It’s clear that companies are currently unable to make chatbots like ChatGPT comply with EU law, when processing data about individuals. If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals. The technology has to follow the legal requirements, not the other way around.

  • Xhieron
    link
    fedilink
    English
    108 months ago

    The technology has to follow the legal requirements, not the other way around.

    This is something that really needs to be taught better, at least in the US.

    GDPR doesn’t mean that LLMs are forbidden in the EU, but it does mean that the companies that create them may be liable for damages. That said, the damages must be real. Actual damages is somewhat cut and dry (e.g., ChatGPT publishes defamatory information about you, and someone relies on it to your detriment), but GDPR also contemplates damages for distress (e.g., emotional).

    If that’s true then the legal requirements will have to be changed …

    I think this position needs to be rejected in the strongest possible terms. Our response to any emerging technology should not be “It’s too good not to have, so who cares if people lose their rights?” The right to privacy and with it the right to control one’s likeness, name, and personal data is a much easier right to conceptually trade away than, say, the right to bodily integrity, but I think we’ve seen enough dystopian sci-fi at this point to understand where the intersections might lie between other rights and correspondingly miraculous technologies. [And after all, without the combustion engine we probably wouldn’t be staring down the barrel of climate change right now.]

    Should we, for instance, do away with the right to bodily integrity if it means everyone gets chipped shortly after birth? [The analogy to circumcision is unintentional but not lost on me.] After all, the chips mean that we can locate missing and abducted children easily and at trivial cost. They also mean that we no longer need to carry money or proxies for money. Crime is at an all-time low. Worth it, right? After all, the procedure is “minimally invasive.”

    The point is, rights have to be sacrosanct. They need to be the first consideration, and they need to be non-negotiable. If a technology needs those rights to bend or give way in order to exist, then it should not exist. If it’s of sufficient benefit to society, then it can be made to exist in a way that preserves those rights, and those who are unwilling to create it in such a way should suffer the sanction of law.

    • @[email protected]
      link
      fedilink
      18 months ago

      This post kinda shows the problem I have with the GDPR. It creates this pseudo property right in information about yourself. It’s not about a right to privacy but about Data Protection; rhymes with copyright protection. GDPR fans are worried about “their data” being “stolen”, not about being spied on. It’s about property.

      It’s not something that has traditionally existed. People always gossiped; maybe had a little black book. That’s still allowed, because the GDPR has an exemption for that. Strictly, it’s a violation of other’s rights.

      Privacy means that some areas of life are simply off-limits. For example, you mustn’t read other people’s mail. The GDPR isn’t concerned with that. In fact, there is an implied contradiction. GDPR rights are concerned with controlling the storage and exchange of information as an intellectual property. Enforcing that requires surveillance of communication. Only the exemptions prevent that from being an issue.

      No right exists in isolation. You mentioned the right to bodily integrity. What if someone is injured and needs medical care. Maybe they need surgery or they lose a limb, but they can’t pay the surgery. You’d have to take someone else’s money; their property. Even in the US, this is done to some degree. Your argument about rights being “sacrosanct” is against that. If you can’t take someone’s precious data, then certainly not their money either.

      Something about the GDPR turns people into right libertarians / conservatives /neoliberals. Call it what you will. It’s: Fuck you, I got mine. It’s not about what’s best for everyone, society, human progress, or anything beyond the individual.

      • Xhieron
        link
        fedilink
        English
        4
        edit-2
        8 months ago

        I’m not sure where to start here. Privacy and copyright aren’t the same thing. If you don’t understand that, I doubt we’re actually able to debate this issue. People have been gossiping for as long as there has been language, and they’ve also been making shit up about each other, and as a result the law against slander is older than the Norman conquest, and HIPAA is just the latest statutory framework enshrining the very old rule that the ladies can gossip about whatever they hear in town, but the priests, doctors, and lawyers absolutely cannot. This isn’t a novel, 21st century selfish gotcha. It’s a very old, very simple principle: that some things are none of your fucking business, and if you run your mouth about people there will be consequences for it. That idea doesn’t belong to a political ideology, and it’s not an author’s monopoly. The GDPR is absolutely concerned with those rights, and it rightly sanctions violators.

        OpenAI is not society or human progress. It’s a corporation trying to make money for its shareholders who care not one whit about the future of mankind of any lofty ideal. This isn’t rugged individualism versus progress. It’s natural persons versus a corporation that wants to trod roughshod over their rights to be left alone, to be free from the publication of lies about them, and to keep from invasion by the prying eyes of robber barons, governments, and newsmen their private business. That’s best for everyone and what’s best for society and human progress: If I want you to know something about me, I’ll tell you. Otherwise, mind your own business, and that goes for OpenAI same as it goes for you.

        Edit: Also your bodily integrity example is rubbish. A surgeon who interferes with your body without your informed consent has committed a battery against you. Even in an emergency the standard is frequently that you would have consented to the surgery if you were able.

        • @[email protected]
          link
          fedilink
          18 months ago

          I’m not sure where to start here. Privacy and copyright aren’t the same thing.

          I never claimed it was. In fact, I pointed out the implied contradiction. If you could point out what gave you the false impression, I can hopefully be more clear in the future.