The current change applies to all input and output from and to Copilot. This can be used to create profiles about personal preferences, for example.
Personal data is about identifying a person and relating information to that person. A name in an unrelated text field isn’t personal data if you can’t tell the relation between the name and the person who input it, or any surrounding data. The contents of a repository, however, and the interaction with Copilot, can very well help identifying the account holder and their personal data. For example, I might be processing personal health data identifiable as such in a private repository with the help of Copilot.
> This can be used to create profiles about personal preferences
And since it's not, so what?
> I might be processing personal health data identifiable as such in a private repository with the help of Copilot.
That remains nonsense. The fact that you could put PD in a place not intended to hold PD does not magically transform entire datasets into PD because 1 record may contain it. This is covered in a24 (risk-based), and multiple edpb discussions of proportionate measures. There is zero requirement to guarantee anything collected for a different purpose is not misused by the user, assuming you're not encouraging that misuse.
Personal data is about identifying a person and relating information to that person. A name in an unrelated text field isn’t personal data if you can’t tell the relation between the name and the person who input it, or any surrounding data. The contents of a repository, however, and the interaction with Copilot, can very well help identifying the account holder and their personal data. For example, I might be processing personal health data identifiable as such in a private repository with the help of Copilot.