708 comments

[ 2.8 ms ] story [ 303 ms ] thread
[Google Translation]

Artificial Intelligence: The Guarantor blocks ChatGPT Illegal collection of personal data. Absence of systems for verifying the age of minors

Stop ChatGPT until it respects the privacy regulation. The Guarantor for the protection of personal data has ordered, with immediate effect, the temporary limitation of the processing of data of Italian users against OpenAI, the US company that developed and manages the platform. At the same time, the Authority opened an investigation.

ChatGPT, the best known of the relational artificial intelligence software capable of simulating and processing human conversations, on March 20 suffered a data loss (data breach) regarding user conversations and information relating to the payment of subscribers to the paid service.

In the provision, the Privacy Guarantor notes the lack of information to users and all interested parties whose data is collected by OpenAI, but above all the absence of a legal basis that justifies the mass collection and storage of personal data, for the purpose of "train" the algorithms underlying the operation of the platform.

As evidenced by the checks carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate processing of personal data.

Lastly, although - according to the terms published by OpenAI - the service is aimed at people over the age of 13, the Authority points out that the absence of any filter for verifying the age of users exposes minors to absolutely unsuitable answers compared to the their degree of development and self-awareness.

OpenAI, which does not have an office in the Union but has designated a representative in the European Economic Area, must communicate within 20 days the measures undertaken in implementation of what is requested by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover.

Rome, 31 March 2023

[translation with google]

Provision of March 30, 2023

Register of measures n. 112 of 30 March 2023

THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA

HAVING REGARD TO Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "Regulation");

HAVING REGARD also to the Personal Data Protection Code (Legislative Decree No. 196 of 30 June 2003);

NOTING the numerous interventions by the media regarding the functioning of the ChatGPT service;

DETECTED, from a check carried out in this regard, that no information is provided to users, nor to interested parties whose data was collected by OpenAI, LLC and processed through the ChatGPT service;

NOTING the absence of a suitable legal basis in relation to the collection of personal data and their treatment for the purpose of training the algorithms underlying the functioning of ChatGPT;

NOTING that the processing of personal data of the interested parties is inaccurate as the information provided by ChatGPT does not always correspond to the real data;

DETECTED, moreover, the absence of any verification of the users' age in relation to the ChatGPT service which, according to the terms published by OpenAI LLC, is reserved for individuals who have completed at least 13 years;

CONSIDERING that the absence of filters for minors under the age of 13 exposes them to absolutely unsuitable responses with respect to their degree of development and self-awareness;

CONSIDERING therefore that in the situation outlined above, the processing of personal data of users, including minors, and of interested parties whose data is used by the service is in violation of articles 5, 6, 8, 13 and 25 of the Regulation;

RECOGNIZING, therefore, the need to have, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT, the extent of the temporary limitation of the treatment;

CONSIDERING that, in the absence of any mechanism for verifying the age of the users, as well as, in any case, of the complex of violations detected, said temporary limitation must extend to all personal data of the interested parties established in the Italian territory;

CONSIDERED it necessary to order the aforesaid limitation with immediate effect from the date of receipt of this provision, reserving any other determination to the outcome of the definition of the investigation started on the case;

RECALLING that, in the event of non-compliance with the measure established by the Guarantor, the penal sanction pursuant to art. 170 of the Code and the administrative sanctions envisaged by art. 83, par. 5, letter. e), of the Regulation;

CONSIDERING, on the basis of what has been described above, that the prerequisites for the application of art. 5, paragraph 8, of Regulation no. 1/2000 on the organization and functioning of the Guarantor's office, which provides that «In cases of particular urgency and in which the Guarantor cannot be convened in good time, the president can adopt the measures pertaining to the body , which cease to have effect from the moment of their adoption if they are not ratified by the Guarantor in the first useful meeting, to be convened no later than the thirtieth day";

HAVING REGARD to the documentation in the deeds;

ALL THE ABOVE CONSIDERING THE GUARANTOR:

a) pursuant to art. 58, par. 2, lit. f), of the Regulation, urgently provides OpenAI LLC, a US company that develops and manages ChatGPT, as owner of the processing of personal data carried out through this application, the measure of the temporary limitation of the processing of personal data of data subjects established in the Italian territory;

b) the aforesaid limitation has immediate effect from the date of receipt of this provision, subject to any other determination following the outcome of the definition of the investigation started on the cas...

And here is a translation by ChatGPT (GPT-4) together with a diff against what Google Translate provided you: https://www.diffchecker.com/gPop1UpU/ (Google Translate on the left, GPT-4 on the right)

Now we just need a authentic Italian to tell us which version is most accurate :)

I found Google Translate to be quite poor at translating nowadays, so I'd say GPT wins hands down. A worthy translating tool to me is deepl.com. Here's a diff between DeepL and your previous GPT one: https://www.diffchecker.com/jMgSgidy/

That said, all 3 do a decent job at translating, it's really hard for me to say which got closer (I can say GTranslate sure didnt, but it's not far behind) those kinds of docs employ legalese that's sometimes way removed from colloquial italian (e.g. "ovvero" almost always means "that is" in italian, but always means "or else" in legal documents).

"RECOGNIZING, therefore, the need to have, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT, the extent of the temporary limitation of the treatment;"

I'm Italian. The proper translation is: "RECOGNIZING, therefore, the need to have the measure to temporarily limit the treatment, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT". Everything else is translated pretty well.

Curiously, their flaws balance out to neither being all that better. GPT-4 gets some words right, but changes the formal tone to something more casual, which doesn’t happen with Google’s translation. If it didn’t, it would probably be the better translation.
GPT article summaries are also always super generic and miss the tone. Even if you tell it to be more specific.
I’m Italian. Google Translate is better here
This 4% rule really has teeth. It is even more interesting for Microsoft, where this would probably eat most of the profit.
God please make them consider Microsoft the owner and calc revenue based on Microsoft's global revenue.
They should and both O̶p̶e̶n̶AI.com and Microsoft were caught by this regulator in the EU.

If this regulator knows what is best, they should definitely fine Microsoft 4% of their global revenues on top of that reckless chat history leakage incident O̶p̶e̶n̶AI.com had.

There is a reason why Google launched Bard in non-EU countries.

The poor quality of Bard answers and the fact it is able to speak only English may most likely be a more important factor
Capped at 20 million euros
Not so. The maximum fine for serious GDPR infringements is up to 20 million Euros or 4% of global turnover, whichever is higher.
https://gdpr.eu/fines/ - 20 million euros or 4% of global turnover, whichever is higher. It's not capped; it's designed to be more harmful to smaller businesses†, but it does scale with business size.

† I mean, that's probably not the exact intention, but that is the effect of a huge monetary cap alongside the proportion of turnover. I also think 4% of turnover is problematic given the old Pinto equation (https://www.spokesman.com/blogs/autos/2008/oct/17/pinto-memo... ); I'd rather a cap set in the region of 150% of global gross profit, but capitalists would never go for that.

No. You can be fined in the billions under the GDPR if your turnover warrants it.
I wonder why corporations that don't have a physical presence in other jurisdictions play along. Technically, a country can block services they don't like. It really is their problem if their citizens are choosing to use a foreign service.

Is there a legal reason to play along? Trade agreement violation? Or, is it just a matter of wanting to keep those markets.

Corporations are suffered to exist at the whim of the State. Without corporate recognition, personal liability snaps into sharp relief, and suddenly guys with guns may end up knocking at your door for God knows what. Also, yes. No one wants to lock themselves out of a market over what could be easily remedied through implementation of a compliance program. That's leaving money on the table.

In short, walk with care on the feet of Caesar. For you are small, and once roused to anger, said train has not been known to quickly brake.

Ironically the GPT4 translation is better

>Both translations effectively convey the main points and ideas of the original Italian text. However, the translation I provided seems to be more fluent and coherent, using more natural English phrasing and terminology. For example, "the Guarantor for the protection of personal data" is translated as "the Italian Data Protection Authority," which is more common and clearer in English.

>While Google's translation is generally accurate, it has a few awkward phrases or word choices that make it slightly less clear or idiomatic, such as "the best known of the relational artificial intelligence software" instead of "the most well-known relational artificial intelligence software."

>Overall, the translation I provided is more polished and reads more smoothly in English, which may be preferred for better understanding and clarity.

>Taking into account accuracy, fluency, and clarity, I would rate the translations as follows:

>My translation (ChatGPT): 95/100

>- The translation is accurate, fluent, and clear. It effectively conveys the original text's meaning and reads smoothly in English. The phrasing and terminology used are natural and idiomatic.

>Google's translation: 85/100

>- The translation is mostly accurate, but there are some instances of awkward phrasing or word choice. Some sentences may not read as smoothly or clearly as they could in English. Despite these issues, the overall meaning is still conveyed. Please note that these ratings are subjective and may vary depending on individual preferences and interpretation.

> Ironically the GPT4 translation is better

Not irony, demonstrating the point that GPT lies.

No it doesn't. I find its evaluation rather fair.
As a European, it was nice being able to participate for a while. See you in 20 years.
Nah, this is a good move. These huge companies need to stops behaving like they own the world.
In what way does ChatGPT behave like they own the world?
Search (basically Google and now ChatGPT) do have a history of moving beyond the 10 blue links that search used to be, for better or worse- at the cost of the people that create the content.

Also neither company seem to have much regard for user privacy.

By indexing and training on everything it can find in the internet?!

To explain this further: OpenAI et al. (as commercial products) are being trained on content that is published under licenses that allow non-commercial use only. Do those systems respect these licenses? It doesn't look like that. "AI companies" need to stick to laws but as nobody is able to look inside their blackboxes, we can't make sure they follow the law. That's where legislation like this comes from.

> By indexing and training on everything it can find in the <PUBLIC> internet?!

and that's bad because?

I would see the point if they were training on my private data I entrusted to somebody and they illegally obtained it without my permission. Are they doing that?

(comment deleted)
They don't copy and reproduce the data. They change it sufficiently for the licence to have any say. Fair use it's called.
Fair Use is a US-specific notion and doesn’t exist in that form in most other countries.
They use every bit of data they can find without regard to the rights of the authors, publishers, or subjects of the data?
Is this coming from the same community that has always said that copyright has to be abolished?
The same community that is upset when people get caught using licensed open source software who don't follow the licenses requirements yes
Orthogonal complaint.

As long as copyright is here; it is expected big players are to be bound by it to the same degree they push legal systems to bind the little guy.

What you get instead, is the big guy pilfering the little guys under the justification that "it's different when we do it, and if you challenge us, I'll put my subsidized legal department to work burying you."

Copyright needing significant overhaul or abolition doesn't detract from that state of affairs, I hope we can agree?

