“We are trying to ensure that the artificial intelligence that is developing in France, and which must develop in a harmonized way at European level, is respectful of privacy,” Marie-Laure Denis told AFP. . The president of the National Commission for Computing and Liberties (Cnil) wants to make the institution that protects the privacy of French people the future policeman of AI. The institution, which celebrates its 45th anniversary this year, is keen to enforce the European framework on personal data.
GDPR, the General Data Protection Regulation, “applies to AI,” she said. “And we can’t wait because it’s a technology that is very data-intensive, from training algorithms to interacting with users.”
Moreover, the Cnil has already sent the American company OpenAI, the origin of the conversational robot ChatGPT, a first questionnaire as part of a control procedure after having received five complaints.
“You must be able to access [your personal data], you must be able to request erasure. And for generative AIs which, as their name suggests, generate texts, sounds or videos, there may be a risk on the accuracy of the data, because it is a probabilistic system which is not necessarily reliable,” emphasizes Marie-Laure Denis.
The institution launched an “artificial intelligence service” at the beginning of the year and has just announced its action plan. “In the coming months”, it will submit for public consultation its doctrine on the rules applicable to the training of algorithms and the exercise of the rights of individuals over their data.
In other areas related to AI, it is currently carrying out checks on algorithmic video surveillance cameras used by local authorities, or on technological tools for combating social fraud. “We will most likely control some of the augmented cameras used in the context of the Paris Olympics,” says the Commission.
A sign of the “public authorities’ awareness” of privacy issues, the Cnil now has 270 jobs, a quarter more than before the implementation of the GDPR. “Naturally, with all the challenges ahead, I can only express the wish that these numbers continue to grow”, advances the president, whose mandate expires in February 2024. “The reasons which presided over the creation of the Cnil 45 years ago have never been more topical than in this period of accelerated digitization to protect our fellow citizens against the possible misuse of their personal data, whether by public authorities or by private actors . »
In 2022, according to its annual report, the number of complaints handled by the authority (13,160) exceeded that of complaints received (12,193) – some were pending –, including 7,959 deemed admissible. The Cnil also carried out 345 checks, sent 147 formal notices and pronounced 21 sanctions for a cumulative amount of fines of 101 million euros.
In particular, it is one of the four authorities having asked the Irish authority to pronounce a financial sanction against Meta, with the key to the record fine of 1.2 billion euros announced on Monday.
“In all, 850 decisions were taken at the level of the European Cnil in this logic of concerted regulation […] Very concretely, we see that” that “has concrete impacts on the biggest digital players”, concludes Marie-Laure Denis .