Download This PaperGenerative AI and Data Protection
Forthcoming in: Calo/Ebers/Poncibo/Zou, Handbook on Generative AI and the Law, Cambridge University Press
18 Pages Posted: 5 Jun 2024 Last revised: 17 Oct 2024
Date Written: May 2, 2024
Abstract
Generative AI has catapulted into the legal debate through the popular applications ChatGPT, Bard, Dall-E and others. While the predominant focus has hitherto centred on issues of copyright infringement and regulatory strategies, particularly within the ambit of the AI Act, it is imperative to acknowledge that generative AI also engenders substantial tension with data protection laws. The example of Generative AI puts a finger on the sore spot of the contentious relationship between data protection law and machine learning built on the unresolved conflict between the protection of individuals, rooted in fundamental data protection rights and the massive amounts of data required for machine learning, which renders data processing nearly universal. In the case of LLMs, which scrape nearly the whole internet, this training inevitably relies on and possibly even creates personal data under the GDPR. This tension manifests across multiple dimensions, encompassing data subjects’ rights, the foundational principles of data protection, and the fundamental categories of data protection. Drawing on ongoing investigations by data protection authorities in Europe, this paper undertakes a comprehensive analysis of the intricate interplay between generative AI and data protection within the European legal framework
Keywords: AI, Generative AI, Data Protection, AI Act, GDPR, privacy, right to data protection, LLMs, regulation, EU Data Protection, privacy rights
Suggested Citation: Suggested Citation