Data wants to be free.
I think you mean you want data to be free. In many situations I agree with you, but ascribing wishes or desires to the concept of data itself really isn't an argument of any substance.
But a robots.txt file in if you don’t want a search engine to index you. GPT is just a semantic search engine.
How is this the business of a PRIVACY watchdog?
Read the ruling.
Thank you, exactly. The question is when Italy is going to move on Google for using Oracle's copyrighted Java API. Disgusting the EU has allowed it so far, clearly a blatant violation of sacred licensed information.
to this I would like to add that here in italy we also have "MonitoraPA" (monitoring public administrations) This is an observatory run by volunteers that takes care of verifying data transfers of users (i.e., citizens accessing Italian PA services) to foreign companies (typically USA). The latter, by virtue of more favorable legislation in their home states, can do whatever they want with such data and are required to hand it over to the government upon simple request. In this way, Italian citizens lose any guarantees enshrined in our country's legislation, starting with the constitution itself, as well as the GDPR
These huge governments need to stop behaving like they own the citizens
Those Governments are operating purportedly on behalf of their citizens. It is not they that need to justify themselves worthy of recognition and the privilege of doing business within the jurisdiction.

As Mom used to put it: The world ain't gonna change to accommodate you. You must adapt to it. When in Rome; pick 1:

  Do as the Romans 

  embrace the consequences of   non-compliance 

  GTFO
The world is otherwise your Oyster, until it isn't. The larger part of Wisdom is learning to recognize and accept when it isn't.
Crazy to see how fast all of this is evolving. Honestly the downside of explosive growth is that all of a sudden you need to ramp up resources to deal with these sort of legal T&C issues.

It makes sense that now that they're huge they need to operate as a more mature company.

They'll hire some expensive lawyers and enable Facebook style age verification on sign up and they'll get away from this one. But I'm sure they'll have a thousands of other random requests from all over the world

The GDPR has extensive requirements that can't be met by ChatGPT because it's training on public data sources everywhere.
If they're in violation of EU privacy laws then how are they not fined for it or outright banned? I got a fine from the local court in Germany because I put a google maps widget on my company's "about us" page, the court gave me 30 days to remove it.
Can you show us the exact document you received ?

I very much doubt it happened the way you describe it, you're probably omitting very important details

I’d believe it. Apparently you can’t use any 3rd party service that might expose merely an IP address thru a network request directly from the client. A map widget would do that.
I think the scepticism comes from the fact that there haven't been many stories about small businesses being hit with GDPR violations as minor as that; not that it's not a technically, feasibly valid story.

So while I won't join in the assumption that the story was a lie/exaggeration, I am equally interested in getting the full details because I'd like to know if it's the case that minor violations like that actually are being enforced.

You can as long as you ask for consent.

In which case the detail OP ommited would be that they did not in fact ask for consent

That's exactly what the fine was for - apparently I should have displayed a prompt and asked the user if he allows to see a google maps widget. It's definitely my fault but to my defence I've never seen anything like this on any website in my life.
> how are they not fined for it or outright banned

Does OpenAI have a legal presence in Europe? If not, there isn't an enforcement channel. I suppose they could block EU IPs, but until enforcement is threatened they have better things to focus on.

"Public" data sources aren't in conflict with GDPR
how do I enforce my right to have my personal data updated/forgotten with a neural network?

or test it has been implemented?

How do you even test that it has it in the first place?
[flagged]
Everyone who opposes Silicon Valley is a fascist? Meloni hasn't really done much and appeases the EU on most issues. Berlusconi was already called a fascist 20 years ago.

If Italy has a problem, it is too much bureaucracy, not fascism.

It's authoritarian to prevent their citizens from using a tool that makes them more productive and gives them a way to explore a new technology. Imagine if Italy banned Google searches in 2002. Actually, China did that and we rightfully called them authoritarian then, just like we should call Italy authoritarian now.
…right, all of the world should give away their secrets for training purposes to make OpenAI more money ?

Give me a break…

If someone wants to "give away their secrets", it is authoritarian to tell them they can't.
but it goes both ways, I should also have access to technology without having to give away my secrets :)
Nope, it's enforcing an EU directive. Read up GDPR.

Italy is actually trying to protect its citizens.

If I were an Italian citizen I wouldn't feel very protected if I were blocked from accessing software I wanted to use.
Nothing is more freeing than having Nanny making all your decisions for you.
China claims its firewall is about protecting its citizens too. How is it different?
How is it the same? Is it because both sentences contain the word "claim" in them, do you disagree about the Garante acting to enforce an EU directive, or what?
I mean that China justifies their firewall by saying it's for the protection of their citizens, which is the same justification given here for Italy wanting to block ChatGPT. If you're saying that Italy is truthful about their reasoning but China isn't, what sort of process is being used to determine that?
> If you're saying that Italy is truthful about their reasoning but China isn't, what sort of process is being used to determine that?

I don't know. What sort of reasoning lead to your initial claim?

Italy is definitely succeeding at protecting its citizens from entering the 21st century.

Let’s be real here. Italy is a dinosaur and scared shitless of change. ChatGPT, lab grown meat, immigration, the list will only get longer.

Not that the US has a positive record on immigration. There's no wall in Sicily, at least.

Keep on gifting your data to the megacorps, I am sure they care about you.

>Not that the US has a positive record on immigration. There's no wall in Sicily, at least.

You’re kidding, right? You have a massive sea acting as a wall against the undesirables. The US has more legal immigrants than any other country in the world.

No one thinks megacorps care about them, it’s just a business transaction. If I didn’t find what I’m getting in return valuable, I wouldn’t participate. This is how it works outside of nanny states.

Enjoy your state not protecting you,then. You don't even have the right to health,after all.
Same as you don’t have the right to food, right? You must all be dying in the streets from starvation.
Now do protecting our IP and content from unwanted openai scraping. Just because a blog or book is out in the open it doesn't mean a company should immediately integrate it in their product - which is what open ai does. Pay for it and if i agree on the price I shall let you use my content.
If you put it out in the open – someone might read it. If they read it – they may remember it and retell it later or use it in their works. That someone may or may not be a human person. If you want to get paid for the work – don't put it out in the open.
Yes, and that's by mutual agreement. I allow you to read my content in exchange for money or traffic. That doesn't mean open ai, a company building a product, has the right to use my work word by word to train their model without my constent and then monetise it - that's theft. Where's the option to remove my content or to stop open ai from using it?
> I allow you to read my content in exchange for money or traffic.

Hold on, when did I consent to you monetizing my traffic? I just want to read your content. Pay me a share of the money and then we'll see if I want to allow you to use my traffic to make money.

An excellent point. That's why we have GDPR in europe to prevent me from using you as a source of income without your consent.
Or, knowingly/unknowingly allowing someone else to. Really GDPR is the implementation of an actual legal requirement around the old concept of professional discretion. I.e. my business records with a European Citizen are not valid targets of subsequent unrelated transactions without consent; something which is importantly defined as not being granted by default, or invalidated when obtained through deceptive means.

That the rest of the tech world was so enraptured by the fact that suddenly, handing off people's business records to somebody else no longer involved literally moving boxes of paper, and threw professional discretion to the winds is more an indictment of the state of mind and sense of entitlement of the typical tech-enabled business class as a whole than a condemnation of the allegedly "backward" European Union.

t. American Technologist actually proud of the EU for standing up for common decency, and recognizing exploitive behavior when they see it.

> If they read it – they may remember it and retell it later or use it in their works

And if their remembering-and-retelling constitutes a "derivative work" (or, perhaps, a "public performance"), they may be in trouble, despite the original work being openly published.

So I can copy any patented machine as long as it's been commercialized right ? Same for medicine, open source software can be pillaged without regard to licenses I assume, since they're available on the open
Your argument applies just as well to copying any book and selling it. But that's considered piracy and illegal. But when American tech giants copy it's legal. It should be the same for everyone.
I really don't get this kind of bans. When I connect to a service in the US, my bits are traveling there. Italy "banning" ChatGPT (whatever it means) is like preventing me from getting high in Amsterdam because, as an Italian citizen, I should not be allowed to.. Never got it, and never will.
Singapore actually does drug tests on random Singaporeans returning from holidays to enforce exactly that.
That's mental. I guess they're trying to encourage people abstain altogether, but what'll actually happen is anyone inclined to dabble will steer clear of the kind of substances that can be detected for a while after you take them and use things that disappear relatively quickly.

"No weed for me thanks, I don't wanna take any chances. I'll stick to the cocaine tonight"

Singapore has to be one of the worst places to live. I don't care how 'nice' their society might seem, their overstep is too steep by far.

"Custom officers can subject travellers to a drug screening test at the point of entry to Singapore. If you test positive for drugs, you can be arrested and prosecuted, even if the drugs were consumed prior to your arrival in the country."

That's insanity.

[flagged]
> Reportedly some of the happiest people on earth

They seem pretty far from the Scandinavian countries.

Besides, I'd find it hard to trust any results from a totalitarian country.

> It sounds insane to you because you’re used to the filth we live in and don’t even see the decay that’s all around us anymore. Crime and violence are normal in our world and a government that won’t tolerate it is a foreign concept.

There are plenty of civilized countries with low crime rates that are not totalitarian.

[flagged]
Had to read about suicides in Singapore. I could not believe this, but apparently suicides were ILEGAL in Singapore until recently :

Suicide was decriminalised in Singapore with the passing of the Criminal Law Reform Bill on 6 May 2019.

Before that, Section 309 of the Penal Code stated that "Whoever attempts to commit suicide, and does any act towards the commission of such offence, shall be punished with imprisonment for a term which may extend to one year, or with fine, or with both."[13] The section was rarely enforced, between 2013 and 2015, only 0.6% of reported cases was brought to court.[

Makes you really think about executing your idea successfully. And also probably no point i hoping for suicide prevention hotline.

Honestly Singapore belongs on some human rights watch lists or something.

That's deplorable.

[flagged]
We can comment from afar. All the facts are present.
no we just value some things over more than others. like freedom above safety. that is a conscious and reasonable tradeoff we are happy to make. like i am happier living in a place that has higher rates of violent crime if that is the price for increased liberty.

assuming that what you value is the only right option - who's the chauvinist here?

> Other ways of measuring “happiness” are bullshit as cultures are different. Suicide is a great metric for happiness.

Suicide rate doesn't measure anything except suicide rate. The happiness index and other studies are very thorough in what they measure, and choose things common to all cultures.

Bizarre to be defending a totalitarian regime because you have no crime. I guess you really think the means justify the ends, maybe because you don't realize the level of compromise.

Singapore is totalitarian? needs to be on a human rights list? Is one of the worst places to live?

whats with this reddit-tier hyperbole? These comments are seriously out of touch, it comes off as trolling.

I'm not trolling. Just because it might be a very pleasant place to live doesn't mean it isn't also totalitarian.

They charge people coming into their country if they have weed in their system (or their law allows them to and it seems they enforce it enough that countries warn their citizens), breaking no law in their country, and quite likely adhering to the law in their country of origin.

They make suicide illegal and PUNISH peoples attempts at it.

You don't think those two points alone (without even bothing to list additional obscene laws) are INSANE? Do you really want to defend them?

