Italian Garante Adopts Statement on Health Data and AI – Inside Privacy

CDO TIMES BOT 0 Comments 2 min read

Updates on Developments in Data Privacy and Cybersecurity
On July 30, 2025, the Italian Data Protection Authority (“Garante”) released a statement addressing the risks of using AI to interpret medical data.  In this statement, the Garante recognizes the growing trend of individuals uploading medical analyses, X-rays, and other reports onto generative artificial intelligence platforms to obtain interpretations and diagnoses.  It warns users of these AI services to carefully evaluate the implications of sharing health-related data with AI providers and relying on automatically generated responses.
The Garante highlights the risks to the health data involved and the dangers inherent in using AI solutions that are not qualified as medical devices, as these AI systems do not undergo checks by regulators to ensure their medical safety.
Focusing on data protection, the Garante recommends users to review AI providers’ privacy policies to understand whether their uploaded medical data will be deleted after the interpretation request or stored and used to train the AI algorithms.  Furthermore, the Garante underscores the importance of qualified human oversight (e.g., by a doctor) in processing health data through AI systems.  The AI Act will require human oversight for high-risk AI systems, such as AI systems that qualify as medical devices.  According to the Garante, this oversight is vital to mitigate potential health risks and must be present throughout each phase of the AI system lifecycle—from development and training to testing and validation—before these systems are released to the market.
*          *          *
Covington’s Data Privacy and Cybersecurity Team regularly advises clients on the laws surrounding AI and continues to monitor developments in the field of AI.
(This blog post was written with the contributions of Alberto Vogel).
Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.
Kristof has been specializing in this area for over twenty…
Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.
Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.
Kristof is admitted to practice in Belgium.

Attorney Advertising
Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.

You May Also Like

Wall Street Zen Downgrades Quantum Computing (NASDAQ:QUBT) to Sell – MarketBeat

CDO TIMES BOT 0

Opening The Doors To Change: What To Expect At CLOC Global Institute 2025 – Above the Law

CDO TIMES BOT 0

Foster City services impacted by cyber security breach – The Mercury News

CDO TIMES BOT 0

Leave a Reply