<< 7 Musketeers of Data Protection >>


In the EU & UK there are data protection principles set within regulation or law. Some relate back to the UN’s Human Rights:

(right to) Lawfulness;
(right to) Fairness & transparency;
(right to) Purpose limitation;
(right to) Data minimization;
(right to) Accuracy;
(right to) Storage limitation;
(right to) Integrity & confidentiality;
(right to) Accountability

How might Large Language Models (LLMs) measure up?

These innovations were built on scraping the internet for data. The collected data was then processed in a manner to allow the creation of LLMs & their spin-off chatbots. Then products have been layered on top of that which are being capitalized upon. While oversimplified, this paragraph functions as the language model for this text.

This process, hinted at in the previous paragraph, has not been & is not occurring in a transparent fashion. Since the birth of the World Wide Web, and with it the rise of “social” networks, the purpose of users in uploading their data onto the internet was probably not intended with this purpose (i.e., of large data scraping initiatives) in their mind. The data on users is being maximized not minimized.

The resulting output is rehashed in such way that accuracy is seriously questionable. One’s data is potentially stored for unlimited time at unlimited locations. confidentiality seems at least unclear if not destabilized. Who is accountable; this is unclear

I am not yet clear as to how LLMs measure up to the above 7 data protection principles. Are you clear?

If these principles were actually implemented, would they stifle innovation & market? Though, if these seven were not executed, what would be the benefit & what would be the cost (think value, social relations and democracy here, and not only money) to the user-netizen with “democratized” (lack of) access to these “AI”innovations?

Or, shall we declare these 7 musketeers on a path to a death by a thousand transformable cuts? This then occurs in harmony with calls for the need for trustworthy “AI.” Is the latter then rather questionable; to ask it gently?

References

data protection legislation (UK):
Data Protection Act 2018 + the General Data Protection Regulation 2016

https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted

https://www.legislation.gov.uk/eur/2016/679/contents

General Data Protection Regulation (GDPR)
https://gdpr-info.eu/


Data Protection and Human Rights:
https://publications.parliament.uk/pa/jt200708/jtselect/jtrights/72/72.pdf

https://edps.europa.eu/data-protection/data-protection_en