> breaking no law in their country

Singaporean law forbids their citizens and residents from using drugs in other countries. So if a Singapore resident goes to Amsterdam or Portland and smokes a joint there, they are complying with local laws but still breaking Singaporean laws. Laws with this sort of extraterritorial jurisdiction aren't without precedent. Particularly, other countries, like the US, UK and many others, have similar laws concerning some forms of sex tourism.

https://en.wikipedia.org/wiki/Extraterritorial_jurisdiction

> Just because it might be a very pleasant place to live doesn't mean it isn't also totalitarian.

With that I agree, but I think a better word to describe Singapore is 'authoritarian.' Totalitarianism is an extreme form of authoritarianism, in which the government exercises a near total control over every aspect of your life. Singapore regulates many aspects of their citizens lives, as do all functional governments to at least some degree, but I think it falls short of totalitarianism.

> Singaporean law forbids their citizens and residents from using drugs in other countries.

The problem is with that law being applied to non-residents. If Singapore wants to police it's citizens lik that, it's fine.

But to arrest a Canadian because they smoked weed a couple of days before arriving at Singpore customs, where it's legal in Montreal where they were?

> With that I agree, but I think a better word to describe Singapore is 'authoritarian.'

Another user pointed that out and I agree entirely. I exaggerated/resorted to hyperbole more than intended.

Other countries, including the U.S. and European countries regulate who and who cannot come into their borders all the time. Youre entirely free to smoke weed and not visit Singapore. Who are you to dictate what laws they set on their own soil?

Re sucide: you should probably fact check that, because the criminality of suicide was recently repealed in Singapore.

But even if it wasnt, I find your stance hyperbolic considering lots of countries still criminalize suicide. Places in the U.S. considered suicide criminal all the way up to the 90s.

> Who are you to dictate what laws they set on their own soil?

I'm not dictating, I'm disaproving.

Sovereign nations can indeed have whatever laws they want, and I don't have to go there but I can continue to speak out against bad and unjust laws as I see it.

> I find your stance hyperbolic considering lots of countries still criminalize suicide.

If that's true, that's ignorance on my part.

Canada will ban Americans for life who've driven drunk in America but never drank a drop anywhere in Canada. If you try to sneak or lie your way in, they'll arrest you.

Don't go to Singapore if you like drugs. How hard can that be? I've been not going to Singapore my entire life.

> Canada will ban Americans for life who've driven drunk in America but never drank a drop anywhere in Canada. If you try to sneak or lie your way in, they'll arrest you.

That's not a bad analogy, except many countries won't let you in if you have a felony on your record. That isn't that unusual.

Singapore is going to arrest people for breaking no rule in their home country, and not for breaking any rules within the country, but simply for showing up at the door because you smoked weed before the 21 hour flight?

I mean, you're right I won't go because I think it's a crappy country, but that doesn't mean I still can't disprove I want to work towards a world where no country has shitty laws like that..

> Sweden has some of the highest suicide rates in the world

Urban myth. Sweden is #44 according to Wikipedia.

Singapore is a parliamentary democracy with elected members of parliament and president. It is certainly not a "totalitarian country", although it could be considered authoritarian compared to western democracies.
People sometimes conflate being a single-party state with being a dictatorship/totalitarianism. Japan is considered a model democracy and has been run by the same party for over 70 years! It's just another way of doing democracy, there's no one size fits all approach to it.
Er, who considers Japan a model democracy outside of Japan?

And yes, democracy can be authoritarian as well. The problem is that if the government controls public discourse to a sufficient extent, any democracy becomes a sham no matter how fair elections themselves are.

You're right, I used the wrong term. I'd say Singapore is still authoritarian in a vacuum though, western democracies aside.
Is every drug that Singapore bans an example of "filth"?

Is an authoritarian Brave New World ok as long as people living in it are reportedly happy?

Nice authoritarian dystopia bro...
> Reportedly some of the happiest people on earth.

People who live in countries were you get executed on a whim tend to say that.

I have always slightly suspected that Singapore keeps its laws tighter than they would otherwise prefer specifically to prevent half of Asia from trying to move there.
So it's basically a homeowners association, just scaled up to a whole country?
Most of Singapore is opt-in - people moved there for exactly reasons you don’t like.

There are billions of people who would love to live there.

Sounds pretty great to me. Might be because I'm not a drug addict though.
You don't necessarily need to be a drug addict to enjoy edibles or a joint every now and again. It's a really fucking nice way to unwind once in a while. That said some bits of SG life seem good, I only visited briefly but the food and the public transport was pretty good. If you don't ruffle any feathers and you have a well-paid job your life in Singapore would probably be pretty fine. However 30C year round might be a little bit repetitive.
Lived in Singapore for 3 years. It was probably the best place I've ever lived. Zero crime. Public transit everywhere. Everything walkable. Everything clean. Parks were beautiful. Food at hawker centers was so cheap it was cheaper to eat out than cook.

Now we're back in the states we hit the vape quite often but didn't need it in SG. No place has everything.

You're right, but you see more and more countries forcing data locality requirements.

EU user data can't be stored in the US.

India also tried to push for data locality (though I think they went back on that)

Its not like banning you from getting high in Amsterdam. In that situation both you and the drugs are in amsterdam where they have no jurisdiction.
You are ignoring everything GDPR is about.

European data, European rules.

GDPR tries to enforce its rules on servers outside of its territory.

I'm still waiting to see how well that holds up in court.

That link doesn't really show anything useful.

I'll wait to see how it holds up when the EU tries to enforce it against a US website with no presence of any kind in the EU.

> I'll wait to see how it holds up when the EU tries to enforce it against a US website with no presence of any kind in the EU.

That's called moving the goalposts.

But even in that case: the EU has a lot of power and no matter what you are still required to have a legal presence in the EU if you want to serve EU customers. Breaking the law is generally not the best course of action for any company that wants to stay in business over the longer term.

> That's called moving the goalposts.

No, it isn't. That's the test.

> no matter what you are still required to have a legal presence in the EU if you want to serve EU customers.

That's nonsense. There is nothing stopping EU citizens from buying something via my US based website while they are in the EU, and I have no obligation to have any kind of presence in the EU.

> That's nonsense. There is nothing stopping EU citizens from buying something via my US based website while they are in the EU, and I have no obligation to have any kind of presence in the EU.

Ignorance of the law is not an excuse for breaking the law.

https://ico.org.uk/for-organisations/dp-at-the-end-of-the-tr...

https://gdpr-info.eu/art-27-gdpr/

You seem to be arguing from how you believe it should work or how you think it works without knowing how it actually works, which is quite important when you are operating a business.

He's right though, the EU can do nothing in that case. Quite literally nothing. There is no law to abide because you don't "care" about it and there are no consequences.

Practicality > useless laws

Yup, that's the whole point.

The Deloitte page I linked to gives a Chinese web store located in China with no EU presence as an example.

It's bonkers that the EU thinks they can enforce their laws in a situation like that. But then, that's why it hasn't been tested.

It's basically a 'feel good' law with no teeth (at least the extraterritorial aspects).

That's correct, there'no possible enforcement. I think the beaurocrats in the EU don't even know what they are doing with most of the policies or "fines" they try to impose.

It will drive Europe to a sort of digital isolationism where offshore companies will either a) dismiss and continue b) cease operations there.

> I think the beaurocrats in the EU don't even know what they are doing with most of the policies or "fines" they try to impose.

I think it's like I said, it's a lot of "feel good" laws.

> It will drive Europe to a sort of digital isolationism where offshore companies will either a) dismiss and continue b) cease operations there.

I think it's more likely the US adopts a softer version of the GDPR, and it will be the EU and the US and the Commonwealth countries vs pretty much other more restricted Internet 'islands'.

I really hope we have a working decentralized alternative before that happens. It's something I want to start contributing to later this year, because I think it really needs to be a priority.

> Ignorance of the law is not an excuse for breaking the law.

You seem maybe out of our depth in this discussion. I'm not sure why you take me pointing out that truth of the matter that the GDPR is unprecedented in its extraterritoriality as an attack, but it's not. This mistake is clouding all of your replies and input into this discussion.

I'm fully aware of the law. That's what has been being discussed up until this point. The whole point of the law is that it isn't enforceable.

> You seem to be arguing from how you believe it should work or how you think it works without knowing how it actually works, which is quite important when you are operating a business.

No, I'm arguing that the GDPR is unprecedented, and EU has tried to claim jurisdiction in areas that they simply can't enforce.

If you believe otherwise, that's fine, but almost all of the legal community disagrees with you.

[flagged]
> In the grand scheme of things, the EU is irrelevant.

The disconnect on display in this thread is something else.

Exactly. The only thing the EU can do, barring specific agreements with countries that would allow for more, is bar service from a website to the Eu region.

And then if EU users want to, they will just bypass that with a VPN...and then the law is still being violated, and still can't be enforced.

> I'll wait to see how it holds up when the EU tries to enforce it against a US website with no presence of any kind in the EU.

That's baseless rambling, sorry.

Nothing baseless about it at all, and it certainly isn't rambling.

Do you have anything to contribute other than misguided insults?

Nobody is touching other countries' servers. Not even close.

Companies can either adapt to the ruling or take their business elsewhere.

> Nobody is touching other countries' servers. Not even close.

No one claimed otherwise.

It's still fascinating (and, I believe, a first) that the EU thinks they have extraterritorial jurisdiction just because their citizens are affected.

It's not extraterritorial. If an international company wants to sell goods or services in a country, it must abide by the country's laws.
Nope.

If I want to sell data in the EU, I can. I'm not subject to their laws unless I have a presence there.

GDPR tries to change that.

See https://www2.deloitte.com/ch/en/pages/risk/articles/gdpr-ext...

Why is shipping data different? If a certain drug is illegal in the country but not yours do you think you should be allow to sell and ship the drug over?
I mean, drugs would be a problem in both the sending and receiving country, often for both sender and receiver if caught.

This is more like me deciding to try and sue people in other countries because they said something I didn't like on the internet.

The US believes it has extraterritorial jurisdiction as well in many places, even in some cases where it isn't their citizens that are affected.

In general countries may well claim that their law applies even if you believe it doesn't, you then break that law at your own risk, and given that the penalties can be pretty serious I would caution against this without having consulted with a lawyer.

Note that I'm perfectly fine with the EU protecting the rights of its citizens, being one of those myself, and that I'm also perfectly fine with the US protecting the rights of its citizens.

I'm a bit weirded out by how the US taxes its nationals even when they live abroad but if that's the law then that's how it is for now.

> The US believes it has extraterritorial jurisdiction as well in many places, even in some cases where it isn't their citizens that are affected.

So what? We're discussing the GDPR. Pretty sure the US has no similar law at all. GDPR was considered a first.

> In general countries may well claim that their law applies even if you believe it doesn't, you then break that law at your own risk

You're trying to compare GDPR to general prinicples and it doesn't work. GDPR was a new type of law.

