A report titled “Ghost in the Machine – Addressing the Consumer Harms of Generative AI” was released by the Norwegian Consumer Council in June 2023. It proposes a framework to guide the development and use of generative AI while protecting human rights. Meanwhile, Norway’s data protection authority, Datatilsynet, has become vocal regarding possible infringements on the General Data Protection Regulation (GDPR) linked to these technologies.
The head of Datatilsynet’s international section highlights significant concerns surrounding AI’s data collection process. These AI systems primarily rely on data models, which are versatile enough to be used in various applications. They extract information from a vast pool of open-source data, much of which consists of personal information. This practice seemingly violates the GDPR principle of data minimization, which advocates for collecting only essential data. Furthermore, there are concerns regarding the quality and accuracy of the data, as it often originates from unreliable sources like web forums.
The use of such contested data raises the potential for built-in biases and inaccuracies within the AI models. Even if organizations delete the data after training, recent developments, like model inversion attacks, demonstrate that privacy issues persist. These attacks exploit specific queries to recover the original training data. Thus, rectification and erasure of data pose significant challenges within the field.
A distressing scenario arises from the interdependence of personal data and AI models. If an authority demands the deletion of specific personal data from an organization, it may necessitate erasing the entire AI model. This poses a substantial compliance issue, as the data is deeply integrated into the model. Once the model is in use, correcting errors or inaccuracies becomes a near-impossible task.
Reflecting on these concerns, the Norwegian Consumer Council called upon EU institutions to resist lobbying pressures from major tech companies and enforce stringent consumer protection laws. However, the Council emphasizes that legislation alone is insufficient. It insists on the need for proper enforcement and equipping regulatory agencies with the necessary resources.
While generative AI has transformed the technological landscape, it comes with many challenges. Norway’s data privacy experts have shed light on the issues surrounding data privacy, accuracy, and rectification. To address these concerns effectively, a comprehensive framework and enforcement of consumer protection laws are crucial. The technology industry, regulators, and society must work together to navigate the complex landscape of generative AI responsibly.
The whytry.ai article you just read is a brief synopsis; the original article can be found here: Read the Full Article…
