INTRODUCTION Corporate governance stands as the backbone of organisational integrity and accountability. The contemporary world,…
Data Portability and AI
Introduction
The significance of the topic stems from the fact that data created by virtual assistants can be both sensitive and valuable, and it is imperative that users have the autonomy to manage and utilize their data according to their preferences. There could be several reasons why users would want to transfer their data to another platform, such as switching to a different virtual assistant or service, or simply moving to another device or platform while carrying their data along with them.
According to the , the right to data portability is the entitGDPRlement to obtain data that has been processed through automated means, on the grounds of consent or agreement, in a format that is ‘structured, commonly used, and machine-readable.’ This data can then be transmitted to another controller without encountering any obstacles.
[Image Sources : Shutterstock]
The concept of Data Portability asserts that people have the entitlement to transfer their personal data from one platform to another. This idea is based on advancements in the digital economy, where data is regarded as a form of intangible property. In addition, within the framework of EU law, data portability strengthens the protection of privacy rights, elevating them to the level of fundamental human rights. The human rights context of the right to portability confers upon individuals the freedom to choose and exercise greater control over the use of their personal data by third parties. The ability to transfer data between different platforms would expand consumer choice and competition, fostering innovation and better services for users. For instance, if a platform becomes unavailable, such as in the case of ChatGPT at times, users should be able to easily switch to another without experiencing any disruption.
In January 2012, the European Commission proposed a General Data Protection Regulation that included the right to Data Portability. Subsequently, in October 2013, the European Council of Heads of State or Government emphasized the Digital Agenda and Innovation, and its conclusions referred not only to data portability but also to a more comprehensive notion of portability of the digital life. The European Council Conclusions read as follows:
“…There is also a need to address the bottlenecks in accessing one’s “digital life” from different platforms which persist due to a lack of interoperability or lack of portability of content and data. This hampers the use of digital services and competition. An open and non-discriminatory framework must therefore be put in place to ensure such interoperability and portability without hindering the development of the fast-moving digital sphere and avoiding unnecessary administrative burden, especially for SMEs…”
The European Council emphasized the importance of data portability and interoperability as part of the broader concept of “portability of the digital life.” This highlights the global significance of the discussion on data portability and its impact on competition, innovation, and consumer choice. However, the resulting legislation, the General Data Protection Regulation (GDPR), which came into force in 2018, seems to have a narrower perspective on portability. According to Article 20 of the GDPR, data subjects have the right to receive personal data concerning them and transfer that data to another controller. The scope of this right is limited in that, firstly, it can only be exercised when personal data is processed based on consent or contract and automated means (Article 20(1) (a-b) GDPR). Secondly, it applies only to personal data provided by the data subject concerned. Thirdly, transmission from one controller to another must be technically feasible (Article 20(2) GDPR).
However, there is an ongoing debate that the extent of portable data is not clearly defined for many situations. This issue also arises in the context of AI chatbot technologies, where it can be challenging to determine which chat-generated data are personal and which are not. ChatGPT, a large language model developed by OpenAI, is used by numerous individuals for various purposes such as search queries, personal assistant tasks, and more, resulting in ChatGPT collecting and generating a considerable amount of data about its users, including their search history, preferences, and other details. While a chat transcript may not reveal the user’s identity on its own, when combined with other data points, such as IP address or device information, it can potentially become personal data, which regulators must take into account.
The author agrees with the notion put forth in academic literature that the interpretation of “data provided” by the data subject for the purpose of portability rights should be construed broadly to encompass information beyond what is expressly provided by the data subject. This broad interpretation would mean that the right to data portability would cover not only the data explicitly provided by the data subject, such as personal details like names, addresses, ages, and preferences, but would also extend to other data collected in relation to the data subject through a contractual agreement or with their consent. Furthermore, if this approach is adopted, information such as geo-location collected through cookie selection would also be covered under portability rights.
The European Commission has expressed its support for this position and plans to expand the right to portability in its European strategy for data. Recently proposed legislative acts, including the Data Act, the Data Governance Act, and the European Health Data Space Regulation, are expected to promote an “enhanced” right to data portability as a critical tool for empowering individuals.
Conclusion
To sum up, the ability to transfer search history from platforms like ChatGPT to other platforms raises important questions regarding data ownership, control, and portability in the realm of AI. Discussing this topic would reveal the intricacies of data portability within the context of AI and would emphasize the importance of platforms taking into account the competition law and human rights dimensions of data portability while formulating their data policies and practices.
Author : Tanya Saraswat, in case of any queries please contact/write back to us via email to [email protected] or at IIPRD.
References
- https://www.theippress.com/2023/04/07/data-portability-and-ai-can-you-move-your-chatgpt-conversations-to-other-platforms/
- https://www.law.kuleuven.be/citip/blog/the-broadening-of-the-right-to-data-portability-for-internet-of-things-products-in-the-data-act-part-i/#:~:text=The%20GDPR%20was%20the%20first,those%20data%20to%20another%20controller