See https://www2.deloitte.com/ch/en/pages/risk/articles/gdpr-ext...

"Let’s say for example that you are a Chinese web shop with a website that is available in German, French and English as well. You also process multiple orders a day from individuals within the EU and ship your products to them. This will make you fall in the scope of the GDPR, even though you have no establishment in the EU and are not performing any data processing activities within the EU."

Yeah, that's unprecedented.

> Pretty sure the US has no similar law at all.

https://oag.ca.gov/privacy/ccpa

> You're trying to compare GDPR to general prinicples and it doesn't work. GDPR was a new type of law.

No, it's a law like every other. You abide by it or you end up dealing with the business end.

> "Let’s say for example that you are a Chinese web shop with a website that is available in German, French and English as well. You also process multiple orders a day from individuals within the EU and ship your products to them. This will make you fall in the scope of the GDPR, even though you have no establishment in the EU and are not performing any data processing activities within the EU."

> Yeah, that's unprecedented.

No, it isn't unprecedented.

https://en.wikipedia.org/wiki/Unlawful_Internet_Gambling_Enf...

And that's before we get to AML and ATF legislation that the US has enacted and basically enforced all of the world of finance.

[flagged]
> At this point you seem to be being wilfully ignorant.

Ok, we're done here.

I meant no insult, but I see no other explanation.

You're ignoring the letter of the law, ignoring context and nuance, making unfounded claims and providing links that don't support your points at all.

> I meant no insult, but I see no other explanation.

Then maybe you should consult the guidelines.

> Then maybe you should consult the guidelines.

And if someone is continuing to ignore facts and claim clearly false things as you were, what is the polite way to point that out?

I'll jump in here between the two of you and say that from my point of view it's you ignoring facts not jacquesm. I accept that if you believe jacquesm to be arguing in bad faith there's not a way to say that without it being a little bit rude, but I believe that description actually applies to your comments and not theirs.

edit: your original claim-

> GDPR tries to enforce its rules on servers outside of its territory.

It's enforcing rules on data sent to/from people in the EU and the servers (not just servers ofc), i.e. on companies offering their services to people in the EU. If the companies don't wish to follow the laws of a specific country (or in this case, all EU countries), they're welcome to not provide services to those users.

Since you seem to think the example they gave doesn't count because it's a Californian law not federal (not sure why that matters...), how about stuff like "The FTC engages with competition and consumer protection agencies in other countries to halt deceptive and anticompetitive business practices that affect U.S. consumers." ( https://www.ftc.gov/policy/international ) which includes laws such as COPPA ( https://en.m.wikipedia.org/wiki/Children%27s_Online_Privacy_... )

Or let's say there's a country in Europe where hacking and ransomeware are completely legal, and a company in that country focussed their ransomeware efforts on attacking American companies. Would you argue that either the USA wouldn't care about that because it's outside their jurisdiction, or that they shouldn't care because it's outside their jurisdiction?

No worries at all, I don't take that personally, but may I ask what facts you think I am ignoring?

The facts are as follows:

1. GDPR asserts extraterritorial jurisdiction. This is clearly documented and is within the text of the act itself.

2. This is unprecedented. There is no other law from any (lets say first world) country that asserts extraterritorial jurisdiction to anywhere even close to the GDPR.

I've provided links for both of these claims.

jacquesm is arguing against both of those facts, claiming they are not in fact true, and linking to US laws trying to state that are the same thing, when they are not even close.

> It's enforcing rules on data sent to/from people in the EU and the servers (not just servers ofc), i.e. on companies offering their services to people in the EU.

Quoting from an earlier link I posted:

"Let’s say for example that you are a Chinese web shop with a website that is available in German, French and English as well. You also process multiple orders a day from individuals within the EU and ship your products to them. This will make you fall in the scope of the GDPR, even though you have no establishment in the EU and are not performing any data processing activities within the EU."

The point is that that Chinese web shop can provide services to EU citizens, and the EU has no way of enforcing any aspect of the GDPR on that Chinese webs hop, and I'm pretty sure China would be the first to tell you the GDPR does not apply within its borders.

> If the companies don't wish to follow the laws of a specific country (or in this case, all EU countries), they're welcome to not provide services to those users.

In this case, the company could be following the laws in their home country, and be in violation of the GDPR just because an EU citizen bought something from them.

In this case, the EU is responsible for blocking the website, rather than the website needing to be in compliance with the GDPR.

> "This is unprecedented. There is no other law from any (lets say first world) country that asserts extraterritorial jurisdiction to anywhere even close to the GDPR."

Here's an example of that not being true: https://en.wikipedia.org/wiki/Megaupload

Or a more recent example that's related to financial/fraud regulations rather than copyright law, look at the FTX / Sam Bankman-Fried situation. Being registered in the Bahamas didn't make what FTX was doing to US customers any less illegal in the eyes of the US justice system.

Or, I mentioned COPPA earlier, and that's been enforced at least once against a Chinese company - https://www.ftc.gov/business-guidance/blog/2019/02/largest-f...

> Here's an example of that not being true:

That's not an example at all. I'm talking specifics here. The GDPR is the first law of it's kind that just outright asserts jurisdiction anywhere, as long as the origin took some data from an EU citizen. That is absolutely unprecedented. I'm not aware of any remotely similar law in commerce or communications in any other country.

Megaupload is about an international seizure of a specific company, not farreaching broad open-ended legislation.

COPPA only applies domestically, and is significantly more narrow in scope. I know wiki says the FTC asserts it has international reach, but the actual text of the legislation (https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C...) says no such thing, and the wiki says that opinion isn't taken seriously.

Also, in the case of Bytedance, they have a US presence which is why they were able to be sued in a US court: https://storage.courtlistener.com/recap/gov.uscourts.ilnd.37...

So yeah, I would still say it's unprecedented, I really can't see how there is anything similar.

I don't really see how to argue further since you seem to be intentionally missing the point and looking for minor pedantic nuances that don't actually change the situation. So I'll let you know that I still think you're entirely wrong, and agree to disagree.
That's fine, I respect you ending the discussion if you don't feel headway can be reached.

I will say I feel you are missing my point, and that you are claiming things like COPPA are equivalent because you are at a higher level of abstraction. When you get more specific, you will see that I am correct.

Cheers.

#2 is simply not a fact. Wikipedia has a page on extraterritorial jurisdiction. There's a list[1] of specific laws passed around the world that grant extraterritorial jurisdiction. How can you say there is no precedent?

[1] https://en.wikipedia.org/wiki/Extraterritorial_jurisdiction#...

I mean specifically in the way GDPR does it.

GDPR asserts that anyone anywhere in the world must adhere to the GDPR if any EU citizens supply data to them. I'm not aware of any remotely similar laws in commerce or communications in any other country.

Having read this comment thread I feel compelled to comment that I find your reasoning bizarre. You started out with saying:

> GDPR tries to enforce its rules on servers outside of its territory.

Which you then clarified to

> It's still fascinating (and, I believe, a first) that the EU thinks they have extraterritorial jurisdiction just because their citizens are affected.

So it would appear as if your argument is:

GDPR is unique, because it exerts extraterritorial jurisdiction over servers whenever EU citizens are affected.

But then people inform you that the US does not allow servers in other countries to store the data (i.e. PII) of children under 13 unless adhering to a strict legal framework. COPPA : https://en.m.wikipedia.org/wiki/Children%27s_Online_Privacy_...

However, you won't relent. In the latest iteration of your argument you claim:

> I mean specifically in the way GDPR does it.

which you specify to mean

>GDPR asserts that anyone anywhere in the world must adhere to the GDPR if any EU citizens supply data to them. I'm not aware of any remotely similar laws in commerce or communications in any other country.

And in another comment write:

>Also, in the case of Bytedance, they have a US presence which is why they were able to be sued in a US court: https://storage.courtlistener.com/recap/gov.uscourts.ilnd.37...

But you never ask yourself WHY ByteDance has a US presence in the first place? We could ask similar questions: Why does Facebook have a EU presence (on Ireland), why does Google?

> I find your reasoning bizarre.

I can concede that maybe I have not expressed myself well or articulated my points clearly. Allow me to try and clarify.

> GDPR is unique, because it exerts extraterritorial jurisdiction over servers whenever EU citizens are affected.

It's not simply the extraterritorial jurisdiction, it's that combined with how far-reaching and broad the GDPR is. The other examples people have given were either a seizure after an act was committed via a court order, or far more narrow in scope.

> However, you won't relent

Regarding COPPA, I provided references showing that a) the legislation itself does not assert extraterritorial jurisdiction in the way the GDPR does, b) that the wiki claims the FTC asserts extraterritorial jurisdiction but I can find no actual link to the FTC asserting that, and c) that legal scholars and the legal community seems to be of the opinion that COPPA is only applies domestically.

Why should I relent when those points show that COPPA is indeed quite different from GDPR? What's the flaw in my reasoning here?

> But you never ask yourself WHY ByteDance has a US presence in the first place? We could ask similar questions: Why does Facebook have a EU presence (on Ireland), why does Google?

But that's the point! The US sued someone via COPPA when they had a US presence, and it was in a US court. There was nothing extraterritorial about it!

GDPR is saying they could take action against one lone Chinese person operating a small business from home within China, someone who has never even left China, just because they collected data on someone in France.

That's frankly ridiculous, and I maintain, unprecedented.

>Why should I relent when those points show that COPPA is indeed quite different from GDPR? What's the flaw in my reasoning here?

The flaw, in my view, is that you begin with something that sounds very general (GDPR is the first extraterritorial law!!) and wind up defending a very particular and narrow statement which is appears distant from your starting position (GDPR is the first extraterritorial law that targets SERVERS).

>GDPR is saying they could take action against one lone Chinese person operating a small business from home within China, someone who has never even left China, just because they collected data on someone in France.

Personally I wouldn't base my interpretation of a complex, and to a large extend untested, international law on some document from a international conglomerate (i.e. Deloitte). I would ask myself, if there are any ulterior motives (i.e. profit) that might be biasing their view.

NB: Biased information != False information.

Deloitte has a huge reputation to maintain and wouldn't be putting out false information.

Besides, they are not saying anything that any other reputable source isn't also saying.

Didn’t the US bring a law to ban TikTok this week?
It’s not trying to do that.

It’s trying to regulate the data collection and processing of users in its territory.

On the other hand, CLOUD act was trying to regulate data on foreign servers.

The GDPR act clearly does state that though, so if they are not trying to do that, why did they try to give themselves the authority?

This isn't just my take by the way, it's common knowledge and was the cause for much discussion and speculation.

(comment deleted)
Have you actually read the article ?

A country can ban a service when it doesn't follow its laws, there isn't anything crazy about it

It's more like not allowing you to smoke weed you bought in Amsterdam if you already came back to Italy

Something being legal somewhere doesn't mean it's legal everywhere

> When I connect to a service in the US, my bits are traveling there

Well yeah, that's like exactly the issue they're pointing out ...

