The potential of the global artificial intelligence (AI) market is immense, and Europe, with its 450 million consumers, presents an opportunity for American tech companies. GDPR, which was adopted in Europe to safeguard consumer protection in online technology, will also have implications for AI technology. US companies must ensure they integrate GDPR into their AI practices to ensure the long-term viability of their AI technology.
GDPR as a Crucial Element
The EU’s General Data Protection Regulation (GDPR), implemented in May 2018, marked a new approach to privacy, encompassing digital and other forms. Other governments have taken similar steps to protect consumers’ use of personal data within their regions. For instance, California has passed the California Privacy Rights Act (CPRA) and has indicated its intent to study the development, use, and risks associated with AI in the state. Furthermore, the EU’s AI Act, proposed by the European Commission in April 2021 and expected to be finalized by the end of 2024, will be the world’s first comprehensive AI law. Some experts believe this could set a standard globally as per the Brookings Institute.
GDPR imposes a broad definition of personal data, covering any information related to an identifiable, living individual stored anywhere. This has significant implications for AI products, both present and future. Ignoring GDPR’s current requirements and the forthcoming AI Act may lead to financial repercussions and necessitate technological adaptations. Notably, recent months have seen fines imposed on both large and small companies for breaching GDPR, emphasizing the increasing integration of data privacy into European law.
According to Doug McMahon, partner at international law firm McCann FitzGerald, it is essential for companies to consider GDPR in the development of any AI product. He warns that breaching GDPR regulations when creating a large language model could result in losing the ability to process any EU citizens’ personal data to train the model, which could be worse than a fine as it would necessitate retraining the model.
Optimizing Regulation, IP, and Taxes
McMahon advises US AI companies seeking success in the European market to consider establishing a base in the EU to ensure GDPR compliance. He emphasizes that having a base in the EU would facilitate addressing European customers’ questions about GDPR compliance and regulatory concerns.
Furthermore, Brian McElligott, a partner at international law firm Mason Hayes Curran, recommends seeking a European location that offers incentives such as a “knowledge development” or “patent box,” which can benefit US AI firms. Countries like Ireland offer a Knowledge Development Box that covers copyrighted software, aligning with AI technology’s legal aspects. This can lead to reduced taxation on profits from licensed revenues derived from the patented or copyrighted software.
Essential Actions
For US AI companies not planning to establish an EU office, fundamental steps need to be taken to comply with privacy requirements. Jevan Neilan, head of the San Francisco office at Mason Hayes Curran, stresses the importance of embedding privacy considerations into AI development from the start. He suggests that while there may be some compliance challenges during the development stages, the end application of large language models must ultimately be compliant with privacy regulations. He advocates for the adoption of a “trustworthy AI” approach.
It is projected that there will be transparency requirements for AI systems interacting with humans like chatbots and emotion-detection systems, necessitating global disclosures on most websites and apps. McMahon advises companies to ensure proper data protection notices are available on their websites, along with opt-out mechanisms for users.
Prioritizing Individual Privacy
McMahon underscores the importance of GDPR compliance for companies using licenses from providers like OpenAI and those leveraging third-party large language models. He emphasizes the need for providers to demonstrate GDPR compliance in their model creation processes.
The evolving regulatory landscape may pose challenges for US firms seeking to enter the expansive European AI market. However, McElligott believes that adherence to GDPR and the AI Act will ultimately benefit the market by instilling greater consumer confidence in the EU’s approach to trustworthy AI, potentially boosting the market.
Featured Image Credit: Provided by the Author; Pixabay; Pexels; Thank you!
