AI and The European Union's Approach to Data Protection: The Case of Chat GPT

Artificial Intelligence (AI) is advancing rapidly, with generative models like ChatGPT revolutionizing numerous industries. However, these advancements present significant challenges in adhering to data protection regulations such as the General Data Protection Regulation (GDPR) in the European Union (EU). This thesis examines the complex relationship between AI and data protection within the EU, using ChatGPT as a case study to analyze the impact of GDPR on AI technologies. The study explores the intricate dynamics between AI systems and data, focusing on the ethical, data collection and privacy issues inherent in AI-driven data utilization. It evaluates the implications of the GDPR framework on AI development, particularly in relation to provisions for user consent, data anonymization, and algorithmic transparency. Additionally, the research compares the EU’s approach to AI regulation assessing the impact on international collaboration and AI innovation. An aspect of this thesis is the examination of the January 2024 Garante della Privacy ruling, which underscores the necessity for stringent compliance mechanisms, transparency, and robust user consent procedures in AI operations. This ruling serves as a pivotal reference for future regulatory actions, highlighting the practical implications of GDPR enforcement on generative AI models like ChatGPT. Through a comprehensive analysis of ChatGPT’s GDPR compliance strategies and the associated challenges, this study provides insights for policymakers and AI developers. The findings advocate for a balanced regulatory approach that promotes innovation while safeguarding fundamental human rights. The thesis concludes with recommendations for enhancing transparency, user consent, and data privacy in AI systems, and suggests future research directions to address emerging challenges in the rapidly evolving field of AI.