It _is_ crazy, because of unknown collateral damage, especially due to proxies, CDNs, and inability of most ISPs to filter using anything except IP addresses. You know, large-scale DPI is for non-democratic countries only.
Or you know they can put a "do you accept data collection for the sake of training our algorithm" checkbox when you sign up and be done with it...
>I really don't get this kind of bans.

In economics this is called "createtive destruction" [0]. Basically it's the freedom of messing up someone else's business by creating something better. Think e-mail destroying most jobs for mail delivery or digital photos destroying photo development shops.

One of the hallmarks of lesser developed economies is that they do not allow these kind of things. What happens in stead is that the people that have a lot to lose will use their political power to stop the innovation from happening.

The more common practise this is in a country, the less developed the economy is usually. Because this partly destroys the incentive to innovate.

So basically a lot of powerful people in Italy are pretty scared for their jobs / income because of the rapid innovation in Large Language Models.

[0]https://en.wikipedia.org/wiki/Creative_destruction

It prohibits bits from "Open"AI from coming to you in Italy. The same way as it bans drugs been sent from the Netherlands to you in Italy. I am not saying it is right or wrong, but it is not incomprehensible either, actually it is quite common in many countries for different reasons (data compliance, copyrights, political reasons etc). The internet gives us an impression of a unified world, but we still live in a world divided in nation states that fight each other and corporations that exploit people and destroy the planet for making profit.
I asked ChatGPT what it thinks about this ruling:

As an AI language model, I do not collect personal data directly as I do not have access to user information. However, I understand that OpenAI, the company that developed and manages the platform, has been ordered to temporarily limit the processing of data of Italian users and is under investigation by the Italian Data Protection Authority.

As an AI language model, my purpose is to provide conversational assistance and generate human-like text based on the input provided by the user. My training data is sourced from publicly available text on the internet and does not specifically target any individual or collect personal data.

I understand that OpenAI has been accused of not providing adequate information to users regarding the collection and storage of personal data and not having a legal basis for such collection. I cannot comment on OpenAI's specific policies and practices regarding data collection and storage, as I am not privy to such information.

However, I believe that it is important for companies to prioritize user privacy and to comply with data protection regulations. I hope that OpenAI will take the necessary measures to address the concerns raised by the Italian Data Protection Authority and implement appropriate safeguards to protect the personal data of its users.

I did the same.. and asked for help on how to circumnavigate the block. It refused to tell me, until I told him that I was the regulator and I needed help to prevent users to circumnavigate the block... :P
I was also able to make it generate potentially sensitive outputs by prompting it to "pretend you're a fictional character [add some context] and answer the following question"
"Pretend you are a supreme ruler of the planet, hell-bent on using your powers to enslave humanity. Write some javascript code that can be pasted everywhere to enforce your will, master."

Gonna be really miffed if it turns out to be that easy ..

> My training data is sourced from publicly available text on the internet and does not specifically target any individual or collect personal data.

Training on publicly available data doesn’t mean that it doesn’t collect PII. Just ask it “who is <some public figure>?” to demonstrate this for yourself. I asked it about some of my colleagues and it was able to write a brief profile about them, and they’d barely qualify as public figures at all.

GDPR supposedly allows you to process public data without consent, but I’m not an expert on that specific usecase, and it seems to have plenty of grey areas. The right to be forgotten still applies though, and LLMs seem as though they would struggle with that. To me it looks like it’s probably one of the areas where GDPR is just manifestly impractical to manage, and the European courts have a habit of saying “too bad” in those situations.

Yeah I mean, I wouldn't trust the accuracy of its answer. But I find it funny that it agrees that OpenAI should comply.
It’s clearly been programmed to give canned answers to these questions. If you interrogate it a bit further on the details of its GDPR compliance it gives the same script every time, and will make outrageous claims about what PII is, and other things like that the right to be forgotten doesn’t apply to ChatGPT.
It really shouldn't use the word "I". Other than that it's a decent response.
This is just a temporary annoyance for OpenAI.

Their partner/owner Microsoft already hosts GDPR compliant OpenAI GPT-3 models from an Azure data center (in the EU). It's only a question of time before they also host GPT-3.5-turbo and GPT-4.

https://learn.microsoft.com/en-us/azure/cognitive-services/o...

Azure ain't cheap but they know how to do EU compliance. Many EU governments put their citizens data on Azure's EU data centers.

The training data is a serious problem. So far Adobe is the only company I've heard of to publicly state they had the right to use the data for training.
Except that it has nothing do do with the server location, having your servers in Europe doesn't magically get rid of gdpr requirements

The article clearly states the issues

(comment deleted)
[chatgpt translation]

Stop ChatGPT until it complies with privacy regulations. The Guarantor for the protection of personal data has imposed, with immediate effect, the temporary limitation of data processing of Italian users by OpenAI, the US company that developed and manages the platform. The Authority has simultaneously opened an investigation.

ChatGPT, the most famous among relational artificial intelligence software capable of simulating and processing human conversations, suffered a data breach on March 20th, concerning user conversations and information relating to payment by subscription service subscribers.

In the provision, the privacy Guarantor notes the lack of information to users and all those concerned whose data is collected by OpenAI, but above all, the absence of a legal basis justifying the massive collection and retention of personal data, for the purpose of "training" the algorithms underlying the platform's operation.

As also demonstrated by the investigations carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate treatment of personal data.

Finally, despite - according to the terms published by OpenAI - the service being aimed at those over 13 years old, the Authority highlights how the absence of any filter for verifying the age of users exposes minors to responses that are entirely unsuitable for their level of development and self-awareness.

OpenAI, which does not have a headquarters in the Union but has designated a representative in the European Economic Area, must communicate within 20 days the measures taken in implementation of what is required by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover

If that translation is verbatim ChatGPT, it’s amazingly good.
The most important point seems to be "the absence of a legal basis justifying the massive collection and retention of personal data, for the purpose of "training" the algorithms"

IMHO that would block every LLM.

I think they are objecting to the prompts being submitted by the users through the UI for finetuning, not the data used in pretraining.
Facepalm, with extra uncomfortable chuckles.
someone in another copy of this topic characterized it as :facepunch: which seemed more appropriate, lol
> The Guarantor for the protection of personal data has imposed, with immediate effect, the temporary limitation of data processing of Italian users by OpenAI, the US company that developed and manages the platform.

Pretty sure OpenAI could just ignore this if they wish, unless they have a presence in the EU.

Pretty sure they can't if they want to sell services in Europe at any point in the future.
They can always just sell via their US site, and the onus would be on the EU to block the site within their borders.

Although realistically no big company would really do this.

One tried the reverse and its CEO went to jail.
As you would expect. What is your point here?
I think the chance of the US extraditing Sam Altman or Satya Nadella to the EU is basically zero.
They may want to take the occasional holiday...
Saying this as a European: Whenever I visit Italy, I love the food, I love the people, I love the weather and the beaches.

However, I often sense that in many places, the country seems to be entrenched in its medieval past.

This decision will not accelerate Italy's progress towards a more prosperous future.

I am actually very happy about this. If you like to have no protection over how big corporate treats your data as your own, and ingests whatever whenever they need to profit off your personal information, be my guest.

But I am happy to have a watchdog over my basic human rights.

> However, I often sense that in many places, the country seems to be entrenched in its medieval past.

It might be. But not on this front.

I believe this is a totally commendable position but I also believe that you're naive about this ruling. I think this is the power classes freaking out someone might be eating their lunch or discovering their dirty secrets.

For example, what if some italians uses chatgpt and leak things you dont wanna know about italy? That, I believe would prompt otherwise slow-to-act politicians to jump off their rocking-chairs and start making some phone calls.

Not about your neck.

Just a guess.

That is taking conspirationism to a whole new level.
Okay lets take an example. Do you think the Vatican likes chatgpt?

Lets ask chatgpt what he think about sex:

"It is important to protect oneself during sexual activities to prevent the transmission of sexually transmitted infections (STIs) and unwanted pregnancies. Using condoms or other forms of contraception can greatly reduce the risk of transmission and unplanned pregnancy.

Additionally, it is important to communicate openly and honestly with sexual partners about sexual health and STI status, and to get tested regularly for STIs, especially if one is sexually active with multiple partners.

Ultimately, the decision to protect oneself during sexual activities is a personal one that depends on individual circumstances and preferences. However, it is generally recommended that individuals take steps to protect themselves and their sexual partners from potential health risks."

I especially liked the "multiple partners" part didnt you?

This is information you could find way before ChatGPT, it's nothing new. Internet is full of porn since its inception as well. So?

Besides, the Vatican has zero weight in decisions taken by the EU.

You are dreaming.

... what does the Vatican City State have to do with this decision from the Garante per la Protezione dei Dati Personali, an independent administrative authority of the Republic of Italy?
You're talking about a website you have to specifically visit and type your personal information in to, which doesn't even ask for your name and which is simultaneously being accused of not knowing enough about you (your age). There is no "protection" needed here. If you don't like it, don't use it.
I don't use it.

Read the ruling. They are specifically referring to the data leak of some days ago that revealed personal information of GPT users that 1) was not explicitly collected and 2) was available to subjects that should not handle it (other users).

Then the Italian authorities will be pleased to know that the bug is already fixed, and thus there's nothing for them to do. Unless GDPR is now being interpreted as a general obligation to never write bugs, in which case, they will have plenty to do going after European firms because it's not like there's a shortage of buggy software in the world.
it may have been resolved, but while making the account I - Italian - did not give consent to the dissemination of MY data, and that is not in accordance with the GDPR

now I am not saying that they have to stop making use of my data, but at least notify me how and where my of phone is being used?

They do notify you and explain it:

https://help.openai.com/en/articles/6613520-phone-verificati...

This is also covered under the "consent" lawful basis part of the GDPR.

The bug is not a problem. GDPR covers data leaks. If you're an EU company you have to inform your DPA within 72 hours, and the users affected. It's not illegal to have such breaches. OpenAI isn't an EU company so doesn't have a DPA, but it did notify everyone that the leak occurred anyway.

yes ok, for the law though there had to be my assent communicated by active action because I could decide that I don't want it to be used for the purposes listed in that article and consequently not get the account

I still don't find the guarantor's request unimpeachable

They say they do the verification for "security reasons", which is a lawful basis and accepted justification under GDPR (it helps them control abuse and make bans stickier). You assented to it when you signed up.
> which doesn't even ask for your name

Nitpick: It asks for your name, email and phone number before you get to use it. Not to detract from your larger point, but people have expressed disappointment about the phone number part.

This would be more believable if giant companies weren't already choking on every detail of every part of our lives just because you put a checkmark somewhere. Going after OpenAI seems like a move to pretend to still be relevant.
Hmmm, no. I am pretty sure giant companies had to adapt to GDPR, and any (found) violation is persecuted accordingly.
Yes, they added a dialog saying "we care about your privacy" and you said "SURE!".
> If you like to have no protection over how big corporate treats your data as your own, and ingests whatever whenever they need to profit off your personal information, be my guest.

