Acta acta.ink
GDPR · 6 min read

Health Data in AI Prompts: Art. 9 GDPR and the AI Act Collision

When employees paste medical records, HR data, or biometric info into AI tools, Art. 9 GDPR creates an immediate legal problem.

Here's a scenario that happens in organisations every day: an HR manager pastes an employee's sick leave summary into ChatGPT to draft a return-to-work letter. A legal assistant uploads a discrimination complaint to Claude for summarisation. A healthcare administrator asks Gemini to help triage patient intake forms.

In each case, special category data under Art. 9 GDPR has just been sent to a third-party AI provider. And in most organisations, nobody noticed.

What is Art. 9 special category data?

Art. 9 GDPR identifies categories of personal data that are so sensitive they require a higher level of protection. Processing is prohibited by default unless one of ten explicit exceptions applies:

  • Health data — medical conditions, diagnoses, prescriptions, sick leave, disability status
  • Biometric data — fingerprints, face scans, voice recordings used for identification
  • Genetic data — DNA, family health history
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation or sex life

The key word is "processing." Pasting data into an AI tool is processing. Sending it over an API is processing. The AI provider storing it — even temporarily — is processing. Every step in the chain requires a valid legal basis under Art. 9(2).

Why AI tools make this worse

Traditional data processing systems have defined inputs. Your HR system has fields; your CRM has schemas. You know what data goes in because you designed the forms.

AI tools accept free-text input. Anything an employee can type or paste goes straight to the provider's API. There are no field restrictions, no data type controls, no built-in classification. The input field for ChatGPT accepts a medical record as readily as it accepts a recipe.

This means your Art. 9 risk isn't theoretical — it's structural. Any organisation using AI tools with free-text input has created a channel through which special category data can flow unchecked.

The common "we have a policy" defence

Most organisations address this with an acceptable use policy: "Do not enter personal data into AI tools." Some go further: "Especially do not enter special category data."

Policies are necessary but insufficient. DPAs have been clear that technical measures are expected alongside organisational ones. A policy that says "don't do this" without any mechanism to detect or prevent it is unlikely to satisfy a regulator — especially after an incident.

GDPR's principle of data protection by design and by default (Art. 25) expects you to implement technical measures. For AI tools, this means controls that can detect special category data before it leaves the user's environment.

What detection looks like in practice

  1. Pattern-based scanning — regex and NLP models that flag likely health terms, ICD codes, medication names, ethnic identifiers, political party names, and similar markers
  2. Contextual analysis — distinguishing "the patient has diabetes" (special category) from "our AI model diagnoses diabetes" (likely not special category in this context)
  3. Hard blocking vs. soft flagging — special category data may warrant hard blocking by default (prompt doesn't send), with an override path that requires DPO approval and documented legal basis
  4. Audit logging — recording what was detected, what action was taken, and whether any override was applied

No detection system is perfect. The goal is a layered approach: catch the obvious cases automatically, flag the ambiguous ones for human review, and log everything for accountability.

The EU AI Act amplifier

Under the EU AI Act, the obligations compound. Art. 26 requires you to implement "appropriate technical and organisational measures" for AI deployment. Art. 27 may require a Fundamental Rights Impact Assessment if your AI use could impact fundamental rights — and special category data processing directly affects the right to privacy and non-discrimination.

A regulator looking at your AI governance will connect the dots: if you're processing health data through AI tools without Art. 9 safeguards, you're also likely failing your Art. 26 deployer obligations and your Art. 35 GDPR DPIA requirements.

Practical steps

  1. Assume it's happening. If employees use AI tools with free-text input, special category data is flowing through them. Start from this assumption.
  2. Implement detection. Deploy technical controls that scan prompts for Art. 9 data categories before they reach the AI provider.
  3. Default to block. For special categories, a hard block with a documented override path is the safest posture.
  4. Document the legal basis. If any Art. 9 processing through AI tools is intentional, document the specific Art. 9(2) exception and ensure DPO sign-off.
  5. Update your DPIA. If your AI-related DPIA doesn't address special category data risk, it has a critical gap.

Disclaimer: This article is for informational purposes and does not constitute legal advice. Art. 9 GDPR processing requirements are context-dependent and may vary by jurisdiction. Consult your DPO and qualified legal counsel.

Related reading

3 DPIA Mistakes That Regulators Flag First Shadow AI: Your Employees Are Pasting Sensitive Data Into ChatGPT

See how Acta can help

PII detection, audit logging, policy enforcement, AI literacy insights. One platform for EU AI Act compliance.

Try Acta free

Free extension included · Pay as you go

← All articles