InfoReg examines regulation of ChatGPT, AI in SA

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 06 Apr 2023

South Africa’s Information Regulator is holding internal discussions on how to approach the regulation of viral chatbot ChatGPT and other artificial intelligence (AI) technologies, to ensure they don’t violate data privacy laws.

This is according to advocate Pansy Tlakula, chairperson of the Information Regulator, speaking to ITWeb following a media briefing at its offices in Tshwane yesterday.

Tlakula highlighted the importance of developing a framework that will govern emerging Web 3.0 technologies, such as Microsoft-backed OpenAI’s ChatGPT, which has set social media abuzz with discussions around the opportunities and dangers of this innovation.

While such emerging technologies are expected to unlock infinite business opportunities across sectors, Tlakula believes gaining in-depth understanding of the data privacy implications is an important first step her office should take prior to introducing guidelines, or considering developing a framework for the uncharted territory.

Last week, Italy became the first country to ban ChatGPT, saying the chatbot unlawfully collects personal data – breaching the country’s data privacy rules.

There are growing concerns over the potential risks of ChatGPT and other AI-based technologies, relating to infringement of user rights, copyright protection and manipulation, as organisations across the globe race to rollout AI systems.

“We are aware of these new technologies and we have been having discussions about them. We believe that before we go all out regulating technologies, such as ChatGPT and artificial intelligence, we need to inform ourselves technically about these issues to gain enough understanding on the approach to take in introducing regulations.

“This is a very important step because I believe going forward, data privacy will be mainly violated through these emerging technologies. With many things happening out here, I am even fearful and wonder if regulation would be able to appropriately deal with the complex risks posed by these technologies,” Tlakula told ITWeb.

The Information Regulator is mandated to ensure organisations put in place measures to protect the data privacy of South Africans under the Protection of Personal Information Act (POPIA).

The office has been conducting high-profile investigations relating to Promotion of Access to Information Act and POPIA complaints received over the past year.

According to Tlakula, the regulator received 895 complaints relating to alleged violation of POPIA during the 2022/2023 financial year. Of these, 616 (68.8%) have been resolved.

When asked to provide a timeframe on how soon the regulator will start on the process of assessing and/or drafting regulatory guidelines for emerging technologies, Tlakula noted: “I’m not in a position to give you a timeframe because we also have so many things on our plate at the moment, which we are prioritising that affect South Africans right now.

“We are currently setting our sights on the direct marketing industry and surveillance technologies, which are some of the areas we are prioritising regarding data privacy.”

The sale of personal information is another data privacy contravention the regulator has observed of late. This, it says, has led to it working closely with the National Credit Regulator on reported cases.

Advocate Pansy Tlakula, chairperson of the Information Regulator.
Advocate Pansy Tlakula, chairperson of the Information Regulator.

Launched by OpenAI in November 2022, the text-based ChatGPT has the ability to interact in conversational dialogue form and provide responses that can appear human. It can also draft prose, poetry or even computer code on command.

It is built on top of OpenAI’s GPT-3 family of large language models, and is fine-tuned with supervised and reinforcement learning techniques.

On 30 March, the European Consumer Organisation launched an appeal, calling on all authorities to investigate the harm that can be caused by all AI chatbots.

The call came after the European consumer watchdog was notified of a complaint filed with the US Federal Trade Commission by the Centre for Artificial Intelligence and Digital Policy, about the potential cyber security risks and privacy practices of ChatGPT and similar technologies.

Germany is among the European countries anticipated to follow in Italy's footsteps by banning ChatGPT.

The European Commission is currently applying its mind to the introduction of the world's first legislation on artificial intelligence, called the AI Act.

Last week, OpenAI co-founder Elon Musk and Apple co-founder Steve Wozniak were among hundreds of IT experts who called for these types of AI systems to be suspended, amid growing questions about how to keep them within the confines of human rights.

Jon Tullett, associate research director at IDC, says the greatest concern around ChatGPT and similar technologies stems from users sharing sensitive information with the service, in their prompts, and that information in turn potentially leaking, as happened with ChatGPT.

“More generally, it's about the data-handling governance around user-submitted data.South Africa's Protection of Personal Information Act is drafted to provide privacy governance compatible with global standards, notably Europe's GDPR.

“That already covers instances such as this one. There may be future issues which need attention as the impact of AI grows, in areas like copyright or identity theft. It's an area which policymakers around the world are watching closely; there's a lot of debate about the ethics and possible legal implications, so it's likely we'll see policy changing over time,” he comments.

ICT industry pundits have been raising concerns around the key challenges facing South African policy-makers in developing regulations that will govern Web 3.0 technologies, citing the lack of education and understanding of these innovations among the key hindrances.