Developing a large language model such as ChatGPT requires gathering vast bodies of text through a process called web scraping. These datasets ingest details from open online sources such as social media profiles. If data is pulled from publicly available sources, it is in the scope of privacy laws. AI is now regulated by standard privacy laws, like the General Data Protection Regulation (GDPR) and similar law regimes.
GDPR places various stringent obligations on any organization storing, transmitting, or performing analytics on personal data. The most fundamental issue under GDPR is identifying a legal basis for scraping the personal data of millions of people without their knowledge or consent. This matter has been subject to heavy regulatory and judicial scrutiny across Europe, and there’s no simple solution in sight.
It is still unknown how GDPR will apply to generative AI, but some decisions have been made. ChatGPT was temporarily banned by the Italian Data Protection Authority over incorrect results and a lack of lawful grounds for the processing, as well as the mismanagement of children’s data. Google then had to postpone the EU launch of its competitor Bard over similar privacy challenges.
You may also like:
Data privacy laws in the United States and how they affect your business
11 new privacy laws around the world and how they’ll affect your analytics
