Active Stocks
Thu May 23 2024 13:50:26
  1. Tata Steel share price
  2. 173.60 0.17%
  1. NTPC share price
  2. 370.00 -1.04%
  1. Power Grid Corporation Of India share price
  2. 316.10 -2.98%
  1. Indusind Bank share price
  2. 1,444.85 2.49%
  1. State Bank Of India share price
  2. 830.60 1.38%
Business News/ Opinion / Columns/  Laws should keep pace with fast evolving technologies
BackBack

Laws should keep pace with fast evolving technologies

Valuations didn’t reflect the fact that a huge population is not the same as a huge consumer market

Photo: ReutersPremium
Photo: Reuters

Over the past few weeks, I have been invited to more than my fair share of panel discussions on the regulation of artificial intelligence (AI), and in all of them, I have found that the conversation very quickly tends to veer towards privacy. Most panellists are worried that given the way in which this new technology has been built, it will not meet the stringent requirements of Europe’s General Data Protection Regulation (GDPR). And since the rest of the world sees GDPR as the gold standard for privacy regulation, they fear that this will detrimentally affect the deployment of this technology around the world.

Take consent, for instance. GDPR operates on the principle that personal data should only be collected and processed with the consent of the individual. This ensures that the person to whom any data pertains has some autonomy over who can access it and what they can do with it. The training data-sets on which most Large Language Models (LLMs) are trained have mostly been assembled by scraping the web for data. If some personally identifiable information finds its way into that data-set, it probably got there without consent. This is clearly not what the GDPR prescribes.

Personal data can be collected and processed without consent where there is a “legitimate interest" that necessitates it. However, to avail of this exception, it must be demonstrated that the creation of these LLMs are “necessary" and would, for that reason, justify such data collection without consent. As useful as they might be, it would be hard to argue that LLMs are a “necessity" in the way that would be required to demonstrate that their collection of personal data without consent is justified.

GDPR also requires compliance with the principles of data minimization and retention restriction, and stipulates that only so much personal data should be collected and/or processed as is required to achieve a specific purpose. It stipulates that once that purpose has been served, data that is no longer required must be purged. LLMs operate very differently. Their effectiveness almost entirely depends on being able to access vast amounts of data for training. They need that data to be indefinitely available so that their models can be continuously refined. All of which runs contrary to the way in which GDPR requires data businesses to operate.

Finally, there are the privacy implications of conversational AI solutions that encourage users to engage in an almost human-like dialogue with the AI. During conversations like these that are designed to be all too real, the likelihood that personally identifiable information will be shared with the AI is greater than ever. What’s worse, there is a risk that this data could enter the reinforcement learning cycle and become part of the AI model, raising concerns about further ongoing violations of the GDPR.

For all these reasons, it seems highly unlikely that LLMs, in their current form, will be seen fulfilling the data protection requirements set out under the GDPR.

Earlier this year, the Garante, Italy’s Data Protection Authority, held as much, banning Replika, an AI chatbot, from accessing the personal data of Italian residents. Last month, it did the same to ChatGPT, forcing OpenAI to take its services offline in Italy. The French, German and Irish regulators are reportedly looking closely into the matter and the European Data Protection Board has set up a task force to coordinate investigations and enforcement. The days of LLMs seem to be well and truly numbered.

But what if the problem does not lie with the technology. What if the laws that are being used to regulate it are what need to change? Just because generative AI doesn’t meet the requirements set out under the GDPR does that mean we should prohibit that technology from being used. Should we not, instead, redesign our regulatory frameworks so that they better align with these new technologies?

Throughout history, new technologies have forced us to re-consider existing legal frameworks. When DNA sequencing advanced to the point where its use became commercially viable, existing laws had to be amended to let individuals continue to avail insurance benefits and to protect them from the misuse of genetic insights in denying them employment. Similarly, when drones became commonplace, India enacted a brand new set of regulations to make sure that this new technology was not crushed under the weight of aviation regulations that had been enacted at a different time and for other regulatory objectives.

LLMs and generative AI are evolutionary technologies that call for a re-examination of our existing legal frameworks. If, instead of doing that, we constrain generative AI within the bounds of existing law, we will impose on it a regulatory construct that is incompatible with what all it has to offer.

Europe’s GDPR was enacted at a time when much of what is happening today was functionally impossible. If even the best technologist of the day could not have foreseen what these technologies could evolve into, we can hardly expect legislators to have factored this into the laws they drafted. And if GDPR has not been designed to regulate LLMs, why should we assume that the legal framework that it describes is fit for purpose?

Regulation must strike a delicate balance between fostering innovation and preserving privacy. That will not come from blindly forcing new technologies to comply with existing frameworks.

Rahul Matthan is a partner at Trilegal and also has a podcast by the name Ex Machina. His Twitter handle is @matthan.

You are on Mint! India's #1 news destination (Source: Press Gazette). To learn more about our business coverage and market insights Click Here!

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less
Published: 25 Apr 2023, 11:36 PM IST
Next Story footLogo
Recommended For You