Personal Data and Artificial Intelligence: Best Practices
The use of artificial intelligence requires heightened vigilance whenever client data is involved. The notary has two fundamental obligations: professional secrecy, which is absolute for both the notary and their staff, and compliance with the GDPR, which governs all processing of personal data.
1. Consumer-Grade AI Tools: Prohibited for Processing Client Files
Consumer-grade AI tools may read, store or reuse content submitted by users. Some are hosted outside the European Union without adequate safeguards.
No data relating to a client file may be entered into such tools, even in anonymised form.
Permitted tools include:
- AI solutions integrated into professional practice management software;
- secure professional-grade versions (such as ChatGPT Team or Mistral Business), provided documents are anonymised prior to use.
All such solutions must be implemented and used with caution, on the basis that the use of AI inherently carries a risk of breach of professional secrecy.
2. GDPR and Mandatory Disclosure
In the majority of cases, personal data processing carried out in the context of notarial activity is based on legal grounds (legal obligation or public interest mission) that do not require the collection of consent, but do impose full transparency as to the purposes pursued, as well as the strict necessity of the processing.
The client must be informed that AI is being used, for what purpose and on what legal basis.
Example of a disclosure notice to be provided to the client:
“In the course of processing your file, certain data may be analysed using a secure artificial intelligence tool. Such processing is carried out within the framework of the public interest mission entrusted to the notary.”
Where the use of AI serves an ancillary purpose (for example, the improvement of an internal model), any reuse of data must be brought to the client’s attention prior to any further processing. The client may exercise their right to object in accordance with Article 6(4) of the GDPR.
3. Raising Client Awareness of Confidentiality
Confidentiality may be compromised by the client themselves. A client must not upload a deed, a draft or a clause into an AI tool, as doing so exposes not only their own personal data but also that of the other parties involved.
A notarial deed contains confidential data relating to several individuals, and its submission to an AI tool is to be strictly avoided.