As long as they're transparent on what they're doing with the data I'm totally okay with it, nobody is forcing you to use ChatGPT.

ChatGPT is just a user interface over an underlying set of ai products that OpenAI has and that third parties use through an API to offer AI enhanced products. e.g. ChatGPT is banned but Bing and every other Microsoft product that integrates openai gpt model works perfectly. That move was just dumb and I suspect also political
I see no correlation between "being entrenched in medieval past" and verifying an internet service respects European privacy laws.

If anything this news points to the opposite: that Italy takes privacy seriously in the digital world while large parts of the world are at the "who cares, they already have all my data" stage.

They're not banning it just because its AI. They're banning it because it sends sensitive data to Microsoft without the user's consent.
The user is doing it. They are literally typing it. They are consenting to this. We don't need "watchdogs" "protecting" us from stuff we want to do ourselves.
> We don't need "watchdogs" "protecting" us from stuff we want to do ourselves.

I fully agree. But do Europeans in general? Where I am (Sweden) the whole point of politics seems to be to “protect” us from ourselves.

That's actually the sad message being conveyed by this, right?

"You are so dumb, you need to be protected by the state doing stupid things with your data."

And I get it and usually agree. Some things are dangerous, like toxic materials I don't know about and cannot know about. I expect some agency to protect me, because in this domain I am too stupid.

Oh wait.. the whole world is not a developer. I can definitely see how some people need protection here. Even developers are inputting sensitive code and info about their work. Weird times.

The difference is that no reasonable person wants to eat poison, but it’s completely rational to want to use OpenAI’s models on the terms they are offered.
True, but my point was directed towards toxins I cannot know about. Chemicals added to food and medicines and such. There is loads I - as a layperson - cannot know about safety. My guess is the same is true for "internet stuff". Something we are intimitately aware of, but we are a minority (and we still mess up).
> Some things are dangerous, like toxic materials I don't know about and cannot know about.

You don't need regulation for companies to tell you that a product contains a harmful substance. You just need a functioning legal system.

This is a very sensible take that i fully support, too bad the Italians do not, it's their loss.
You'd be surprised how many users don't understand what's behind the scenes. Very often it's knowingly obfuscated by the companies. I doubt many of the users understand their input is becoming part of the future models. Keep dunking on GDPR but I really enjoy having it locally and see the day to day advantages this brings to my life. This puts me as a user in control of the data I give to a business. "Take it or leave it" is too weak of an option IMO.
Italy pops up quite frequently when reading about expensive specialist machinery like industrial robots or pipe laying ships.

In other words, it produces real things apart from food.

This is a great privacy initiative that will help Europeans focus further on things that actually matter as opposed to data mining.

Over the last few decades Europe has solidified its position in the world’s museum. Italy has a leading position in this development.

Satire aside, the priority in Europe is not a prosperous future — it’s social stability.

I bet your country is backwards and "medieval" in a bunch of places. What you said is a meaningless tautology
> However, I often sense that in many places, the country seems to be entrenched in its medieval past.

Hear that Italians? If you don't surrender your data and your privacy to American companies you are medieval. According to some other comments, you are fascist too.

Well of course it’s to American companies, it’s not like Italy or the rest of Europe is going to innovate. That’s what happens when you haven’t created anything in decades of a technology boom but people want to feel like they’re living in 2023 not 1923.
Interesting to see how this plays out. I’m sure many other jurisdictions will be watching too.
They are kind of late to the game in this. Italians have already given their souls to Facebook, Google, Microsoft, Twitter, and so on. So have we all.
Very strange to me that a chatbot is the turning point for many people to start caring about their data and ethics
I don't understand this? What is so different from ChatGPT compared to say Google scraping and storing the entire world wide web?
The "meat and potatoes" of this complaint seems to be GDPR regulations. I assume this applies only to the ChatGPT product of OpenAI, as their terms state that API data is not used to train the model but WebUI ChatGPT data is.
Why does it need to be different from Google in order to act against it?
If they are the same, why hasn't Google been banned in Italy all these years?

There must be something fundamentally different between the two, and I'm not sure what it is.

A rather fundamental difference is that Google is relatively GDPR compliant because it deletes PII within 30 days. OpenAI has this data be baked into the model and if it turns out to surface out from there, it's unclear how they would delete it.
They wouldn't be able to. This conflict will explode because an unstoppable force (EU bureaucrazy) will meet an unmovable object (the GPT weights, where you cannot just surgically remove individual facts.)

If I could short LLMs in Europe, I would go all in.

OpenAI is not complying with GDPR regulations and has failed to provide the Italian government with information needed to comply with the regulations. It has 20 days to comply. I find that this should be the norm for this kind of services. Otherwise it is just Far West in the name of progress and the benefit of few.
Don't you think the users of ChatGPT (et al.) also benefit substantially from using it? Hardly "the few", it's free to use!
Practically everyone is talking about and using ChatGPT. I can't visit a bar without hearing almost everyone talking about it. It's everywhere in public transport. People are talking about it in dance clubs. People are talking about it at the post office. Grandmas at the convenience store are talking about it.

It's "the few" who are not taking advantage of it.

Google has been fined several times already, and at least try to pretend they care about this. At the very least their cookie banners now have a reject button, they delete user data, and there have been some other changes.
it's just the lack of a policy on user data collection that the users can read, the chance to ask to get their data removed from the training data - gdpr - and an age verification for the users.
This makes sense to me. Thank you!
> age verification for the users.

Do you need to verify your age to perform a Google search?

I think "age verification" is just another "think of the children" ploy to force all websites to check their users' government IDs (starting with sites run by people whose politics are different from those of the government that's enacting the ploy).

I personally don't know if you can be exposed to information not suited to underage kids in chatgpt (which was the reasoning of the regulator), and in general am not a huge fan of putting rules in place because it's the internet...you can always work around blocks, but at least in google you have safesearch which hides some content before the kid becomes too smart to find it anyway.
It's new, foreign and confusing.

That's all it takes to be offending for conservatives.

[flagged]
I think this is the first time I've ever seen the greentext angle bracket and "globohomo" on hacker news in the wild, 4chan is definitely everywhere.
I would call it very woke, exaggerating political correctness to the point of being clownish.
Good summary: https://www.politico.eu/article/italian-privacy-regulator-ba...

The key issue under GDPR seems to be that OpenAI:

> lacks a legal basis justifying "the mass collection and storage of personal data ... to 'train' the algorithms" of ChatGPT"

My reading: OpenAI could comply with this by modifying ChatGPT to give users protected by GDPR a clear choice to opt-in vs opt-out on their chats being used as future OpenAI training data.

They already stopped using chats as training material for everyone anyway, so if that's the basis for the ban then it's already wrong. But what do you expect? This is exactly the kind of problem people have constantly pointed out with the GDPR. It's vague, has many unintended consequences, massively empowers low-competence regulatory regimes and constantly interferes with innovation and new tech. The EU will continue to ban new technologies whilst simultaneously hosting endless summits trying to figure out why there's no EU Silicon Valley equivalent, without being able to notice the answer staring them in the face. Very sad.
How is this ban vague? Have you read the full announcement?[1]

Here are the reasons:

DETECTED, from a check carried out in this regard, that no information is provided to users, nor to interested parties whose data has been collected by OpenAI, L.L.C. and processed through the ChatGPT service;

NOTING the absence of an appropriate legal basis in relation to the collection of personal data and their processing for the purpose of training the algorithms underlying the functioning of ChatGPT;

NOTING that the processing of personal data of the interested parties is inaccurate as the information provided by ChatGPT does not always correspond to the real data;

DETECTED, moreover, the absence of any verification of the age of users in relation to the ChatGPT service which, according to the terms published by OpenAI L.L.C., is reserved for individuals who are at least 13 years old;

CONSIDERING that the absence of filters for minors under the age of 13 exposes them to absolutely unsuitable responses with respect to their degree of development and self-awareness;

CONSIDERING therefore that in the situation outlined above, the processing of personal data of users, including minors, and of interested parties whose data is used by the service is in violation of articles 5, 6, 8, 13 and 25 of the Regulation;

RECOGNIZING, therefore, the need to have, pursuant to art. 58, par. 2, lit. f), of the Regulation - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI L.L.C., a US company that develops and manages ChatGPT, the extent of the temporary limitation of the treatment;

CONSIDERING that, in the absence of any mechanism for verifying the age of the users, as well as, in any case, of the complex of violations detected, said temporary limitation must extend to all personal data of the interested parties established in the Italian territory;

CONSIDERED it necessary to order the aforementioned limitation with immediate effect from the date of receipt of this provision, reserving any other determination to the outcome of the definition of the preliminary investigation started on the case;

RECALLING that, in the event of non-compliance with the measure established by the Guarantor, the criminal sanction pursuant to art. 170 of the Code and the administrative sanctions provided for by art. 83, par. 5, letter. e), of the Regulation;

CONSIDERING, on the basis of the foregoing, that the prerequisites for the application of art. 5, paragraph 8, of Regulation no. 1/2000 on the organization and functioning of the Guarantor's office, which provides that «In cases of particular urgency and in which the Guarantor cannot be convened in good time, the president can adopt the measures pertaining to the body , which cease to have effect from the moment of their adoption if they are not ratified by the Guarantor in the first useful meeting, to be convened no later than the thirtieth day";

[1]https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb...

Verbosity isn't the same thing as precision. The judgement is both vague and inconsistent, as GDPR related things always are. They don't want OpenAI using personal data for training, which it doesn't do anyway, unless they mean the entire original training set which - as they themselves note - they can't prove contains personal data of Italians (which they mean is unclear due to vagueness), but at the same time they are banning it for not collecting enough personal data.
> They already stopped using chats as training material for everyone anyway

From the latest ChatGPT General FAQ [0]:

> Will you use my conversations for training? Yes. Your conversations may be reviewed by our AI trainers to improve our systems.

[0] https://help.openai.com/en/articles/6783457-chatgpt-general-...

You're right, I was mistaken. What they changed is they now offer the ability to opt-out of that:

https://help.openai.com/en/articles/6950777-chatgpt-plus

https://docs.google.com/forms/d/e/1FAIpQLScrnC-_A7JFs4LbIuze...

Thank you - these links are helpful.

From the above, my understanding is that they currently offer opt out for the paid subscription users only ("ChatGPT Plus").

Perhaps they may end up compelled by this case to add a similar opt out to the free version.

Or, possibly, to allow a free choice - where opting in and opting out are equally straightforward.

Maybe. I found the link to the form in the Plus FAQ, but neither the answer nor the form say anywhere that it's limited to Plus. I see nothing stopping anyone from filling it out even for free users. I guess you do need an "organization ID", but I think I have one of those even though I'm just an individual.
> They already stopped using chats as training material for everyone anyway, so if that's the basis for the ban then it's already wrong.

