so long as you do a DPIA, and in germany, holland and france you talk to the workers council its fair game[1].
The reason why I assert this is that we have been forced to re-make a bunch of policies around products that have AI components. Claude was a pain because everything is recorded and stored in the compliance API. WE needed to get outside legal advice specifically for that part.
[1] with caveats. Germany you need to make sure that you are not "spying" on private usage. Which is a massive pain to define.
so long as you do a DPIA, and in germany, holland and france you talk to the workers council its fair game[1].
The reason why I assert this is that we have been forced to re-make a bunch of policies around products that have AI components. Claude was a pain because everything is recorded and stored in the compliance API. WE needed to get outside legal advice specifically for that part.
[1] with caveats. Germany you need to make sure that you are not "spying" on private usage. Which is a massive pain to define.