Hacker News new | past | comments | ask | show | jobs | submit login

> The GDPR use "process it", which is generic enough to cover AI.

Nope, it's not. Because, again, sending user data to a magic black box may be illegal. While processing it in other ways could be legal.




You are not replying to my comments. You are adding an additional constraint that wasn't in my initial comment.

My point is that if collection and processing is regulated then that covers AI. And thus there is no "sending user data to a magic black box may be illegal" but my whole comment was that this wasn't needed. AI is just a tool, it's just automated processing.

Btw, 'nope' passes off as rather dismissive and rude.


> You are adding an additional constraint that wasn't in my initial comment.

No. I'm showing that your conclusions don't logically follow from the premise.

> My point is that if collection and processing is regulated then that covers AI.

No. No it doesn't.

> but my whole comment was that this wasn't needed. AI is just a tool, it's just automated processing.

And that, too, isn't entirely true, precisely because AI is a tool, and a different one. We always adapt or pass new laws and regulations for new, significantly different, tools.

For example, just because you can process data doesn't necessarily mean that you can process it in any way by any tools available to you. "GDPR allows you process data" does not immediately imply "this data can be processed by AIs". There is a reason why I was "adding additional constraints". Because these constraints are why additional laws and/or regulations around AI are needed.

For example, one of the stipulations of the AI Act is [1]: "AI systems shall be developed and used in a way that allows appropriate traceability and explainability, while making humans aware that they communicate or interact with an AI system as well as duly informing users of the capabilities and limitations of that AI system and affected persons about their rights". The reason being stories like this: https://www.politico.eu/article/dutch-scandal-serves-as-a-wa...

That stipulation alone isn't covered by any existing laws. There are bits and pieces here and there about various processes in various contexts, but this act brings them all together in one coherent form applicable to AI systems (which are appropriately broadly defined in the act [2]).

Or, there's an entire Article 5 explicitly prohibiting the use of AI in sensitive and outright harmful areas. Including things like banning them for large-scale suveillance except in very narrow scopes. Note that, again, there's undoubtedly pieces of this scattered around various regulations, but this one makes them clear and make them specifically applicable to AIs.

That's why I keep repeating: no, the fact that someone allows to collect and process data does not immediately imply that this collection and processing can be done with AIs. Where applicable, this law references existing ones.

[1] Quoting from this excellent article https://softwarecrisis.dev/letters/the-truth-about-the-eu-ac...

[2] Annex I: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: