Generative AI: Rules of the game
We all know that the adoption of Generative AI platform / tool has grown at a breakneck pace. The focus is often on Open AI's large language model, Chat-GPT. But GenAI does not stop at text generation. It also promises greater efficiency, improved output, and better use of resources to produce other content. However, organizations that want to take advantage of this should also be aware of the potential threat this technology has posed to the business world. This requires them to set few rules of the game to protect the sensitive data and customer privacy - to avoid running afoul of regulators.
Despite all the excitement about the potential of the now widespread and easily accessible technology, there is growing concern about its legal admissibility and possible liability risks for companies. Not least the temporary ban on Chat-GPT in Italy has shown that GenAI's features entail many legal uncertainties. Companies that want to use GenAI in their own business should therefore address these challenges. If GenAI tools are used incorrectly, there is a risk of fines, claims for damages, cease-and-desist letters, or the unintentional disclosure of trade secrets. Companies can counter this by creating internal guidelines for the use of GenAI that provide employees with clear rules on how they should handle data in the new environment. There are some key points that I believe should be considered when drafting a GenAI policy for their business:
Differentiation between Input and Output Data
When dealing with GenAI, it is important to look carefully at
the data used. Users can "feed" the tool with their own data
("Input Data") and then use the data generated by it ("Output
Data) for different purposes. Both data sets require separate consideration
with corresponding guidance for employees.
Training of GenAI models
GenAI acquires its capabilities through training with (large)
data sets. In some cases, ongoing training to meet the user's needs is
beneficial and desirable; in other cases, it could be undesirable or even
harmful. It is therefore important to check the requirements in the individual
case in their company and to make appropriate agreements with the GenAI service
provider. This must be reflected accordingly in the internal guidelines for
employees.
Privacy
Data protection can be a major stumbling block for companies
when using GenAI. This is particularly risky because data protection violations
can result in severe fines. Companies should therefore be aware of the exact
processing of Input Data carried out by the GenAI tools they use. This is a
prerequisite to provide a sustainable legal basis for data processing performed
by the tool and to fulfil the information obligations towards the data subjects
accordingly.
Intellectual property rights
While companies entering Input Data must ensure that they
have the necessary licences for the intended use, many complex questions can
arise with regard to the rights to further use of the Output Data. To avoid
costly cease-and-desist letters from rights holders, appropriate measures
should be taken to minimise this risk, depending on the use scenario. This also
requires clear rules for employees who are trained in its use and any necessary
checks before Output Data is published.
Trade secrets
Companies also need to think about protecting their trade
secrets when using GenAI. Agreeing how the software works and how it handles
Input Data with the service provider can help prevent confidential data from
appearing in the wrong place.
Security, Truth and Bias
GenAI is powerful, but not omnipotent. The possibility of
incorrect Output Data must never be lost sight of. Appropriate measures must be
taken to prevent this from causing damage to the business or third parties.
Adverse outcomes can also occur if Output Data are biased against certain
people. Companies should therefore also take appropriate measures to address
this risk.
Every new wave of technology adoption comes with threats – but to ignore GenAI’s potential poses a far greater risk to enterprises in the long term. To manage risk effectively, enterprises must implement an architecture able to meet all challenges while offering a route to successful GenAI deployment. But the bottom line is enterprise leaders need to work with their risk, security and legal stakeholders as early as possible, collaborating with them so they understand the unique characteristics of GenAI and they can put themselves in the best possible position to unlock the potential of GenAI without falling foul of the dangers increasingly associated with it.
*********************
*************
Comments
Post a Comment