Europe’s data protection supervisor predicts trouble abroad and at home for U.S. AI companies that run afoul of GDPR.
Europe’s data watchdog, Wojciech Wiewiórowski, predicts a sour predicament for United States-based artificial intelligence (AI) companies currently being investigated for alleged General Data Protection Regulation (GDPR) violations.
During a recent interview, Wiewiórowski told the MIT Technology Review that the fast pace of development in the AI space means data protection regulators should be prepared for another scandal, invoking the Cambridge Analytica situation for reference.
Wiewiórowski’s comments come after a tumultuous week for leading AI outfit OpenAI, creator of the massively popular GPT suite of products and services. The company’s suite of GPT services has been outright banned in Italy pending further information about its intent and ability to comply with GDPR, with similar actions pending in Ireland, France and Germany.
According to the European Union data watchdog, OpenAI currently finds itself between a European rock and a U.S. hard place, legally speaking. As regulators in the EU look to crack down, U.S. lawmakers could be eyeing the European prescription as a possible local template. Said Wiewiórowski in the MIT Technology Review interview:
“The European approach is connected with the purpose for which you use the data. So when you change the purpose for which the data is used, and especially if you do it against the information that you provide people with, you are in breach of law.”
Under this premise, for example, OpenAI could find itself unable to deploy and operate models such as GPT-3.5 and GPT-4 due to how they are designed and trained. GDPR law requires that citizens in the EU be given the ability to opt out of data collection and, in the event a system outputs erroneous data, to have those errors corrected.
However, some experts believe it will be next to impossible for developers to bring GPT and similar large language models (LLMs) in line with GDPR. One reason for this is that the data they’re trained on is often conflated, thus making individual data points inseparable from one another.
Wiewiórowski’s assessment, per the Technology Review article, is that this represents something like a worst-case scenario for companies such as OpenAI that allegedly rushed to deployment without a public plan to address privacy issues such as those regulated by GDPR.
Citing a “big player” in the tech market, the data watchdog quipped that “the definition of hell is European legislation with American enforcement.”
Related: OpenAI’s CTO says government regulators should be ‘very involved’ in regulating AI
OpenAI faces various official inquiries in Europe with deadlines approaching — April 30 in Italy, June 11 in Germany — and it remains unclear how the company intends to approach regulators’ privacy concerns.
Once again caught in the middle are those using products and services built on the back of the GPT API and other LLMs who, at this time, can’t be sure how much longer those models will be legally available.
An outright ban under GDPR could have devastating consequences for Europeans using LLMs to power their businesses and individual projects, especially in the fintech market, where cryptocurrency exchanges, analysts and traders have embraced the new technology.
And, in the U.S., where many of the most dominant cryptocurrency and blockchain companies are headquartered, a similar ban could be a massive blow to the financial sector.
As recently as April 25, analysts at financial services company JPMorgan Chase were saying that at least half of the gains in the S&P 500 index this year have been driven by ChatGPT.
If the U.S. takes up the European mantle and institutes privacy regulations in line with GDPR, both the traditional and cryptocurrency trading markets could face massive disruption.