Skip to content
Data Privacy Days
< Back to all articles

Data Privacy Days: Reflections on AI, Data Governance, and LNDS’ Role

This year, Luxembourg hosted two Data Privacy Day events. Camille Alegre and Bert Verdonck from the Luxembourg National Data Service (LNDS) contributed to the Data Privacy Day conference organised by the Restena Foundation and the Digital Learning Hub in Esch-Belval, while Bert also presented at the conference organised by the Commission nationale pour la protection des données (CNPD), «Vie privée et environnement – numérique durable – convergences et perspectives».

Across both events, the discussions converged on a shared challenge: how to enable innovation while protecting fundamental rights, maintaining trust, and navigating increasingly complex regulatory landscape.

Data Privacy Day
Source: DLH Linkedin account

AI hunger for data, and the tensions it creates

AI has developed at remarkable speed in recent years. Applications that were once experimental are now part of everyday life. Expectations for further progress are huge, and with them comes an ever-growing need for data to train and improve AI systems. This leads to a perfect storm, with huge demands on data, combined with concerns on the protection of fundamental rights, the risks of bias and abuse, and the fast deployment of extensive and complex regulations.

It was in this context that the LNDS team contributed to the Data Privacy Day Luxembourg conference. The contribution focused on bringing structure and clarity to the discussion around AI data needs, offering a way to better understand where tensions arise and how they can be addressed in practice.

Five dimensions of data that shape AI development

To help frame this debate, we proposed to categorise the AI hunger for data into 5 complementary dimensions:

  • Domains

AI rarely fits neatly into a single sector. Health data intersects with socio-economic factors, mobility influences the environment, and energy systems affect almost everything else. Yet in reality, data is still mostly grouped by sector, shaped by how organisations are set up. While this has enabled deep expertise within individual domains, it has also led to fragmentation and silos. To support AI systems that rely on connections across sectors, data sharing practices need to be harmonised, allowing data to flow more smoothly between domains and enabling a more integrated view across the ecosystem.

  • Data types

AI systems learn from many different forms of data: structured and unstructured information, text, images, audio, video, streaming data, inputs from connected devices and more. These data types do not exist independently, they depend on one another to create context and meaning. Different data types create dependencies that complicate useful data extraction. Reducing this friction requires more consistent and structured data capture, as well as shared information standards that make different data types easier to combine and use together.

  • Purpose

Data is typically collected for a specific reason, such as delivering services, meeting legal obligations, research or running daily operations. As a result, datasets are often designed to serve a single, well-defined purpose. Over time, this leads to separate systems that are difficult to connect, making it challenging to correlate data or reuse it for different needs. Clear integration paths and reuse approaches are therefore essential to allow data collected for one purpose to serve others responsibly.

  • Openness

The question of data openness is closely tied to data sensitivity and the protection of fundamental rights. Not all data can, or should be treated in the same way. In practice, meaningful data reuse often depends on finding the right balance between protection and accessibility, rather than relying on a simple open-or-closed model.

  • Geography

Although data flows digitally, most data-sharing initiatives remain confined within national borders. Legal frameworks, governance models and technical infrastructures are still largely designed and operated at national level. As AI development increasingly depends on broader and more diverse datasets, enabling trusted data sharing beyond national boundaries becomes essential, while fully respecting legal requirements and public expectations.

We recommend to analyse and categorise the data needs across 5 dimensions in order to feed an informed discussion and decision making process that balances the needs of AI innovations with the fundamental rights and applicable regulations.

– Bert Verdonck, CEO, LNDS

AI projects do not operate under a single rulebook but at the intersection of multiple frameworks: the AI Act, GDPR, sector-specific regulations, and horisontal data legislation. Instead, they interact in ways that make compliance a structural challenge for real AI projects.

