Can companies legally use technologies like Open AI?

AI and privacy: Artificial intelligence, a truly global phenomenon, arouses both fascination and concern, particularly when it comes to privacy.

A major concern is the massive use of data, illustrated by notable bans such as the Open AI tool ChatGPT in Italy, and the multiplication of commissions of inquiry, such as the CNIL (National Commission for Information Technology and Civil Liberties).

These bodies raise a crucial question for any company or individual considering the integration of AI into their services: can technologies like Open AI be used in their business, without compromising user privacy?

This is the issue we'll explore in this article, examining tomorrow's regulatory issues framing AI and privacy.

📌 Vigilance points for the responsible use of AI

To ensure GDPR compliance while safeguarding privacy, it's imperative to take a close look at several crucial elements related to the use of artificial intelligence:

✅ The Data used: one of the cornerstones of privacy protection in the context of AI is the quality of the data used. It is essential to ensure that data is relevant, lawful, and collected in a legal and transparent manner.

Sensitive data must be handled with particular care, and obtaining the consent of individuals when necessary is an imperative.

✅ S ecurity measures: data security is an essential aspect of privacy protection. Organizations must implement robust security measures to protect user data from potential breaches. It's also important to follow cybersecurity best practices and guarantee the confidentiality of information.

✅ Data retention periods: data collected for AI purposes must be kept only for as long as is necessary for the Purpose for which it was collected.

It is crucial to establish appropriate Data retention policies to avoid excessive retention of personal data.

✅ Transfers outside the EU: when data is transferred outside the European Union, it is imperative to comply with regulations on international transfers, such as standard contractual clauses or other data protection guarantee mechanisms. The European Union is addressing these concerns by proposing the world's first law regulating AIwhich will probably come into force in 2024.

This legislation aims to frame the development and use of AI in key sectors.

A breach on November 9 highlighted the vulnerabilities associated with the use of AI. OpenAI's ChatGPT fell victim to DDoS attacks, and was unable to respond to user requests for several hours. In the end, the pro-Russian group "Anonymous Sudan" claimed responsibility for the attack.

This situation shows the importance of not divulging sensitive information, but above all underlines thecrucial importance of AI system security and personal data protection.

📋 Recommendations from the Dipeeo experts

In response to such concerns and as an outsourced DPO, Dipeeo recommend taking into account several elements to use AI in full compliance:

• Guarantee tool compliance, i.e. ensure that the AI tool used complies with current regulations, including data protection laws.
• Use anonymized data whenever possible, to minimize the impact on users' privacy.
• Implement security measures to anonymize collected data or protect the confidentiality of personal information as far as possible.
• Establish strong contractual agreements, such as data processing agreements (DPAs), to govern data management in AI.

💼 The Responsible Approach of the CNIL (National Commission for Information Technology and Civil Liberties)

For its part, the CNIL (National Commission for Information Technology and Civil Liberties) is positioning itself as a committed player in supporting the development of AI, while guaranteeing the protection of personal data. The launch of a dedicated AI department in January 2023 and an action plan demonstrate its concrete commitment. To meet the privacy challenges associated with AI, the CNIL (National Commission for Information Technology and Civil Liberties) has set up two support programs for French players in this sector.

It also emphasizes that the development of AI systems can be compatible with the protection of privacy, thus fostering the creation of ethical applications in line with European values, which are essential for gaining public trust in these technologies.

The question "Can you use technologies like Open AI in your company, without compromising user privacy?" is a complex one to answer today, as the tools are so recent and constantly evolving, and the position of the authorities is not yet clear-cut. However, the best practice is to adopt security measures to limit the risks associated with the use of tools such as Open AI, and to frequently re-evaluate the subject, which is constantly evolving.

There's no doubt that the future of artificial intelligence and privacy will depend on how the players involved tackle these issues, taking into account the key factors and implementing appropriate measures to guarantee the protection of personal data.