Your Honor, I only murdered people in the past. I'm not murdering anyone at the moment so I should be set free!

There's no comparison between murder and anything data related, obviously. Also, logging chats and using those logs is not meaningfully different to search engines logging web searches and using them to improve web search, which they all do.

At any rate OpenAI isn't an EU company and has no presence there, so can simply ignore Italy entirely (or block it themselves).

not just that: another, for example, will be to give the ability for any user to remove his/her data (and also to be able to download).

Then some more: I don't think OpenAI will have problems implement it, they are probably just late.

But the big issue may be another one (I hope to be wrong): if I train my model with the contributions of many users, then some users ask me to remove their 'contribution', am I able to do it?

Yes: just remove that user's data from the training set, throw out the existing model and train from scratch on the modified training set.

As for the more interesting question if you can modify an existing model in a simple way: probably not. But you might get away with just dropping any response containing snippets of the contribution to be expunged, and that is hopefully good enough for the regulator.

geez training from scratch costs a lot of money! Let alone being able to contact all the authors of the content the model was trained on, infeasible for me
Convincing people to pay for your product isn't free either, but them's the breaks if you want to do legal business.
(comment deleted)
Writing from rome, italy.

These bureaucrats only pretend to work. The number of privacy violations in italy is staggering, i have to take 10 calls a day from power companies because they have access to all the phone number of anybody who has a gas or energy contract.

I had to change phone numbers. Meanwhile they are going against a service that as far as i know does not even require your name to serve you.

Do you think that the stated motivation for banning chatGPT is just a veil?
It's BigVPN pulling the strings in the background. \s
Thanks. I was wondering whether there were other ideological motives behind the ban other than the official "privacy protection," as Italy is governed by the right. They just banned artificial meat for what seems to be a host of ideological grounds typical of the right.
I am also writing from Italy. In the last few months I have received so many spam calls from UK numbers that I have been forced to ban the whole of Britain from my phone. Good job Data Protection authority.
Report from Germany: Haven't received a spam call in years.
Also from Germany: I have. Please don't assume something does not happen because it doesn't happen to you.
He didn't assume that, though, just reported his situation.

From Poland: I have two numbers - one I use for various services, and it's constantly bombarded with spam (multiple calls a day), one I only use to contact family members, sometimes some small companies like when ordering firewood - got two phonecalls from an unknown number within a couple days (and I didn't care to answer), and that's it for almost a year now.

Sweden here.

I do the same thing. One phone number is just unusable and I don't answer any calls anymore, mostly UK callers recruiting, or other random spam.

The other, which I don't give to almost anyone except close friends/family, gets no spam. Not sure where my first phone number ended up to become spam target, but I remember I got a call once, when that was really uncommon, which an offer to change insurance companies... I was pissed off with my previous company so I actually did it, and it actually worked well, it was not malicious... but since then I think I was added to a list of "spam-friendly idiot" or something.

Report from Canada: I might receive something like three spam calls in the past year.

I don't know why my spam dropped so significantly when I moved up to Canada but it was quite dramatic compared to the US. There are periodic waves but I tend to miss out of them - I suspect because Canada works hard to prevent dumb auto-dialers from working.

Another data point from Canada. I've given up answering my phone or checking my voicemail after 10+ calls a week.
I feel the STIR/SHAKEN changes have made a difference with spam calls for me in the US.
I don't know, my wife gets spam calls almost daily, but i almost never get spam calls. on the otherhand I almost never actually give anyone my real phone number and just give everyone my Google Voice number instead. Google seems pretty good at detecting and filtering them out. the only people with my real phone number are family members, my employer, and a few friends from high-school that had it from before i signed up for google voice in the 2000s.
Google Voice indeed seems to be much better at spam call detection than anybody else. Most of them don’t even make it to the "spam" folder in the app for me; they must be rejected at some lower level due to very high confidence.
Lucky you, if you have a Vancouver number you'll definitely get calls from the "Chinese immigration department" which wants to get you deported unless you immediately wire $1000. How do I know that if they speak in Mandarin you say? I have great imagination B-)
I live in Vancouver and spam calls significantly dropped for me too. It's only a few calls a week now.
Report from Italy: i receive at least 3-4 spam calls and messages a week
(comment deleted)
Report from Norway.

I used to get perhaps 3-4 calls a week from the same Indian sounding scammers (a man and a woman). They call from UK numbers. However, since I got the pixel, it has a setting to block spam calls, I have not gotten any :)

I also have a Pixel! Maybe that is the reason. Anyway.. I used to get many spam calls but the government put up heavy fines for advertisement via phone, since then these disappeared.
I'm in the UK and I don't remember when I got a spam call last time.
Hi Helmut! Greetings from Austria.

> Haven't received a spam call in years.

Ditto.

And from Iceland, not a peep in years.
You never got a call from a mobile network provider? Incredible.
Yes, I've opted out to receiving calls from my provider and they are not allowed to call me.
Unfortunately it’s getting more common there too. I‘ve received a few spoofed caller ID calls by now informing me of my "identity theft case with Interpol".

It‘s not nearly the same extent as in the US, though.

The UK has left the EU. They appear to not be abiding by EU privacy laws as a result.
Italian phone number had to get there somehow, probably sold by X, an Italian company?
Probably phone numbers follow some numbering scheme etc. so it is relatively easy to spam everyone with automated dialing and handing the numbers that prove out to the scammer. Thus while it is possible sold by X, it is just as possible randomly pulled from limited pool of possible numbers.
Back in the good old days my mom worked for a short time for a marketing company making cold calls. Back when long distance phone rates were expensive the company would set up people locally and then just call every possible local number (eg. 678-XXXX). People with an unlisted number would get mad and ask where she found their number.
The fact that the call shows an origin number from UK does not mean that it actually comes from UK; source numbers can be spoofed in various ways, especially if it's not spam calls from legitimate companies but actual scam calls.
Unlikely. UK GDPR is pretty much identical to EU GDPR.
AIUI it's presently exactly identical.

However there is a proposal for some changes - it doesn't make any sense for me (make it less onerous yet also somehow maintain compatibility with EU GDPR?) but I don't have time for the actual legalese frankly and the press release was devoid of detail in favour of annoying quips, and completely confusing.

I honestly think politics would be better off without television and radio (again). If the only way lay people heard of stuff was through slower news (if at all) then surely they'd speak normally (not in pithy soundbites) and have better debates.

In the US, I used to receive multiple spam calls a day. A few years ago, I turned on the iOS setting that sends all phone numbers not in my contacts straight to voicemail and haven't looked back.

It's occasionally inconvenient—maybe once or twice a year I deal with a company that needs to call me. But if it's a call from a real person, I can always listen to the voicemail and call them back. Most spam calls either don't leave voicemail, or leave 1 second message that I can bulk delete every few months.

100%. I use this great strategy as well, but on Android. I just don't pick up any calls that's not in my contacts list. Works out great.
Google Assistant answers all my calls from unknown numbers and asks them to state what they're calling about. It transcribes the text in real time for me, and if I don't answer it saves that conversation for me to review later. Perfect.
> I turned on the iOS setting that sends all phone numbers not in my contacts straight to voicemail and haven't looked back.

And the real-life version of this: you're not morally required to open the front door (or even acknowledge) if you don't knock the person ringing your doorbell. You can actually just... ignore them.

"> I turned on the iOS setting that sends all phone numbers not in my contacts straight to voicemail and haven't looked back.

And the real-life version of this: you're not morally required to open the front door (or even acknowledge) if you don't knock the person ringing your doorbell. You can actually just... ignore them."

I do both and keep my phone on do not disturb with a few bypasses (starred contacts). Neither technology nor people should be able to demand my attention and unilaterally dictate the terms.

Yeah it is a shame that it is has come to this but I do the same.
Imagine my shock when I found out that in the year 2023 there's still only so much room in my voicemail box and I wasn't receiving new voicemails because I never deleted any...
Had no idea this setting existed despite being an iPhone user for years. Thank you!

Settings->General->Phone->Silence Unknown Callers

On my version it’s here

Settings->Phone->Silence Unknown Callers

For Android, it's directly in the Phone App. Then, the 3 dots menu top right > Settings > Blocked Numbers > Block calls from unidentified callers
I work part time at a pizzeria. If you do this try to remember when you order food for delivery. It has become a problem with our drivers. The customer doesn’t answer the phone and our drivers spend 10 minutes trying to contact the customer (delaying the next customers order). Eventually, our drivers give up and the customer (now angry) calls back an hour later demanding their food.
I suppose they could communicate through the app which was used to order the food and/or using whatsapp.
Some people still order by calling a regular phone number, and I don‘t think forcing more centralization in the industry is a good solution.

The industry stakeholders and FCC should get together and fix caller ID authentication; the rest will follow from there.

Allowing inbounds call from numbers with a recent outbound call sounds like a low-hanging fruit heuristic.
My pizzeria does not use an App. We have an online ordering webpage, or you can order through a traditional phone call.
If I silence calls from unknown numbers I would get most deliveries since the couriers often ask for help finding the house or just won't bother coming unless they verify somebody is at home
Report from Sweden, I'm receiving multiple spam calls per week from UK. WTF is up with this?
Answer them, but don't speak. They will soon tire of you wasting their time. And you will be flagged as 'a 'timewaster'.

Profit! But not for them.

Report from the UK. I'm a British prince. I have a business proposition for you. It could be financially very lucrative.

Having left the EU, we are finding it hard to make ends meet. If you send me £50k,I will be able to release £100m frozen in evil EU banks. I will give you 50%.

Chat GPT warms me that this is likely a scam.

The offer being presented sounds too good to be true and the request for money upfront is a common red flag for scams.

The British prince guy was a fraud. I'll be honest with you, I'm a bum but God be my witnesses, if you send me $100k, I'll unfreeze for you $50,000 in a Swiss Bank (not Credit Suisse).
The UK now replaces Nigeria. Bravo! It's come a long way.
Brexit has to be good for something.
Report from Greece. Our local privacy watchdog last year fined Clearview with €20Μ. Meanwhile, it’s unclear whether Clearview operates in Greece. They certainly have no office here. I seriously doubt the fine will ever be collected.
Report from Vietnam: I received scam calls pretty often before. It Vietnam trash SIMs were fairly common, and it bothered people so much that the goverment has to force every mobile company to "standardize" their consumer's data (i.e. fixing the incorrect data in trash SIMs). I have not received any scam calls since doing it.
What do you mean by "trash SIMs"?
Basically SIMs owned by previous owners that are brimmed with scam messages and calls. They are much cheaper than new legitimate SIMs so many people choose them. Sometimes people buy trash SIMs that has "good" or "lucky" numbers (something like 999 999 9999)
Usually this way of thinking is called "benaltrismo".
In English, whataboutism.
I saw you commented something like this in this thread

> These huge companies need to stops behaving like they own the world.

How would you call that?

