Logo and Text - white - small
Logo and Text - white - small
Logo and Text - white - small

Implementing ChatGPT in the German Legal Framework – What to Consider and Observe?

Deutsche Version

Welcome to the first article in our series, where we explore the legal, technical, and accessibility considerations of implementing AI technologies, particularly the ChatGPT model, within the German legal system. We’ll address topics spanning data protection, copyright, and various technical requirements and accessibility concerns. Stay tuned for future articles on labor law, liability and security, ethics and discrimination, personal rights and youth protection, as well as compliance.

Let’s start with…

Data Protection

Data protection is a paramount concern when using AI like ChatGPT. User data could potentially be exposed, leading to violations of data protection laws. Uncertainties exist around what personal data is stored when using ChatGPT and how this data is protected. Furthermore, automated decision-making in labor-law related matters with the help of ChatGPT could contravene Article 22(1) of the General Data Protection Regulation (GDPR), a regulation in EU law on data protection and privacy. A Data Protection Impact Assessment (DPIA) under Article 35 GDPR might be necessary when processing personal data using ChatGPT. The use of ChatGPT may require the consent of the data subjects, and obligations may exist to ensure transparency about data processing and the functioning of the AI system.

Here are some proposed solutions to mitigate these concerns:

  1. Data exposure:
    Prior manual screening of training materials is needed to remove personal (non-public or critical) information before training individual AI solutions.

  2. Data storage:
    The methodology or technical concept of AI integration should be outlined broadly in the Terms and Conditions. This overview should provide a clear understanding to the average user and highlight the data storage locations (within Germany, within the EU, worldwide, etc.).

  3. Automated decision-making:
    We currently recommend against full automation of labor law processes. The use of ChatGPT for routine tasks in HR departments, such as assisting in drafting letters or employee information, is not affected. However, if labor-law decisions are to be made or prepared to a nearly full extent by an AI model, this would not be permissible under Article 22(1) GDPR.

  4. Data Protection Impact Assessment (DPIA):
    We recommend appointing a Data Protection Officer, if your company has not already done so, and providing them with the necessary training to ensure a legally compliant implementation of the statutory requirements.

  5. Consent to data usage:
    We recommend extending the “AI-based” label to include an opt-in control field, so an active agreement by the user can occur.

  6. Transparency and information obligations:
    In our understanding, the transparency obligations can be fulfilled by the above-mentioned Data Protection Impact Assessment.

Let’s move on to…

Copyright

When using AI tools like ChatGPT, copyrighted data could potentially be used, which might constitute a copyright infringement. The publication of texts generated by the AI tool could also be a violation if the used data is copyrighted.

As of May 2023, several court and legislative proceedings are pending on this issue. The providers of large AI models (e.g., OpenAI, Microsoft, Midjourney) generally agree in their respective terms and conditions that the AI-generated results are not subject to copyright and that commercial use is permitted. However, there is uncertainty about whether an AI-generated image can be further distributed by third parties, or only by the copyright holder of the original prompt that triggered the generation.

Lastly,

Technical Requirements and Accessibility

The use of ChatGPT on websites or in apps might require the use of cookies or tracking technologies, which need to be disclosed and consented to according to specific legislation. In Germany, and much of Europe, the use of such technologies is regulated by the ePrivacy Directive and the General Data Protection Regulation (GDPR). For American readers, these regulations are akin to the California Consumer Privacy Act (CCPA) and the Federal Trade Commission Act (FTC Act), governing digital privacy and data protection.

When implementing ChatGPT, it is crucial to consider these laws and ensure your use of cookies or tracking technologies is clearly disclosed, and that users are given the opportunity to provide informed consent.

Moreover, you need to consider accessibility, especially if you’re aiming to cater to a broad audience. The Web Content Accessibility Guidelines (WCAG) provide a set of recommendations for making web content more accessible, primarily for people with disabilities, but also for all user agents, including highly limited devices, such as mobile phones. It’s important to ensure that the output from the AI tool is user-friendly and accessible to all, whether it’s being displayed on a website, in an app, or through another medium.

Here are some suggested solutions:

  1. Cookies and tracking technologies:
    If cookies or tracking technologies are used, it’s important to include a comprehensive cookie notice on your site or app, and seek user consent before employing these technologies. Tools such as cookie banners can be employed to make this process more user-friendly and compliant.

  2. Accessibility:
    The output of the AI tool should be designed to comply with the WCAG’s accessibility standards. For instance, you might need to consider providing alternative text descriptions for AI-generated images to aid visually impaired users, or transcriptions for any AI-generated audio content.

To wrap up, implementing AI technologies like ChatGPT in the German legal system is a complex task, and there are numerous considerations to take into account. We hope this article provides a good starting point for understanding the legal and technical requirements, as well as the importance of accessibility. As AI continues to evolve, we can expect to see more guidance and regulations emerge to help navigate these issues. As always, we recommend seeking professional legal advice for your specific situation.

Stay tuned for the next installment in our series, where we delve into more legal considerations of implementing AI technologies, including labor law, liability and security, ethics and discrimination, personal rights and youth protection, and compliance.

About Wawayaro

Wawayaro is a dynamic AI consulting firm specialized in providing innovative solutions tailored to the unique needs of small and medium sized businesses. We leverage our expertise in AI, Prompt Writing, facilitation, and business coaching to help organizations optimize their operations, communication, and problem-solving strategies. Whether it’s crafting compelling prompts for AI systems, facilitating effective team organization, or providing strategic business coaching, Wawayaro is committed to driving success and fostering growth for our clients.

Wawayaro offers AI consulting services led by experienced consultant and business coach, Andreas Riedel. Our tailored solutions include AI Strategy Consulting, AI Customer Experience, Prompt Writing, and Coaching and Facilitation, with a focus on responsible and sustainable AI integration. Contact us to learn how we can help your business thrive in the digital landscape.