Developing a large language model such as ChatGPT requires gathering vast bodies of text through a process called web scraping. These datasets ingest details from open online sources such as social media profiles. If data is pulled from publicly available sources, it is in the scope of privacy laws. AI is now regulated by standard privacy laws, like the General Data Protection Regulation (GDPR) and similar law regimes.

GDPR places various stringent obligations on any organization storing, transmitting, or performing analytics on personal data. The most fundamental issue under GDPR is identifying a legal basis for scraping the personal data of millions of people without their knowledge or consent. This matter has been subject to heavy regulatory and judicial scrutiny across Europe, and there’s no simple solution in sight.

It is still unknown how GDPR will apply to generative AI, but some decisions have been made. ChatGPT was temporarily banned by the Italian Data Protection Authority over incorrect results and a lack of lawful grounds for the processing, as well as the mismanagement of children’s data. Google then had to postpone the EU launch of its competitor Bard over similar privacy challenges.

You may also like:

Data privacy laws in the United States and how they affect your business

11 new privacy laws around the world and how they’ll affect your analytics

Data privacy breach


  • PHI and PII

    PHI and PII: How they impact HIPAA compliance and your marketing strategy

    Personally identifiable information (PII) and protected health information (PHI) may seem similar. However, there are critical distinctions between the two. While PII is a catch-all term for any information that can be associated with an individual, PHI applies specifically to HIPAA-covered entities dealing with identifiable patient information. Keeping HIPAA compliant and protecting patient information requires…

  • How can healthcare organizations benefit from using a customer data platform (CDP)

    Like many industries, healthcare has been undergoing significant change and is under immense pressure. Patients expect personalized healthcare experiences, but are increasingly aware of their privacy rights and demand that their data is safe and not misused. Healthcare providers have been seeking ways to connect, scale, and leverage customer data more effectively to meet consumers’…