Working with non-executive directors on AI privacy issues
A friend in need is a friend indeed – every DPO has an ally in a non-executive director, and it is time to build that relationship. By data privacy law consultants Abigail Dubiniecki and Ashantel Lachhani.
Around the time that the EU was putting the finishing touches to the EU AI Act and an open letter urging AI labs to “pause giant AI experiments” absent robust AI governance systems was gathering thousands of signatures,(1) Italy’s Garante reached into its GDPR enforcement toolbox to bring OpenAI’s much-hyped ChatGPT to heel. According to the Garante, Chat-GPT had breached a host of GDPR obligations beyond the data breach of users’ conversations that kicked off the investigation. This was not the Garante’s first foray into regulating generative AI.(2) One month earlier it had suspended an AI ‘“virtual friend” chatbot pending implementation of its enforcement orders.(3)
UK Report subscribers, please login to access the full article
If you wish to subscribe, please see our subscription information.