GDPR and AI: The next frontier for digital privacy regulation

While many businesses are still trying to get to grips with some of the original implications of The General Data Protection Regulation (GDPR), technology is refusing to stand still. The rapid rise of generative AI is testing the bounds of data protection regulators.

  • Country bans on ChatGPT have already been enacted, and more may be forthcoming. In March, Italy became the first country within a GDPR jurisdiction to ban ChatGPT. Italy’s DPA cited privacy concerns related to the application in its decision. However, the ban was lifted on April 28 after OpenAI met a list of the DPA’s demands. But regulators in France, Germany, and Spain are still mulling the legality of ChatGPT’s practices in relation to GDPR compliance.
  • Additional AI regulation may be necessary—and it’ll need to come faster than GDPR did. More stringent and specific legislation around generative AI will likely be needed. But if that legislation takes as long as GDPR did, the pace of technological change will leave it in the dust. The EU’s AI Act is a good example: It was proposed in April 2021, but final approval isn’t expected until the end of 2023 or early 2024, per euronews. No matter how robust the legislation, regulating AI will likely require a level of agility that governing bodies will struggle to meet.

"Behind the Numbers" Podcast