The Digital Insider

The UK's data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models. Less than a week after Italy's data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission's Office (ICO) published a blog post reminding organizations that data protection laws still apply when the personal information being processed comes from publicly accessible sources. "Organisations developing or using generative AI should be considering their data protection obligations from the outset, taking a data protection by design and by default approach," said Stephen Almond, the ICO's director of technology and innovation, in the post. Almond also said that, for organizations processing personal data for the purpose of developing generative AI, there are various questions they should ask themselves, centering on: what their lawful basis for processing personal data is; how they can mitigate security risks; and how they will respond to individual rights requests. "There really can be no excuse for getting the privacy implications of generative AI wrong," Almond said, adding that ChatGPT itself recently told him that "generative AI, like any other technology, has the potential to pose risks to data privacy if not used responsibly."