This article was written prior to the recent developments regarding the New AI ACT. For the latest information, insights, and implications of this significant legislation, please visit our updated coverage here.
As artificial intelligence (AI) technologies continue to advance, concerns around privacy and ethical implications have intensified. Among these concerns is the question, is ChatGPT safe? ChatGPT (Generative Pre-trained Transformer) is an AI system capable of engaging in human-like conversations. In response, Data Protection Authorities (DPAs) have taken action to address the potential risks associated with this technology.
From guidelines and investigations to enforcement measures, DPAs worldwide have assumed a critical role in regulating ChatGPT and other AI systems. Join us on a journey into the world of AI regulation as we explore the diverse array of responses from Data Protection Authorities across the globe.
People are questioning: is ChatGPT safe to use, and why are Data Protection Authorities concerned?
To answer simply, privacy implications and data handling concerns are at the forefront of decisions for all DPAs across the globe. Below are several detailed reasons why Data Protection Authorities are making noise over ChatGPT, to help you determine, is ChatGPT safe to use?
ChatGPT, the highly popular chatbot powered by artificial intelligence, is encountering challenges with European Union’s influential privacy watchdogs. In April 2023, it faced a temporary ban in Italy due to concerns that it could violate the General Data Protection Regulation (GDPR).
EU privacy watchdogs are now contemplating their next steps in examining potential abuses associated with ChatGPT, following the lead of their Italian counterparts. The Irish Data Protection Commission has expressed its intention to coordinate with other EU Data Protection Authorities on this matter, and the Belgian Data Protection Authority believes that ChatGPT’s potential infringements should be discussed at the European level.
Complaints against ChatGPT have already been filed with France’s Data Protection Authority, CNIL, alleging privacy violations, including breaches of the GDPR.
Advocacy groups, such as the Center for AI and Digital Policy in the U.S. and consumer watchdog BEUC in Brussels, have also called for investigations into OpenAI and ChatGPT, warning that potential harm may occur before the EU’s forthcoming AI rule book is in place.
EU lawmakers are currently negotiating legal frameworks for AI technology as part of the EU Artificial Intelligence Act Draft. However, the absence of specific legislation on artificial intelligence has empowered data protection regulators to intervene.
As DPA’s, their role includes enforcing the GDPR, which governs data collection, user protections against automated decision-making, transparency in data usage, the accuracy of personal data, and the right to correction.
Keep reading below to see how regulators are reacting to ChatGPT 👇
The EDPB has decided to establish a dedicated task force to facilitate cooperation and information exchange among data protection authorities regarding potential enforcement actions. Read the official press release here →
After the temporary banning of ChatGPT in Italy, OpenAI, the company behind ChatGPT, has complied with the requirements of the Italian Data Protection Authority (Garante Privacy) and introduced new measures. OpenAI has published a notice explaining the processing of personal data and granting European users the right to object to data processing.
The company has implemented age verification measures and tools for users to request opposition to indexing or modification of their data. OpenAI is allowed to use legitimate interest as the legal basis for training the algorithm, but is subject to evaluation by the Garante Privacy.
OpenAI will continue to engage in dialogue with the Garante Privacy for compliance with GDPR.
In response to the rapid advancements in artificial intelligence (AI), particularly generative AIs like ChatGPT, the French Data Protection Authority, CNIL (Commission Nationale de l’Informatique et des Libertés), has released an action plan aimed at ensuring the deployment of AI systems that respect individual privacy.
With a long-standing focus on addressing the challenges posed by AI, CNIL’s action plan extends its efforts to encompass generative AIs, large language models, and their derivative applications, including chatbots. The plan revolves around four key objectives:
The CNIL’s action plan also includes a dedicated dossier on generative AI, shedding light on its technical functioning, legal questions, ethical challenges, and real-world applications. This additional resource complements existing materials available to professionals and the general public on the CNIL’s website.
As the AI landscape continues to evolve, CNIL’s proactive approach underscores its commitment to ensuring the responsible and ethical deployment of AI systems while protecting individual rights and freedoms.
Helen Dixon, the Data Protection Commissioner of Ireland, has emphasized the importance of thoughtful analysis and careful consideration when it comes to regulating AI technologies. She cautioned against being overly reactionary or hasty in implementing regulations, as doing so may lead to ineffective laws or unnecessary bans that lack durability and validity. Dixon highlights the need for a measured approach to ensure that regulations adequately address the complexities of AI while standing the test of time.
Spain’s Data Protection Authority has requested the EDPB to assess privacy concerns surrounding OpenAI’s ChatGPT. This request comes amidst increased global scrutiny of AI systems.
Spain’s DPA emphasizes the need for coordinated EU decisions on global processing operations. The inclusion of ChatGPT in the next Plenary of the European Data Protection Committee is requested.
In a coordinated effort, German Data Protection Authority, led by the state commissioner for data protection and freedom of information in Rhineland-Palatinate, Prof. Dr. Dieter Kugelmann, have taken action against OpenAI, the operator of the popular AI chatbot ChatGPT. The authorities have sent a comprehensive catalog of questions to OpenAI, seeking clarification on various aspects of data protection and compliance. This move is part of the newly established TaskForce ChatGPT at the European level, reflecting the concerns of all EU data protection supervisory authorities.
