I wouldn’t say that. GDPR has the power to make LLMs much safer as it can reduce any risk of harm to data subjects. And that’s a very intended consequence !
This is good news! And it makes sense. OpenAI stores swaths of personal information that it scrapes off websites and who knows where else from. The “right to be forgotten” applies: individuals for whom the GDPR applies (i.e. citizens of the European Union) can ask OpenAI to remove their personal information from the models. As the video points out, OpenAI may already be in breach with the GDPR by not asking individuals for consent when ingesting their personal information into training data sets.
Big fat lawsuits will be incoming and hopefully lead to banning non-compliant LLMs and hand out fines for their current breaches.
EU has a GDPR problem. GDPR treats common people like unthinking automatons, unable to exercise agency when it comes to data privacy online. If I think that Google is collecting too much data (I can read their terms, or read articles other people write about the terms), I will stop using Google's services. It's only because the calculus returns a net positive for me that I continue.
If EU really cares about human rights, they should remove GDPR and embark upon an awareness campaign. Tell people that the only way to pay for free online services is with their private data. If people still opt to do that, it's up to them.
Last I looked, the GDPR gives “data subjects” (=regular citizens) autonomy over their data in the first place. Your argument is rather flawed: how does it help well-informed people to merely know that LLMs use personal information in their training data sets when they cannot legally block OpenAI and others from doing that? What exactly is the upside for individuals when some LLM “knows” personal details about them? I cannot think of anything. By contrast, the misuse potential is huge.
Yes, laws like the GDPR are inconvenient and costly to comply with. But they exist because personal data is harvested, monetised otherwise and used without the individuals’ consent. Which is never to their advantage.
You are very right. There’s a reason GDPR was adopted and that is to prevent harm to data subjects, or misuses of their data. At a deeper level it actually benefits everyone - including companies themeselves because it allows them to anticipate and eleminate problems before they happen. A good example is openai’s data breach. Had they implemented GDPR security precautions it would likely never have happened. They end up reacting by putting security measures in place, which is what gdpr requested in the first place… You end up implementing gdpr anyway…
I could write a sci-fi story (along the lines of Year Zero) about the EU banning LLM AIs over privacy issues.