Skip to main content

You should be able to exercise your #GDPR #DataRights directly in the chat prompt. “I want to access all the personal data you have on me after your verify my identity” “ok thanks, now delete it from your model, and untrain yourself on it” #SyntheticMedia #ChatGPT
https://theconversation.com/chatgpt-is-a-data-privacy-nightmare-if-youve-ever-posted-online-you-ought-to-be-concerned-199283

ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned

ChatGPT is fuelled by our intimate online histories. It’s trained on 300 billion words, yet users have no way of knowing which of their data it contains.
The Conversation
#gdpr #chatgpt #DataRights #SyntheticMedia
in reply to David Carroll

Mikołaj Hołysz
Mikołaj Hołysz
This is not really possible with current technology, just as it isn’t possible to force a human stalker to forget that you ever existed, even though we might wish that it was. GPT-like models are more human than machine in that aspect.
in reply to Mikołaj Hołysz

David Carroll
David Carroll
@miki Once the GDPR is enforced on an LLM for violating the core principles of the law these tools will be necessarily updated to accommodate the requirements of #DataRights. It will take time but it is inevitable. In the meantime, these systems are unlawful, in my view.
#DataRights @Mikołaj Hołysz
in reply to David Carroll

Mikołaj Hołysz
Mikołaj Hołysz
If anything, it’s probably the law that will need to be updated. I can’t see how this kind of updates could be actually handled. Sure, you could remove all training data containing a given combination of name and surname, or even block all such prompts, but the former is a multi-million dollar ordeal, and the latter could be circumvented.
in reply to Mikołaj Hołysz

Mikołaj Hołysz
Mikołaj Hołysz
The best way to do it would probably be to remove every piece of text that contains the name and surname of the people who wish to be removed, but that would require a full retraining of the model each month, which costs literal millions of dollars. That approach carries its own set of dangers, E.G. what if a man actually named Harry Potter wants their data to be deleted.
in reply to Mikołaj Hołysz

David Carroll
David Carroll
@miki Data privacy regulatory action and litigation takes many years. Cambridge Analytica began in 2014 and is only just now finally resolved. I fully expect LLM’s to trigger a massive GDPR litigation. If firms aren’t hit with 4% revenue fines, they’ll be hit with the cost of making systems legally compliant. Smart operators will get ahead of this. GDPR ain’t getting changed anytime soon.
@Mikołaj Hołysz
in reply to Mikołaj Hołysz

Estelle4565
Estelle4565
@miki

That is a problem for the companies not the law, though.
"My company cannot operate without breaking the law" is not a winning argument in any country.
AI art companies are already being sued for copyright infringement. GDPR lawsuits will follow soon enough.
@Mikołaj Hołysz