France’s data protection watchdog has published an action plan to guide companies to deploy artificial intelligence (AI) systems in ways that respect users’ privacy. The guidelines particularly focus on generative large language model (LLM) chatbots like ChatGPT, Bing AI, and Google Bard.
In a blog post on Tuesday, the Commission Nationale de l’informatique et des Libertés (CNIL) revealed that it is launching an artificial intelligence service dedicated to monitoring developments in the AI space and generating recommendations.
According to the CNIL, “the protection of personal data is a major challenge for the design and use of these tools.” The CNIL’s “four-pronged action plan” attempts to tackle this issue by setting out recommendations in line with EU laws like the GDPR and the AI Act.
CNIL’s Four-Step AI Regulation Plan
France’s privacy watchdog set out these four objectives:
- Understanding how AI systems function and how they impact people
- Regulating the development of AI so that it respects personal data
- “Federating and supporting” innovation in AI in France and Europe
- Auditing and controlling AI systems while protecting people
“Thanks to this collective and essential work, the CNIL wants to establish clear rules protecting the personal data of European citizens in order to contribute to the development of privacy-friendly AI systems,” the agency explained.
Among other things, the CNIL’s action plan focuses on transparency and fairness, protecting publicly available data and data that users submit, and assessing the consequences of AI systems on users’ rights and the cybersecurity challenges of AI tools.
It will also focus on helping companies to develop their AI systems in compliance with existing laws and auditing AI tools.
The watchdog published a dossier by its Digital Innovation Laboratory (LINC), setting out the legal questions, ethical challenges, cybersecurity challenges, and other issues relating to generative AI.
“More generally, the CNIL wishes to engage in a sustained dialogue with research teams, R & D centers and French companies developing, or wishing to develop, AI systems in a logic of compliance with personal data protection rules,” the CNIL said.
France’s CNIL is one of many entities concerned about the privacy and security implications of AI systems, particularly LLMs like ChatGPT and Google Bard. Italy’s data protection authority temporarily banned ChatGPT in March over similar concerns.
On Tuesday, VPN provider Surfshark published a paper highlighting “some potential flaws” in ChatGPT’s data collection practices.
“ChatGPT collected a massive amount of personal data to train its models but may have no legal basis for such data collection,” Surfshark said. It highlighted several areas of concern, including data scrapping and lack of parental consent.
‘Strict’ AI Act is Close to Becoming Law
While AI can be highly beneficial in different fields, it poses privacy risks. The European Union’s AI Act, which is close to being finalized, is an attempt to mitigate these concerns and regulate AI systems in the region. It categorizes AI systems into different levels of risk ranging from unacceptable to minimal, with stricter control applied to the former. This could mean that generative AI systems like ChatGPT, Google Bard, and Bing AI would be subject to rigorous regulations.
The AI Act could include restrictions on AI developers, conformity assessments to ensure compliance, and labeling of AI controls to avoid misleading users. These requirements could fundamentally redefine how AI systems work and how users interact with them while increasing cost and complexity for developers.
If generative chatbots are restricted in your area, check out our guide to unblocking ChatGPT and Google Bard for step-by-step instructions on how to access these systems from anywhere in the world.
