Written by: Haim Ravia, Dotan Hammer
Spain’s data protection authority (Agencia Española de Protección de Datos, AEPD) published a comprehensive 71-page guidance document addressing data protection issues arising from the use of AI agents—artificial intelligence systems that use language models to autonomously pursue goals, plan multi-step tasks, interact with external environments, and make decisions with increasing degrees of independence from human operators.
The guidance follows a similar (but shorter) analysis by the UK Information Commissioner’s Office and represents the most detailed regulatory treatment of agentic AI from a European data protection authority to date. The AEPD emphasizes that understanding agentic AI technology at a foundational level—not merely as a user—is essential for making informed decisions about its deployment in personal data processing. Both the “irrational rejection” of agentic AI and its “uncritical acceptance” can be harmful, the authority warns. It also stresses that the opportunities offered by agentic AI for greater data protection by design and as a privacy-enhancing technology in its own right must be proactively seized.
The document identifies several categories of vulnerabilities specific to agentic AI. These include interaction with the external environment (including access to organizational and user data, and the ability to perceive and act externally); service integration challenges (particularly the ease of deploying agentic AI services without adequate governance); memory management issues (including working memory, management reporting, and the exercise of data subject rights across memory systems); and the risks arising from autonomous operation (including challenges to transparency and human oversight, non-repeatable behavior, and the agent’s ability to act on behalf of users or organizations).
On GDPR compliance, the AEPD addresses determining processing responsibilities—particularly in multi-agent architectures where the roles of controller, joint controller, and processor may be unclear or may shift dynamically during processing. It also covers transparency obligations, lawfulness of processing, the exercise of data subject rights (including the practical difficulties of responding to access and erasure requests across complex agent memory systems), automated decision-making under Article 22 of the GDPR, risk management including Data Protection Impact Assessments, data protection by design and by default, and international data transfers that may arise when agents interact with external services across jurisdictions.
The guidance catalogs specific threats, distinguishing between those arising from authorized processing—such as a lack of governance policies, insufficient control over the reasoning process (chain-of-thought), automation bias, and excessive data retention—and those from unauthorized processing, including prompt injection attacks, illicit access to agent memory, and availability and resiliency failures.
The document concludes with a detailed set of mitigation measures organized around five pillars: governance and management processes (including accepting the possibility of failure and empowering the Data Protection Officer); evidence-based continuous assessment (including golden testing practices); data minimization (covering cataloging, filtering, and pseudonymization); memory control (compartmentalization, sanitization, and strict retention periods); and automation safeguards (including control over the degree of autonomy, safe design of chains-of-thought, service catalogs, and whitelists).
Click here to read the AEPD’s Guidance on Agentic Artificial Intelligence from the Perspective of Data Protection.
