The promise of the global artificial intelligence market is staggering, and Europe, with its 450 million consumers, is an ideal location for U.S. technology companies to exploit the opportunity. While Europe has adopted GDPR To ensure consumer protection in online technology, compliance with these laws will also apply to AI technology. U.S. companies must ensure they integrate GDPR into AI as a way to future-proof AI technology.
GDPR is key
The EU’s General Data Protection Regulation (GDPR), which came into force in May 2018, has paved the way for a new approach to privacy – digital and otherwise – but is not the only government in this type to help consumers use their personal data in a geographic area. region. Some American states have followed suit, California California Privacy Rights Act (CPRA) and recently announcing that it will study the development, use and risks of AI in California. Now the European AI law , first proposed in April 2021 by the European Commission and expected to be finalized by the end of 2023, will be the world’s first comprehensive AI law. Some believe this could lead to the establishment of a global standard, according to the Brookings Institute.
As any company operating in Europe knows, the GDPR imposes a broad definition of personal data covering any information relating to an identifiable, living person stored anywhere. This personal data is subject to a significant number of protections that fully apply to certain AI products, present and future, with some financial implications and technological revisions for those unaware of the current GDPR requirements and the impending Data Protection Act. ‘AI. In recent months, fines have been imposed on businesses large and small for GDPR violations, as data privacy is now enshrined in European law.
According to Doug McMahon, partner at international law firm McCann FitzGerald, specializing in IT, intellectual property and GDPR implementation, businesses should now look to the future. “If I am a company that violates the GDPR when creating a large language model and I am told that I can no longer process the personal data of EU citizens to train my model, this is potentially worse than a fine because I have to retrain. my model.” The advice is to think about GDPR now for any AI product.
Optimizing regulations, intellectual property and taxes
McMahon advises US AI companies looking to succeed in the European market. Although companies can do business there while being based in the United States, “from a data protection perspective, having a base in the EU would be ideal because the company’s European customers will have questions about your GDPR compliance. Established in Europe and directly subject to GDPR will help you sell in Europe.
The next step requires some research since the EU has 27 member states and 27 regulators, and not all regulators are the same, he says. Furthermore, no American company wants to deal with the regulator of each country where it operates, which would be the case without a European office. Although the choice of regulator is unlikely to be the main factor in deciding where to locate a European base, companies will want to choose a location in the EU “with regulators used to regulating very complex data protection companies which process a lot of personal data, such as in the field of social media, which have a legal infrastructure with advisors very familiar with the complex processing of personal data and a judicial system well versed in the field of data protection “, explains McMahon.
As Brian McElligott, partner and head of the AI department at international law firm Mason Hayes Curran, said, finding a European location that offers “knowledge development” or a “patent box” can benefit U.S. companies of AI. Available in countries like Ireland, “the Knowledge Development Box covers copyrighted software, which is exactly the legal manifestation of AI technology,” he says. Assuming a US company located in a country like Ireland, “if your technology is protected by a patent or copyrighted software, you may consider reducing the tax on profits from income licensing your technology covered by these patents/copyrighted software to an effective level.” tax rate of 6.25%.
Most important actions
Even if a US AI company chooses not to open an office in the EU, fundamental steps must be taken to stay on the right side of privacy requirements. Jevan Neilan, head of the San Francisco office at Mason Hayes Curran, notes: “The challenge for these companies is having a lawful data set or a data set that can be used legally. It’s a difficult prospect for businesses, especially when you’re a startup.
“From scratch, you should build in complete privacy,” he advises. “There may be imperfect compliance during the development stages, but ultimately the application of the big language model must be compliant at the end point of the process.” The guiding principle should be “trustworthy AI,” he says.
In fact, it has been mentioned that likely transparency requirements for AI that interacts with humans, such as chatbots and emotion detection systems, will lead to global disclosure on most websites and apps. McMahon says: “The first tip is to look at your training dataset and make sure you have a proper data protection notice on your website to give to users and make sure there is a unsubscribe mechanism if you are the creator. of the AI dataset.
Keep Privacy in Mind
The AI market is so promising that it attracts businesses of all sizes. According to McMahon, “Most companies will use a license from, say, OpenAI to use their API. They will implement this and then provide services to users. In this case, they must define their end user and whether they offer a service to individuals or a service to a company. In the first case, they need to think about what data they collect about them and how they will meet their transparency obligations. In both cases, they must have a GDPR compliance program in place.
But due diligence doesn’t stop for small enterprises by leveraging large third-party language models, he adds. “The underlying architecture provider should be able to say that they have created their models in compliance with the EU GDPR and have processes in place to show that they have thought this through,” McMahon insists.
The expanding regulatory environment could challenge U.S. companies seeking to enter the vast European AI market. Still, ultimately, these rules will help, according to McElligott. “Those looking to Europe with their AI models should look at GDPR and AI law and conduct a threshold analysis to determine whether their AI products can be classified as high risk” , he advises. Increasing regulations “could create a temporary slowdown in investment or progression of technology in Europe relative to the United States, but ultimately greater consumer confidence in AI’s trusted approach to technology.” “AI could drive the market,” he says.
Featured Image Credit: Provided by author; Pixabay; Pixel; THANKS!