Privacy troubleshooting for Snap’s GenAI chatbot, UK watchdog warns industry

The UK’s data protection supervisory authority (ICO) has just concluded a nearly year-long investigation into Snap’s AI My AI chatbot. The ICO said it was satisfied that Snap had addressed issues relating to risks to children’s privacy. However, the ICO also issued a general warning to businesses about proactively assessing risks to user rights before bringing new generation AI tools to market.

Generative AI is a type of AI often used to create content. In Snap’s case, the technology powers a chatbot that can respond to users in human-like ways, such as texting and sending Snap photos, allowing the platform to provide automated interactions.

Snap’s AI chatbot is powered by OpenAI’s ChatGPT, but Snap says it applies various safeguards to the app, including rule-based programming and age-sensitive defaults, to prevent children from viewing Inappropriate content. Snap also integrates parental controls.

Stephen Almond, ICO’s managing director of legal risk, said in a statement on Tuesday: “Our investigation into ‘My AI’ should serve as a warning to businesses. Organizations developing or using next-generation AI must consider data protection now from the ground up, including assessing and minimizing risks to people’s rights and freedoms before bringing products to market.”

He added: “We will continue to monitor organizations’ risk assessments and use the full range of our enforcement powers – including fines – to protect the public from harm.”

Last October, the ICO sent Snap a preliminary enforcement notice over what it described as “potential deficiencies in properly assessing the privacy risks posed by the new generation AI chatbot ‘My AI ‘ cause”.

That preliminary announcement appears to be the only form of public reprimand for Snap. In theory, sanctions could impose fines of up to 4% of a company’s annual revenue in the event of a confirmed data breach.

However, the ICO said Snap had taken “significant steps to conduct a more thorough assessment of the risks posed by ‘My AI'” after the ICO intervened. The ICO also said Snap had demonstrated that it had implemented “appropriate mitigation measures” to address the issues raised – but did not detail what additional measures, if any, the company took. you have done.

Details are likely to be revealed when the regulator’s final decision is announced in the coming weeks.

The ICO added: “The ICO is satisfied that Snap has now carried out a risk assessment in relation to ‘My AI’ in compliance with data protection law. The ICO will continue to monitor the implementation of ‘My AI’ and how it is being addressed.” address emerging risks.”

A Snap spokesperson said: “We are pleased that the ICO has accepted that we have taken appropriate measures to protect our community when using My AI. Although we have been careful to assess Assessing the risks posed by My AI, we accept that our assessment could be more clearly documented and have changed our global procedures to reflect our constructive feedback. ICO. We welcome the ICO’s conclusion that our risk assessment is fully compliant with UK data protection law and look forward to continuing our constructive partnership. .”

Snap declined to provide details on any mitigation measures it has taken in response to the ICO’s intervention.

The ICO says next-generation AI remains its enforcement priority. The ICO provides developers with guidance on AI rules and data protection. The ICO is also opening a consultation to seek views on how privacy law should be applied to the development and use of next generation AI models.