[Listen to the audio version on Youtube]
If you're expecting the regularly scheduled program, this post isn't that. Instead, it's primarily a message to those people in Brussels that create the EU regulation. As a citizen, I feel like now is an appropriate moment to speak up and state my opinion on something that has gone wrong here. Let's get straight to it.
I'm currently visiting Milan, and right after breakfast, I went back to my hotel room to get a little work done. I opened my editor and got to it. Until, well..., when I tried to open ChatGPT, and was greeted by a message in Italian (and English further down):
Dear ChatGPT user,
We regret to inform you that we have disabled ChatGPT for users in Italy at the request of the Italian Garante.
We are issuing refunds to all users in Italy who purchased a ChatGPT Plus subscription in March. We are also temporarily pausing subscription renewals in Italy so that users won't be charged while ChatGPT is suspended.
We are committed to protecting people's privacy and we believe we offer ChatGPT in compliance with GDPR and other privacy laws. We will engage with the Garante with the goal of restoring your access as soon as possible.
Many of you have told us that you find ChatGPT helpful for everyday tasks, and we look forward to making it available again soon.
If you have any questions or concerns regarding ChatGPT or the refund process, we have prepared a list of Frequently Asked Questions to address them.
—The OpenAI Support Team
Reading this made me angry. See, I have jokingly said that the EU is doing god's work in regulating the US tech companies by actually enforcing data protection policies. And I'm not gonna lie; it is great that it is taken. Indeed, I think it helps them to gain valuable regulatory expertise too.
Still, I think the Italian Data Protection Authority (Italian Garante) massively overstepped its mandate here. That is because a principled data protection policy must not be collectivized. It is alright for the EU to fine tech giants upon wrongdoing or put them in their place; I take no issue with that. But regulation that leads to a blanket ban of ChatGPT for everyone is necessarily wrong and patronizes citizens.
On POLITICO I read that the authorities want to protect minors. Oh really? Then why the fuck aren't they taking drastic action against these widely-available strawberry-flavored e-cigarettes too? Although that may just have been a Berlin-specific issue, I can't tell (only here on vacation).
Anyways, my demand regarding the ChatGPT policy is that it must be everyone's individual choice to use it. After all, it is my data that I'm putting into it, and I, as a responsible adult, Am aware of the data protection issues that come with this tech. In fact, I'm so aware, I might be better informed than some of those in Brussels.
And then, for someone that wants to argue that privacy is a collective concept: Fine, let's steelman your point. For a privacy collectivist could say: "Sure, Tim, it's your data, and hence it must be your choice to use ChatGPT. But consider that you may also leak other EU/Italian citizen's data."
And so, in this case, my prior argument, that it must be a personal choice is weakened, as suddenly, my voluntary ChatGPT inputs can now accidentally expose my neighbor's metadata.
But I'm skeptical of that argument, although I do admit that data has some inter-connectedness to it.Still, the pessimist's view would be that there's always one more mineable metadata in everything that's being put online. So call me crazy, but I anyways feel like building The Great Italian FireLimes is not an appropriate solution to protecting citizens' data going forward.
The Italian Garante's block of ChatGPT is wrong in that the collectivized data protection is paternalistic - or, at least, that's what I'm arriving at!
If you've read Hellen Nissenbaum's "Privacy as contextual integrity," you are aware that a practical implementation of pretty-good privacy is possible with or without ChatGPT.
That is because an educated citizen is supposed to be aware of the contexts that assume special expectations or social norms surrounding information and its flow (read: "Obviously, don't copy+paste you and your friend's chat history in there, dumbass!"). And in fact, I think it's safe to assume that Italians aren't total morons either, as they have for sure by now heard of what happens to their data when they input it into US company web interfaces.
Hence, I arrive at the conclusion that the Italian Garante's block is paternalistic. It asserts that all plebs are stupid and that they're unable to act in a way that would guarantee their European rights and that of their children - "so a block of ChatGPT is appropriate."
Now, while I contrarily believe in the intelligence and agency of my fellow humans, I do think there is a great chance here, namely, to educate more about principled data protection.
Privacy is a revealed preference of many when it comes to vulnerable contexts, but I still feel like our language hasn't developed well enough to properly discuss the topic. And, no joke, I felt enlightened when I first read H. Nissenbaum's work.
I don't think blanket-banning ChatGPT is the way to go here. Not even as a means of sending signals. Protecting privacy must not pit us in a battle of banning a useful tool for the sake of protecting citizen's privacy. And a more virtuous version of me would anyways argue for banning TikTok first then.
Still, I think that Nissenbaum's work is quite complex and I think it could be broken down into something more digestible, e.g., educational material that is intuitively understood by a broad range of people.
And so it is that path, and not overprotecting grow-ass adults that must be the political way forward in dealing with exploitive tech apps.
That's all, thanks for reading.
published by timdaub on 2023-04-28 (in Milan, with the help of ChatGPT!)