TikTok Sues Montana
Hello all, and happy Thursday!Read Now
The simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Ensure your customers’ data is in good hands
Gain insights with privacy assessment templates and workflow management
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Don’t let data privacy compliance get in the way of growth
Preserve your competitive edge
Manage data privacy at scale
Expert insights on all things privacy
Subscribe and become a Privacy Insider
Research the most essential privacy topics
We'll scan your website for privacy risk at no cost
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
No fines, no penalties
Add Osano data privacy ratings and recommendations to your application
Fresh duds for data privacy fans
May 11, 2023
Hello all, and happy Thursday!
You may have heard that ChatGPT is back online in Italy after implementing a few minor privacy controls to address data protection authorities' immediate concerns over GDPR violations. However, the odds are good that ChatGPT will face additional data privacy challenges under the GDPR. But these challenges aren't unique to ChatGPT, OpenAI, and the GDPR; pretty much any large language model (LLM) will butt heads with any data privacy regulation.
LLMs are trained on massive databases of textual information, which could include the text of Shakespeare, internet forum comments, or your personal information. It isn't feasible to manually sift through the entire corpus for personal information and ask for every data subject's consent, and it's dubious whether a business could secure another legal basis for processing that information under the GDPR.
Finding personal information within the massive datasets used to train AI is another issue. How will data subjects request their personal information be deleted?
Lastly, LLMs need to retain data indefinitely so that they can continuously refine and improve. That doesn't exactly mesh with the GDPR's data minimization and retention principles.
The EU has been working on an AI regulation to contend with the unique challenges posed by AI, but ChatGPT's explosion in popularity threw a wrench in the gears. It became clear the proposed AI Act lacked the ability to effectively regulate LLMs, "foundation models," and "General Purpose AI Systems (GPAIs)." However, the AI Act is still a few years off; until then, AI businesses will need to figure out a way to live alongside data privacy regulations like the GDPR.
Twitter Breaks Its Silence on Bug that Showed Private Tweets to a Wider Audience
A bug related to Twitter’s Circle feature, which allows closed groups of contacts to tweet with one another, revealed private tweets outside of Twitter Circles. According to an email from Twitter, the bug has been fixed.
Court Dismisses FTC’s Suit Against Kochava… for Now
Kochava—a data broker accused of selling location data that could be used to track individuals traveling to and from sensitive locations like healthcare clinics and domestic violence shelters—has successfully beat an FTC lawsuit. A federal judge dismissed the case, stating, that “the FTC has not adequately alleged a likelihood of substantial consumer injury.”
Pornhub Blocks Utah Users Ahead of Age Verification Law
In response to a Utah law requiring pornographic companies to verify the age of users through a "digitised verification card,” Pornhub has opted to disable access to Utah residents. Instead, Utah residents visiting the website are greeted with a message arguing that the law puts their privacy at risk.
How to Ask OpenAI for Your Personal Data to Be Deleted or Not Used to Train Its AIs
In order to comply with the GDPR, OpenAI has given EU users controls over whether or not their personal data is used to train ChatGPT and other AI technologies. While the new controls bring the company closer to compliance with local data privacy regulations, much remains to address the privacy issues of AI in general and ChatGPT specifically.
Indiana Governor Signs a Comprehensive Privacy Act into Law
Right on the heels of Iowa, Indiana has become the seventh U.S. state to pass a comprehensive privacy law. While much of the law mirrors what other states have done in regard to data privacy, there are some significant departures.
OpenAI’s Regulatory Troubles Are Only Just Beginning
On April 28th, ChatGPT resumed service in Italy after making minor adjustments to address GDPR concerns. However, more rigorous investigations by other data protection authorities are underway, and the EU is developing a law specifically designed to regulate AI, too.
CJEU Rules on GDPR Compensation
The Court of Justice of the EU has ruled that mere infringement of the GDPR does not give rise to a right to compensation. Instead, an EU citizen is only entitled to compensation if the violation meets three conditions: infringement of the GDPR, material or non-material damage resulting from that infringement, and a causal link between the damage and the infringement.
The IAPP Launches Its New AI Governance Center
The International Association of Privacy Professionals (IAPP) has launched a new AI Governance Center, whose purpose is to “provide privacy and AI governance professionals with the content, resources, networking, training and certification needed to respond to the complex risks in the AI field.”
Osano Blog: What is the Global Privacy Control (GPC)?
To comply with the CPRA and other privacy laws, businesses have to accept consent preference signals from authorized third parties—not just through their consent banners. It can be tricky to understand what these universal consent preference signals are all about. In this blog, we dive into the most well-known of these signals: The Global Privacy Control, or GPC.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Writer at Osano
Writer at Osano
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
Osano makes it easy. Ready to get serious about data privacy? Choose your plan and get started. All plans come with a 30-day FREE trial!