The European Data Protection Board (EDPB) has published a new report offering a practical,risk-based roadmap for addressing privacy risks in Large Language Models (LLMs)- the AI systems behind many of today’s chatbots, virtual assistants, and content tools.
Completed in April2025 by external expert Isabel Barbera under the EDPB’s Support Pool of Experts programme, the report responds to a request from the Croatian Data Protection Authority and marks a timely intervention as LLMs become deeply embedded in business, education, and everyday services.
The report outlines a comprehensive risk management framework designed to help organisations and regulators identify, assess, and mitigate privacy risks in AI systems that process large volumes of personal data.
Key use cases analysed in the report include:
· A customer service chatbot for handling queries,
· An LLM tool for monitoring student learning, and
· An AI travel assistant managing schedules and bookings.
These examples highlight real-world privacy challenges - including data minimisation, transparency, and accuracy - and provide practical mitigation strategies.
As LLM adoptionsurges, this report offers critical guidance for Data Protection Authorities(DPAs) and organisations seeking to implement AI responsibly.