Several core tensions emerge in practice. AI systems often require very large datasets, while GDPR emphasises data minimisation. AI development is iterative and often multi-purpose, whereas the GDPR is built around the principle of purpose limitation, allowing reuse of personal data only where the new purpose remains compatible with the original one. Additional challenges arise from model memorisation in relation to data subjects’ erasure rights, and from the need to use sensitive attributes to ensure fairness despite the restrictions set out in Article 9 GDPR. Further complexity comes from the opacity of modern deep-learning models, which contrasts with transparency obligations set out in the GDPR. It is also reinforced by the growing reliance on global compute infrastructures, at a time when cross-border data transfers remain tightly regulated. 

In practice, these tensions mean that compliance is not a box-ticking exercise, but a governance challenge. Organisations need clear data governance structures, safe experimentation environments, privacy-enhancing techniques, and early risk assessments, especially as vertical, domain-specific AI requires high‑fidelity and often sensitive datasets that cannot simply be scraped or openly shared.

Practical solutions

European instruments already provide pathways to reconcile innovation and protection:

  • the Open Data Directive, providing high-value non-personal datasets that can easily be accessed and reused
  • the Data Governance Act, supporting safe reuse of protected public-sector data
  • the Data Act, unlocking IoT and industrial data, and enabling cloud portability
  • the European Health Data Space, enabling cross-border health data access within controlled infrastructures
  • sectoral European data spaces, offering governed, auditable pathways for accessing sensitive datasets without centralising raw data

In Luxembourg, most of these capabilities are developed and provided through the Luxembourg AI Factory in the context of AI developments. More broadly, Luxembourg National Data Service provides support for the data reuse across all of the dimensions described above.

Source: https://cnpd.public.lu/fr/actualites/national/2026/01/conference-dpd-2026.html

Lessons from the CNPD conference

LNDS also contributed to the CNPD conference, where the discussion shifted toward environmental sustainability and data use.

In the context of preserving a healthy planet, ongoing climate change and the needs for sustainable developments, be it in the mobility, energy, agriculture or any other domain impacting the environment, the demand for personal or commercially sensitive data is on the rise. Therefore, we need to improve our capabilities in how to use this sensitive data, in a controlled manner, efficiently and contained to the agreed purposes.

Today, in many situations, we seem to be stuck to the choice between all or nothing. Either, the requested data is easy to obtain, published as open data with a flexible license, no strings attached. Or, the requested data is inaccessible, hidden, difficult or impossible to obtain. We feel the need to provide more shades of grey in between: what are the aggregation, synthetisation or aggregation methods allowable, depending on context, on data scope and purpose.

– Bert Verdonck, CEO, LNDS

Whereas the public is concerned about their privacy and wants to stay in control, they are generally very supportive to their data to be used for the “right” and agreeable purpose, and at an appropriate aggregation level. In some areas, specific legislation is created to define an explicit legal basis for the purposes and the analyses at hand. Still, we feel this is an area where expertise, guidance and tooling needs to be further developed.

For example, to which level of detail can one share the pollution levels of a piece of land, to serve the general interest without damaging the interests of an individual land owner? To which level of detail can one analyse the travel patterns of Luxembourg residents in order to improve the efficiency of publicly funded transport offerings? Based on aerial heat sensor images of rooftops and video extracts from street maps, can one analyse isolation levels of houses to trend the progress on energy improvement measures? On the aggregate level of a street, a quarter, or a commune? And on the individual housing level?

Many opportunities exist to reduce the environmental footprint of our individual and economic activities. Much of this progress depends on the ability to use personal and sensitive data responsibly. While progress is visible in many areas, continued effort is needed to accelerate and to facilitate data access, in full respect of fundamental rights and compliance.

A shared takeaway

Across both events, one message resonated clearly: trustworthy AI thrives on the triangle of innovation, data governance and regulatory compliance. AI progress will not come from choosing between innovation or rights, openness or protection. It will come from structured approaches, clear governance, and the ability to operate confidently in those essential shades of grey.

Both the Data Privacy Day Luxembourg conference organised by Restena and DLH, and the CNPD conference «Vie privée et environnement – numérique durable – convergences et perspectives», highlighted the complexity of this task, but also showed that the tools, frameworks and expertise needed to address it are already taking shape, with LNDS contributing to building practical, trustworthy pathways for data reuse across domains and purposes.