared, and encourage critical thinking. Here, prevention means practical digital education.<\/p>\n

9. Use different accounts and delete your history<\/h3>\n

If you are \u201ctesting\u201d tools, avoid mixing them with your personal or professional email. Use separate accounts, review deletion options, and remove conversations regularly when the service allows it.<\/p>\n

10. Your questions can define you<\/h3>\n

You don\u2019t need to type \u201cmy ID number\u201d to leave a trail. Repeated questions about habits, fears, likes or routines can build a very precise profile. Practise the \u201cminimum necessary\u201d principle in what you ask as well.<\/p>\n

Contact Us<\/h2>\n
\n

<\/p>

    <\/ul><\/div>\n
    \n
    \n<\/fieldset>\n
    <\/span><\/div>\n
    <\/span><\/div>\n
    <\/span><\/div>\n
    <\/span><\/div>\n