Regulators dust off rule books to tackle generative AI like ChatGPT

Desk

3,501

As the race to develop more powerful artificial intelligence services like ChatGPT accelerates, some regulators are relying on old laws to control a technology that could upend the way societies and businesses operate.
The European Union is at the forefront of drafting new AI rules that could set the global benchmark to address privacy and safety concerns that have arisen with the rapid advances in the generative AI technology behind OpenAI’s ChatGPT.
But it will take several years for the legislation to be enforced.
“In absence of regulations, the only thing governments can do is to apply existing rules,” said Massimilano Cimnaghi, a European data governance expert at consultancy BIP.
“If it’s about protecting personal data, they apply data protection laws, if it’s a threat to safety of people, there are regulations that have not been specifically defined for AI, but they are still applicable.”
In April, Europe’s national privacy watchdogs set up a task force to address issues with ChatGPT after Italian regulator Garante had the service taken offline, accusing OpenAI of violating the EU’s GDPR, a wide-ranging privacy regime enacted in 2018.
ChatGPT was reinstated after the US company agreed to install age verification features and let European users block their information from being used to train the AI model.
The agency will begin examining other generative AI tools more broadly, a source close to Garante told Reuters. Data protection authorities in France and Spain also launched in April probes into OpenAI’s compliance with privacy laws.
Generative AI models have become well known for making mistakes, or “hallucinations”, spewing up misinformation with uncanny certainty.
Such errors could have serious consequences. If a bank or government department used AI to speed up decision-making, individuals could be unfairly rejected for loans or benefit payments. Big tech companies including Alphabet’s Google (GOOGL.O) and Microsoft Corp had stopped using AI productsdeemed ethically dicey, like financial products.
French data regulator CNIL has started “thinking creatively” about how existing laws might apply to AI, according to Bertrand Pailhes, its technology lead.
For example, in France discrimination claims are usually handled by the Defenseur des Droits (Defender of Rights). However, its lack of expertise in AI bias has prompted CNIL to take a lead on the issue, he said.
“We are looking at the full range of effects, although our focus remains on data protection and privacy,” he told Reuters.
The organisation is considering using a provision of GDPR which protects individuals from automated decision-making.
“At this stage, I can’t say if it’s enough, legally,” Pailhes said. “It will take some time to build an opinion, and there is a risk that different regulators will take different views.”