Artificial Intelligence (AI) and Data Privacy: Challenges & Solutions

Artificial Intelligence is one of the most exciting digital topics of our time. New developments and applications facilitate work for businesses, for instance, through the automation of processes such as lead generation or content production, but they also bring legal pitfalls. The collection and processing of information, which may include personal data, must always be critically assessed from a data protection perspective. Here's an overview of potential issues and solutions.

Note: This article offers an introduction to the topic and aims to raise awareness but does not claim completeness and does not replace legal advice from professionals familiar with AI and data protection issues.

How does Artificial Intelligence work?

The functioning of Artificial Intelligence is complex; in simplified terms, AI systems are meant to simulate human intelligence. A subset of Artificial Intelligence is called Machine Learning, which, using fed data and an algorithm, is capable of learning. The foundation consists of information and algorithms or a mathematical model designed to simulate the human brain.

Where do the data and information used to feed AI come from?

The specific data used to train an AI application depends on the system and cannot be generally answered. Chat GPT, for example, accesses freely available information from sources such as Wikipedia, digitally available books, and publicly accessible texts from the internet. Additionally, the chatbot learns from the “conversations” it has with users.

What legal and data protection issues can arise from using Artificial Intelligence?

Data protection officers and authorities have been dealing with the topic of data protection and Artificial Intelligence for years. As early as 2019, the Conference of the Independent Data Protection Authorities of the Federal and State Governments (DSK) published a position paper recommending technical and organizational measures for achieving data protection-compliant design of AI systems.

In spring 2022, the French data protection authority CNIL published two guides for the data protection requirements and evaluation of AI systems.

One of the most well-known AI tools, ChatGPT, was initially banned by Italian data protection authorities this spring and was allowed again for use in Italy after a statement from the provider.

These examples demonstrate that for several years already, authorities from various countries have been dealing with the issues AI tools may cause and whether they can be used in compliance with data protection regulations.

The topic of data protection must be considered more closely when AI tools use non-public personal data, such as customer data or employee information. Sensitive personal data includes names, addresses, and phone numbers. The processing of these data and the company's interest in them contrast with the individuals' right to informational self-determination. Regarding especially sensitive data like health information, the legal framework is even stricter.

It also becomes problematic when sensitive, non-public information is fed into an AI system unknowingly, where it might be used and potentially exposed to other users upon their inquiry. An example of this is summarizing confidential meeting notes or evaluating personal data according to specific criteria.

AI and GDPR

For GDPR, the processing of data with a personal reference is relevant, for example, the use of datasets containing personal information or linking the AI tool with communication channels like an email program.

The fundamental principle of data minimization applies here as well: personal data should only be collected and processed as necessary for the intended purpose. Unnecessary data collections should be avoided. In case of doubt, it is also advisable to be able to demonstrate why the use of AI in processing these data is necessary.

Individuals whose data are used should be informed (for instance, via the privacy statement) about what data is collected, how it is used, and who has access to it. The legal assessment also differs based on whether this data is anonymized and adequately protected, for example, through encryption.

AI and Copyright

Less discussed but still relevant is the copyright question in using artificial intelligence. AI-generated works are not protected by copyright since they are not created by humans. But what about the content that AI applications use to generate new content? The debate includes, for example, the question of whether it is permissible to use image datasets for training AI tools without the consent of the copyrights holders.

The function of known AI tools, which deliver a result to a task, initially seems similar to searching in a search engine. Both answer questions and provide information. However, search engines only show a preview or excerpts of the content in its original form. Generally, this data is not altered, and no new content is created.

Crucial to judgement, even in the offline world, is how closely a newly generated work (text or image) resembles an original work. This cannot be estimated when using an AI tool since the sources and therefore the originals are unknown. An uncritical adoption of AI-generated content can, therefore, be problematic in terms of copyright.

What options are there to use Artificial Intelligence in compliance with data protection?

That Artificial Intelligence is valuable for companies, for example in online marketing (read about this in the white paper), is undisputed. Many companies regularly use Chat GPT, for instance, to ease or speed up content production. Given the possible legal issues, the question arises of how to use it in compliance with data protection regulations and which approaches already exist. It is always advisable to use AI-generated texts or images critically instead of using them unreflectively. We, for instance, draw inspiration from the responses of AI tools, but we always subject them to manual review and editing.

How data is collected and used, which sources an AI tool utilizes, and what data protection measures are in place differ among the various providers. This is especially true for personal data – how is it protected, is it anonymized, is it processed outside the EU, etc. The question of who is responsible in a legal case (is it the tool provider?) should also be clarified. Before deciding on a solution, it's advisable to check these points and seek legal advice if in doubt.

Using AI-based chatbots requires sensitivity regarding the input of the question or task. This information may be used by the system for further training – including personal information not meant for public use. Depending on the tool used, the use of the entered data can be objected to.

In addition to using online AI solutions, which must be checked for their legal requirements, there are two alternative approaches we'd like to briefly explore.

Local/Offline Use of AI Tools

Various providers are working on solutions for locally usable AI applications. An example is GPT4All, an open-source clone of ChatGPT. It can be used within one's own network and does not require internet use.

How helpful such local AI solutions are depends on how comprehensive the model behind it is, the quality of the language model, and for what purpose they are to be used. Providing the tool with its own data for processing is something GPT4AAll cannot do. However, it is assumed that significant developments and expansions in current solutions will occur.

Development of Own AI Tools

A completely independent programming of an AI tool is costly and not profitable for most companies. However, there are ready-made algorithms or AI models that facilitate this work and can be adapted to one's needs. This personal AI solution can then be used to evaluate one's own data, obtain answers, or automate processes.

More Updates from the World of Online Marketing and Online Business

We at Internetwarriors consistently watch the developments of the online world with excitement, some already for decades. We keep ourselves informed about new tools and technical standards and evaluate them for application in our work. Our customers benefit from current knowledge and from being a step ahead of the competition in introducing new technologies and responding to important trends. Would you like to always stay up to date? Subscribe to our newsletter, which provides you with current information. Are you looking for support with your online marketing? Contact us!