Prof. Kugelmann, who also leads the TaskForce AI of German data protection supervisory authorities, highlighted the significance of this initiative, stating, “We need information from OpenAI in order to be able to check compatibility with European data protection law. Innovation is good and important, but on the other hand, applicable rules must be observed. The task forces in Germany and European Union will take care of that.”
The model letter developed by the German data protection supervisory authorities covers a range of crucial topics. It focuses on determining the legal basis for data processing by ChatGPT, ensuring the protection of children’s data, and ascertaining the transparency and adequacy of information provided to users regarding data processing. Transparency is of utmost importance when deploying AI systems, as it enables individuals to exercise their rights effectively.
Access here → (In German)
President Joe Biden has issued a significant executive order aimed at enhancing the safety and privacy of artificial intelligence (AI) technology in the United States. The White House unveiled this executive order on Monday, which outlines a series of measures designed to ensure the responsible development and utilization of AI.
One key aspect of the executive order is the requirement for AI companies and developers to adhere to new rules and practices to ensure the safety of AI technology. This includes sharing information about safety tests with the government and developing tools to guarantee the safety, security, and trustworthiness of AI systems.
White House Deputy Chief of Staff Bruce Reed emphasized the global significance of this move, stating, “President Biden is rolling out the strongest set of actions any government in the world has ever taken on AI safety, security, and trust.” The order reflects a comprehensive strategy to harness the benefits of AI while mitigating associated risks.
The executive order also has several implications for federal agencies. It calls for the development of a National Security Memorandum to guide the military and intelligence communities in their use of AI. Additionally, it focuses on protecting user privacy during AI training and addressing concerns related to cyberattacks and fraud attempts through the development of practices and standards.
Equity and civil rights are another central focus of the order. It builds upon previous executive orders to combat algorithmic discrimination, ensuring that AI is not used to discriminate in federal benefit programs, contracting, or within the judicial and law enforcement processes.
Furthermore, the order mandates the White House to establish principles and best practices for addressing AI’s impact on the workforce, examining job displacement and identifying potential uses to supplement specific needs. This information will be compiled into a report on AI’s labor-market implications.
On the international front, the State Department will work to create a “robust international framework” for AI governance, aligning with Vice President Kamala Harris’s involvement in the United Kingdom’s AI Summit.
President Biden’s executive order on AI comes shortly after Senate Majority Leader Chuck Schumer’s “AI Insight Forum,” which aimed to explore regulatory approaches for AI technology while fostering transformative innovation.
The Biden administration has announced that it is inviting public comments on accountability measures for artificial intelligence (AI) systems. Concerns about the impact of AI on national security and education have prompted this move.
During a groundbreaking congressional hearing, OpenAI CEO Sam Altman, along with other prominent figures in the AI industry, expressed their support for increased regulation, setting themselves apart from influential tech companies that have opposed regulatory intervention.
Altman emphasized the potential dangers associated with AI and advocated for additional government regulation. He highlighted how AI advancements could impact various sectors such as labor, healthcare, and the economy, underscoring the need for regulatory measures to prevent and mitigate any negative consequences. Altman emphasized that government intervention through regulations would play a “critical” role in addressing these concerns.
Accompanying Altman as witnesses were IBM Chief Privacy & Trust Officer Christina Montgomery and New York University Professor Emeritus Gary Marcus. Marcus delivered some of the most striking warnings during the hearing, particularly focusing on issues like political manipulation, health misinformation, and hyper-targeted advertising. He suggested the establishment of a Cabinet-level organization dedicated to keeping pace with AI developments and proposed safety reviews akin to those conducted by the Food and Drug Administration as a means of oversight.
Montgomery highlighted the importance of tailoring oversight of AI to different risks, suggesting the implementation of distinct rules for specific use cases based on their potential impact on society. She stressed that the most stringent regulations should be applied to those use cases posing the greatest risks to society.
Following the temporary limitation imposed by the Italian data protection authority on OpenAI’s ChatGPT due to data breach incidents, Brazil’s perspective on the use of similar AI technologies raises concerns about data protection. While Brazil does not currently have specific decisions from its National Data Protection Authority regarding ChatGPT or similar AI systems, expectations are justified for security, transparency, and privacy parameters to be consistently observed in order to provide safe and reliable technologies to the public.
In Brazil, the General Personal Data Protection Law (LGPD) imposes obligations on transparency, and data processing for children, and prohibits processing without a proper legal basis. Additionally, the Senate is considering Bill No. 21/2020, which establishes principles and guidelines for the development and application of AI in Brazil. The bill proposes procedural obligations to mitigate risks associated with AI technology, including privacy control, trustworthy testing, prevention of discriminatory practices, and transparency measures.
While regulators in Brazil have not yet introduced specific regulations for AI, the existing norms emphasize the need to address risks and protect children and adolescents in data processing.
Read here → (In Portuguese)
As always, we’re following this evolving case and will keep this post updated with the latest developments. Bookmark this post to make sure that you don’t miss an update!
