The Cnil, protector of the privacy of the French, will it be the future police of artificial intelligence? According to its president, Marie-Laure Denis, the institution that celebrates its 45th anniversary this year is interested in enforcing the European framework on personal data.
A control procedure
GDPR, the General Data Protection Regulation, “applies to AI,” he said. “And we can’t wait because it’s a technology that consumes a lot of personal data, from algorithm training to user interactions.”
The American company OpenAI, at the origin of the ChatGPT conversational robot, is already the subject of five complaints before the CNIL, which sent it a first questionnaire as part of a control procedure.
“You have to be able to access (your personal data), you have to be able to request erasure. And for generative AIs that, as the name suggests, generate text, sound or video, there may be a risk in the accuracy of the data, because it is a probabilistic system that is not necessarily reliable”, emphasizes Marie-Laure Denis.
But according to her, “ChatGPT should not concentrate all the energies of data protection regulators. The role of the CNIL is to specify the applicable rules to give actors legal certainty, as much as possible, for AI in general, knowing that this position is then likely to evolve in line with the positions of our counterparts, the forthcoming European regulation on artificial intelligence and possibly case law.”
At the beginning of the year, the institution launched an “artificial intelligence service” and has just announced its action plan. “In the coming months”, it will submit its doctrine on the rules applicable to the formation of algorithms and the exercise of the rights of people over their data to public consultation.
In other areas related to AI, controls are currently being carried out on algorithmic video surveillance cameras used by local authorities, or on technological tools to combat social fraud. “Most likely, we will control some of the augmented cameras used in the context of the Paris Olympic Games,” the Commission says.
As a sign of the “awareness of public authorities” in terms of privacy, the Cnil now has 270 jobs, a quarter more than before the implementation of the GDPR.
“The reasons that presided over the creation of the Cnil 45 years ago have never been as current as in this period of accelerated digitization to protect our fellow citizens against the possible misuse of their personal data, either by public authorities or by of private actors.
In 2022, according to its annual report, the number of complaints dealt with by the authority (13,160) exceeded the number of complaints received (12,193) -some were pending-, including 7,959 admitted for processing.
The Cnil also carried out 345 controls, sent 147 notifications and issued 21 sanctions for an accumulated fine of 101 million euros.
A record fine
Finally, it inaugurated a simplified sanctions procedure that should eventually allow it to adopt “one hundred additional sanctions” per year, and examined 18 draft sanctions proposed by its European counterparts.
In particular, it is one of the 4 authorities that have asked the Irish authority to pronounce a financial sanction against Meta, with the key to the record fine of 1.2 billion euros announced on Monday.
“In total, 850 decisions were made at the level of the European Cnil in this concerted regulation logic (…) Very specifically, we see that” this “has concrete effects on the largest digital players.”
Source: BFM TV
