EU data watchdog warns of ‘hell’ scenario for US AI companies


Europe’s data watchdog, Wojciech Wiewiórowski, predicts a sour predicament for United States-based artificial intelligence (AI) companies currently being investigated for alleged GDPR violations.

“The breathless pace of development means data protection regulators need to be prepared for another scandal,” Wiewiórowski told MIT’s Technology Review during a recent interview, invoking the Cambridge Analytica scandal for reference.

Wiewiórowski’s comments come after a tumultuous week for leading AI outfit OpenAI, creator of the massively popular GPT suite of products and services. The company’s suite of GPT services has been outright banned in Italy pending further information about its intent and ability to comply with GDPR, with similar actions pending in Ireland, France and Germany.

According to the European Union (EU) data watchdog, OpenAI currently finds itself between a European rock and a U.S. hard place, legally speaking. As regulators in the EU look to crack down, U.S. lawmakers could be eyeing the European prescription as a possible local template:

“The European approach is connected with the purpose for which you use the data. So when you change the purpose for which the data is used, and especially if you do it against the information that you provide people with, you are in breach of law.”

Under this premise, for example, OpenAI could find itself unable to deploy and operate models such as GPT-3.5 and GPT-4 due to how they are designed and trained. GDPR law requires that citizens in the EU be given the ability to opt out of data collection and, in the event a system outputs erroneous data, to have those errors corrected.

However, some experts believe it will be next to impossible for developers to bring GPT and similar large language AI models (LLMs) in line with GDPR. One reason for this is that the data they’re trained on is often conflated, thus making individual data points inseparable from one another.

Wiewiórowski’s assessment, per the Technology Review article, is that this represents something like a worst-case scenario for companies such as OpenAI that allegedly rushed to deployment without a public plan to address privacy issues such as those regulated by GDPR.

Citing a “big player in the tech market,” the data watchdog quipped that “the definition of hell is European legislation with American enforcement.”

Related: OpenAI’s CTO says government regulators should be ‘very involved’ in regulating AI

OpenAI faces various official inquiries in Europe with deadlines approaching — April 30 in Italy, June 11 in Germany — and it remains unclear how the company intends to approach regulators’ privacy concerns.

Once again caught in the middle are those using products and services built on the back of the GPT API and other large language models who, at this time, can’t be sure how much longer those models will be legally available.

An outright ban under GDPR could have devastating consequences for Europeans using LLMs to power their businesses and individual projects, especially in the fintech market where cryptocurrency exchanges, analysts, and traders have embraced the new technology.

And, in the U.S., where many of the most dominant cryptocurrency and blockchain companies are headquartered, a similar ban could be a massive blow to the financial sector.

As recently as April 25, analysts at financial services company JP Morgan Chase say that at least half of the gains in the S&P 500 Index this year have been driven by ChatGPT.

If the U.S. takes up the European mantle and institutes privacy regulations in line with GDPR, both the traditional and cryptocurrency trading markets could face massive disruption.