The emergence of artificial intelligence (AI) represents a challenge for States, some of which are taking measures and are concerned about possible abuses. The National Commission for Information Technology and Liberties (Cnil) has published its recommendations for the development of this technology while respecting the General Data Protection Regulation (GDPR) of the European Union, as reported Clubic.
Protect the private data of users in France
AI is making its way into our daily lives. Whether it can create playlists on Spotify in the entertainment field or predict the possible date of death of individuals, its uses are multiple. Faced with certain concerns about the use of personal data, the CNIL shares its first recommendations after two months of public consultations with experts in technology, finance and health.
The aim is for the recommendations to align with the future European Regulation on artificial intelligence, the adoption of which is expected soon. The CNIL therefore takes into account these future rules and the GDPR to draw up its list of directives.
The commission published seven recommendations, such as the creation of AI models that can verify that the use of personal data is approved. For example, George RR Martin, author of Game Of Thronesaccuses ChatGPT of illegally using episodes of the series for training.
OpenAI, which develops this generative AI, was also singled out in an investigation by New York Times who accuses him of having exploited YouTube videos without authorization. The daily specifies that Google was aware, but would not have reacted since it also relies on its streaming platform to train its own models. The media also accuses Meta of circumventing copyright to improve its technology. So many examples that the CNIL wants to avoid seeing reproduced in France.
Security also has a large place in the recommendations since companies must protect themselves against attacks or data theft via encryption, for example. It’s no secret, the risks of leaks are very significant and these last few months have taught us this.
The CNIL wants the personal data used to be relevant to avoid massive collection which would have no meaning in terms of privacy. Even more so when they are “sensitive” : sexuality, political and religious opinions, health, etc. A detention period must therefore be set before definitive deletion.
Other recommendations in the coming months
Other recommendations will arrive in the coming months, particularly regarding “the legal basis of legitimate interest, management of rights, information of data subjects, annotation and security during the development phase”. They will reassure the general public in terms of security and use of data and facilitate the transition to artificial intelligence.