Companies are understandably keen to harness the transformative power of artificial intelligence (AI) by incorporating it into their business processes and consumer and enterprise offerings. The speed of innovation in this area presents possible risks to individuals’ privacy rights – in particular, those whose personal data may be used as part of the AI training dataset. Governments and regulators are playing catch-up. The European Union has reached political agreement on the EU AI Act, and President Joe Biden issued an executive order establishing standards for AI safety and security. In an uncertain and rapidly evolving regulatory environment, what can companies do to protect themselves? This session will explore the legal risks of using personal data to train AI models and practical strategies to mitigate those risks – including alternatives to using personal data.