Artificial intelligence (AI) has long been part of our everyday lives. AI has become indispensable in schools, universities and businesses. Given the rapid development of artificial intelligence and its increasing presence in everyday life, it is becoming increasingly important to examine its opportunities and risks.
On February 23, 2026, the Federal Data Protection and Information Commissioner and around 60 other national data protection authorites worldwide published a joint statement on AI-generated images. This statement marks an important step in the international discussion on privacy and data protection in the digital age.
Deepfakes and AI: Why Data Protection Authorities Worldwide Are Issuing Warnings
Data protection authorites have expressed serious concerns about systems that use artificial intelligence to generate realistic images or videos of identifiable individual without their consent. Such technologies carry a high risk of abuse, for example through the creation of non-consensual, intimate depictions (known as deepfakes). Childern and other vulnerable groups are particularly at risk of becoming targets of cyberbullying, sexual exploitation or identity theft.
Laws in Switzerland: Are AI-generated images permitted?
In many juristictions – including Switzerland – the creation or distribution of images that have not been created with consent can have criminal consequences. From a data protection perspective, that use of AI systems to create realistic images raises significant questions regarding the legality of data processing and the protection of privacy. Personal data my only be used if there is a legal basis for doing so or if the data subject has given their expressed consent. Companies offering such systems must ensure that appropriate technical and organizational measures are taken to prevent misuse and unauthorized processing.
Recommendations for working with AI
The joint statement by the data protection authorities sets out several key principles that all organizations should follow:
- Impementation of robust protective measures to prevent the misuse of personal data and the creation of non-consensual intimate depictions and other harmful content, especially involving children.
- Ensuring meanigful transparency regarding the capabilities of AI systems, the protective mechanisms implementet, permissible uses, and the potential consequences of misuse.
- Provision of effective and easily accesible procedures through which data subjects can request the removal of harmful content relating to them.
- Special protection for children and other vulnerable groups.
Conclusion: Techological progress requires responsibility
The risks posed by AI-generated images are global and require urgent regulatory action. While AI offers enormous opportunities, technological progress must not come at the expense of privacy, data protection and other fundamental rights.
FAQs
-
What are deepfakes and why do they pose a problem in terms of data protection?
Deepfakes are images or videos generated using artificial intelligence that depict people who appear to be real. They raise data protection concerns because they are often created without the consent of the person concerned and may infringe on personal rights and the right to privacy.
-
Is the creation of AI-generated images of people permitted in Switzerland?
Non-personally identifiable content, yes. Content relating to a specific individual may generally only be used if the person concerned has given their consent. Without consent, the creation or dissemination of such content may breach the Data Protection Act (DPA) and, in certain circumstances, result in criminal liability.
-
What risks does AI-generated content pose for businesses?
Companies risk data breaches, reputational damage and legal consequences. Particularly when processing personal data, they must ensure that AI systems are used in compliance with the law and that misuse is prevented.
-
What guidance do data protection authorities provide on the use of AI?
Data protection authorities recommend, among other measures, technical safeguards against misuse, transparency regarding AI systems, clear guidelines for use, and straightforward procedures for removing illegal content. Particularly vulnerable groups, such as children, should be given special protection.
-
What should companies bear in mind when using AI in Switzerland?
Businesses should check whether personal data is being processed and implement appropriate security measures to ensure their AI applications comply with data protection regulations. It is also advisable to carry out a legal risk assessment and draw up internal guidelines for the use of AI before deployment.
