European data watchdog, Wojciech Wiewiórowski, predicts a tough situation for United States-based artificial intelligence (AI) companies currently being investigated for alleged General Data Protection Regulation (GDPR) violations. The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The regulation came into effect on May 25, 2018, giving citizens more control over their personal data while introducing stringent rules for companies handling such data.
In a recent interview with the MIT Technology Review, Wiewiórowski told the publication that the fast pace of development in the AI space means data protection regulators should be prepared for another scandal, invoking the Cambridge Analytica situation for reference. Cambridge Analytica, a political consulting firm, illicitly obtained data on millions of Facebook users and used it for political advertising.
The comments come after a tumultuous week for leading AI outfit OpenAI, creator of the massively popular GPT suite of products and services. The company’s suite of GPT services has been outright banned in Italy pending further information about its intent and ability to comply with GDPR, with similar actions pending in Ireland, France and Germany.
According to the European Union data watchdog, OpenAI currently finds itself between a European rock and a U.S. hard place, legally speaking. As regulators in the EU look to crack down, U.S. lawmakers could be eyeing the European prescription as a possible local template.
Under GDPR law, EU citizens are given the ability to opt out of data collection and, in the event a system outputs erroneous data, to have those errors corrected. However, some experts believe it will be next to impossible for developers to bring GPT and similar large language models (LLMs) in line with GDPR. One reason for this is that the data they’re trained on is often conflated, thus making individual data points inseparable from one another.
Wiewiórowski’s assessment, per the Technology Review article, is that this represents something like a worst-case scenario for companies such as OpenAI that rushed to deployment without a public plan to address privacy issues such as those regulated by GDPR. Citing a “big player” in the tech market, the data watchdog quipped that “the definition of hell is European legislation with American enforcement.”
OpenAI faces various official inquiries in Europe with deadlines approaching — April 30 in Italy, June 11 in Germany — and it remains unclear how the company intends to approach regulators’ privacy concerns.
Once again caught in the middle are those using products and services built on the back of the GPT API and other LLMs who can’t be sure how much longer those models will be legally available. Additionally, an outright ban under GDPR could have devastating consequences for Europeans using LLMs to power their businesses and individual projects, especially in the fintech market, where cryptocurrency exchanges, analysts and traders have embraced the new technology.
And, in the U.S., where many of the most dominant cryptocurrency and blockchain companies are headquartered, a similar ban could be a massive blow to the financial sector. As recently as April 25, analysts at financial services company JPMorgan Chase were saying that at least half of the gains in the S&P 500 index this year have been driven by ChatGPT.
If the U.S. takes up the European mantle and institutes privacy regulations in line with GDPR, both the traditional and cryptocurrency trading markets could face massive disruption.
The situation highlights the need for both AI developers and government regulators to take privacy regulations seriously. OpenAI’s CTO, Greg Brockman, has previously stated that government regulators should be “very involved” in regulating AI, suggesting that industry self-regulation might not be sufficient.
In conclusion, the AI industry should take privacy regulations seriously and work towards addressing compliance proactively, rather than facing potential legal action later. As AI regulation is still a very young field, it is yet to be seen how international cooperation in AI regulation will manifest. It is important to note that these regulations exist to help protect consumers and their personal data, and it is in everyone’s best interest to work towards compliance.
