David Carroll

2 years ago

David Carroll
2 years ago

You should be able to exercise your #GDPR #DataRights directly in the chat prompt. “I want to access all the personal data you have on me after your verify my identity” “ok thanks, now delete it from your model, and untrain yourself on it” #SyntheticMedia #ChatGPT
theconversation.com/chatgpt-is…

ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned

ChatGPT is fuelled by our intimate online histories. It’s trained on 300 billion words, yet users have no way of knowing which of their data it contains.

^{The Conversation}

in reply to David Carroll

Mikołaj Hołysz

in reply to David Carroll 2 years ago

This is not really possible with current technology, just as it isn’t possible to force a human stalker to forget that you ever existed, even though we might wish that it was. GPT-like models are more human than machine in that aspect.

in reply to Mikołaj Hołysz

David Carroll

in reply to Mikołaj Hołysz 2 years ago

@miki Once the GDPR is enforced on an LLM for violating the core principles of the law these tools will be necessarily updated to accommodate the requirements of #DataRights. It will take time but it is inevitable. In the meantime, these systems are unlawful, in my view.

#DataRights @Mikołaj Hołysz

in reply to David Carroll

Mikołaj Hołysz

in reply to David Carroll 2 years ago

If anything, it’s probably the law that will need to be updated. I can’t see how this kind of updates could be actually handled. Sure, you could remove all training data containing a given combination of name and surname, or even block all such prompts, but the former is a multi-million dollar ordeal, and the latter could be circumvented.

in reply to Mikołaj Hołysz

Mikołaj Hołysz

in reply to Mikołaj Hołysz 2 years ago

The best way to do it would probably be to remove every piece of text that contains the name and surname of the people who wish to be removed, but that would require a full retraining of the model each month, which costs literal millions of dollars. That approach carries its own set of dangers, E.G. what if a man actually named Harry Potter wants their data to be deleted.

in reply to Mikołaj Hołysz

David Carroll

in reply to Mikołaj Hołysz 2 years ago

@miki Data privacy regulatory action and litigation takes many years. Cambridge Analytica began in 2014 and is only just now finally resolved. I fully expect LLM’s to trigger a massive GDPR litigation. If firms aren’t hit with 4% revenue fines, they’ll be hit with the cost of making systems legally compliant. Smart operators will get ahead of this. GDPR ain’t getting changed anytime soon.

@Mikołaj Hołysz

in reply to Mikołaj Hołysz

Estelle4565

in reply to Mikołaj Hołysz 2 years ago

@miki

That is a problem for the companies not the law, though.
"My company cannot operate without breaking the law" is not a winning argument in any country.
AI art companies are already being sued for copyright infringement. GDPR lawsuits will follow soon enough.

@Mikołaj Hołysz

David Carroll

David Carroll 2 years ago • •

David Carroll
2 years ago