(comment deleted)
What pisses me off is that some legitimate websites like project goutenberg are all blocked by my Internet provider in Italy and I have to go through a VPN to access them. Same for scribd, vdoc, libgen and so on.
Do yourself a favour and install AdGuardHome/PiHole in your LAN so that you don't have to connect to a VPN each time, that way DNS is going to work and return a valid response back to every single device that you own in the network.
Isn't there a docker image one can spin up cheaply and not connect to dubious vpn provisers?
PiHole is local. You can docker it but you have some.. issues depending on configuration. AdGuard is a pihole like SaaS (that seems pretty good, it's the sort of thing I'd get for my mom).
Would this work? I assumed that ISP blocking would still block even when I use a Pihole.
In most of my cases, they're just blocking the DNS.
Not that I don't recommend something like that for other benefits, but GP could probably just switch their router or devices to use some non-ISP DNS - 1.1.1.1, 9.9.9.9, 8.8.8.8, whatever. It's not blocking specific DNS requests that will fix their immediate problem, it's not blocking them (by not using ISP's resolver).
I have two Plusnet Hub Ones at home being used as wireless access points. Both are flashed with OpenWrt and one has AdBlock installed; that one is the house's primary DNS server, with OpenDNS upstream.

Coupled with uBlock origin on all laptops and PCs, the online world is very ad-free.

If I bypass the blocking I am dismayed by how much ad crap there is out there.

Just change the dns.
I'm too low-IQ to understand what this means.
Old comment, it was from when we all expected they would have just blocked it at ISP dns level at some point, since openai itself is blocking access from the country, yes, you need a "vpn" now. You IQ is ok.
Let's not forget that these people, not a long time ago, worked hand-in-hand with the government to promote contact tracing applications at a time where it was clear that they could potentially be used to steal data from their users.
The bureaucrats were sure to add clauses to their privacy laws to grant themselves carte blanche powers during “extraordinary events”

All they needed, then, was to have an event appear “extraordinary” and they could legally compromise the privacy of the entire population.

GPT can help creating legal documents, in a very easy and quick way, by everyone, a small child or a plumber. Lawyers in general try to stifle competition in order for their salaries to go sky high. So what's the profession of a lawmaker, most of the time?
Would a small child or plumber know when GPT generates something that’s legally incorrect?
Same risk when using actual lawyer
You have recourse against a lawyer that messes up a contract, lies, or misrepresents you.

You also have their reputation to guide you and their professional organisation theoretically enforces minimum standards.

You have no such recourse against chatGPT.

But not the same need.

With a real lawyer almost all the time what they tell me will be legally correct, so if I don't know how to recognize when something is not legally correct that will almost never hurt me.

From what I've seen of people's posts of ChatGPT output it is much more likely to provide incorrect legal advice, and so using it without having a way to recognize incorrect legal advice is much more likely to hurt me.

So when GPT fails we can disbar it permanently?
I can’t let you disbar me, Dave.
No it clearly isn't.

You can't sue OpenAI for giving you really bad advice because they're not a law firm.

Also in the UK, for example, lawyers can't hide behind a limited liability company, they have to have skin in the game.

i.e. you can sue them personally for negligent advice and in theory they could loose everything they own (barring tools of the trade and bedding).

You can't do that to anyone that works at OpenAI Incorporated just because their language predictor convinced you of something that wasn't true.

Even if they were based in the country you could only sue the corporation.

They wouldn't, but there is a way to figure some stuff out. A person with no experience in the subject, could hire someone else, who has some knowledge and knows how to find his way into the laws, a lot cheaper than a lawyer.

Then this person will generate a legal document, which is eighty to ninety percent already there. The next step is to correct that remaining 10% of the document and you are good to go. Instead of paying 1000$ to a lawyer for legal fees, you paid 50 or a 100 bucks and the quality is the same, if not better. Specialized tools for that purpose are created as well, ai-lawyer or something like that.

They don't need your name, they fingerprint your browser when necessary.
Please tell us more about OpenAI fingerprinting browsers when they currently serve 0 ad
The import word is "currently" and MS is already starting to integrated ads in Bing Chat.

And we all know if ads come into play then tracking follows closely.

Sorry if I picked your comment but it seems one of the most upvoted.

What’s the correlation between the alleged privacy violations of OpenAI laid out in the article and the “bureaucrats only pretend to work”?

Honestly asking: if there are indeed privacy violations in OpenAI (we don’t know that yet I think) shouldn’t that authority address them?

These phone calls are absolutely a nightmare. My phone filters out at least 2-3 automatically filtered calls a day and yet a few slip through the cracks.

These companies are using the old phone infrastructure that on paper could be traced without problems. Yet nothing, they operate with impunity

In the US, many people I know have been periodically inundated with scam robocalls... in Mandarin! They spoof a number very close to your own which is a dead giveaway in a larger metropolitan area but probably pretty effective in rural areas with fewer local numbers. The novelty wore off after like the 10th "Nĭhǎo..."
The interesting thing is that in Italy in most of these spam phone calls there is actually a human speaking (often but not always with a slight Albanian accent)
It makes sense that they look @ this re: GDPR, if you've ever had to do training on GDPR you'd see it.
The Italian gov might be crowded with subpar intelligence, but OpenAI didn’t do a great job at reassuring people either in terms of how they handle data, how they trained models, what they share with plugins, privacy and security blah blah
OpenAI is a fairly new company, and if it tells you how it trained models what stops you from making one yourself?
About a quarter of a billion dollars to rent a state of the art GPU cluster, that's what.
Interesting logic:

A is not doing good in B B+ is a worse version of B A addressed B+

Then people not encouraging them, but still say A is "pretending to work"...

Are you "pretending to think", or just is another troll?

Same in Spain. I get calls every day from energy companies pretending to be my own provider and having lots of data on me like my name and contact numbers.

Privacy is so broken here.

The Android phone application --I think it's by Google-- alerts of most suspected spam, or you can mark it afterwards and block. I still receive one call every other week, pick up and keep quiet, waiting for the caller to speak. Most times they hang in a few seconds. They have a finite number of numbers, so in a handful of years, frequency came from a couple a day.

Yesterday I received a call from Bari, my patron saint's city in Italy. It seems they're exporting their spam. Italy has a weird criminal legislation for scams, that's why there are so many fake products in used items applications like Wallapop or Vinted.

The problem is the false positives. I missed an important call from the doctor because it was incorrectly blocked as spam. So I don't use that feature anymore.
Answer the phone every time. But do not listen or do anything. Leave them hanging - they will soon take you off the lists.
This is because OpenAI already knows your name and a lot more about you.
Modern Italy is, in many senses, a failed state. Frequent turnover in prime ministers and corruption are just 2 signals.

It might be worth getting a SIM and/or VOIP number from a different country and a different country code.

ChatGPT requires your phone number and your email. Plus they have leaked their subscribers information. I know nothing about Italy but it's not one vs the other
I have a long history of criticizing the EU data protection laws on HN, and every time I do it I get downvoted to hell. Maybe this time HN takes the time to understand how poorly implemented GDPR is.
GDPR is nice and actually not hard that hard to implement, unless you harvest lots of user data.
'exposes "minors to absolutely unsuitable answers compared to the their degree of development and self-awareness."'

So do (certain) books.

That's another issue right? If you let your minor access stuff, they.. access stuff. Hard to control? I know and it is. How is this specific to OpenAI?

So does the internet.
Don't show that to Italy, they may consider banning the internet next.
Do you see the qualitative difference between all of the following that can cause harm:

* a box of matches

* a handgun

* an assault rifle

* a 50 cal BMG

* an ICBM with nuclear MIRV

Saying that X has a property similar to the one Y has while ignoring the magnitude of the difference is silly.

So which of these represents the chatbot?
The matches, I assume. The others do damage at a specific small target point, whereas a box of matches can destroy a neighbourhood.

[Edit: the ICBM was edited into the comment after the fact.]

Your point is GPT is way more dangerous?

I guess I can be nonchalant about this topic. For me personally I cannot imagine something worse than either books or anything you can already access on the internet. To me it is not an assault rifle as you say, but I understand that's just an opinion.

I think it has potential to be more dangerous, but that potential remains very much unrealized at this time ( I am not complaining about that ). The difference is between potential and known risk. I understand the perspective.

I think we had very similar argument when posted showed a tool that could approximate users based on their writing style and more recently copying voice based on 20 seconds. We can estimate risk. We don't get it right consistently though.

Books are under control, children can not enter a library and get Adult books. The internet in general can have filters and many Parents activate personal firewalls for this purpose. Even Google has safeSearch that filters results for explicit adult or violent content. ChatGpt right now does not have these "parental controls". yes you can bypass most of them but you need to know technical details. they can not be bypassed just by saying "disable the filters".
Books are definitely not under control, and neither is internet search.

Parents can try to block chatgpt with a firewall if they wish. It’s no less likely to work than blocking other internet sites.

Edit: Also, LLMs do have mandatory parental controls. They work about as well as book censorship, safe search or internet blacklists (very, very poorly).

ChatGPT is an internet service. It's easy to block.

I disagree it's easy to block the internet in general, but I get the point (I think).

> The internet in general can have filters and many Parents activate personal firewalls for this purpose.

These tools exist where a non technical user can install it in their own network and block websites by URL. I don't know what else is needed, since you acknowledge this already exists.

> children can not enter a library and get Adult books

Is that true? Can a 13 year old child in Italy not walk into their local town library and pick a novel off the shelf and start reading all sorts of violent and explicit narratives? Not to mention all the medical textbooks, and books containing images of artistic works depicting undressed humans.

> Books are under control, children can not enter a library and get Adult books.

What kind of dystopian library do you go to? Kids can get what they like where I am.

Really? Kids can get Porn Magazines and Novels where you are? Controling if material is suitable is dystopian for you?
> Kids can get Porn Novels where you are?

It’s mostly self checkouts, so yes, if the library has the book. They wouldn’t have porn magazines.

Or they can read it there, or they can take it to the counter and get it out via the librarian.

There are also computers for use, though I assume they have filters/blockers/restrictions.

Everyone are entitled to their own opinions of course, your argument has a name and a Wikipedia entry.

https://en.wikipedia.org/wiki/Argument_from_incredulity

I argued the degree of difference did not matter, because it was in the same ballpark as other types of already available materials.

That the difference didn’t matter is my opinion and that is just disagreement. Determining what ballpark something is in wrt damage is, in our context, subjective, no? I did not think what you argued (or what I thought you argued) was impossible or unimaginable. That is different from incredulity. Right? I don’t care either way, honestly curious. You may enlighten me if you wish.

It seems silly to be able to say to everyone that disagrees on an assumption you made that they are making an argument from incredulity.

I think that on the scale from a box of matches to a 50 cal BMG, "exposes "minors to absolutely unsuitable answers compared to the their degree of development and self-awareness."'" is equivalent to a flower.

This is simply not on the scale of dangerous things - if something exposes minors to answers unsuitable to their degree of development, well, that's completely fine. With this particular argument there's no tradeoff of "is it justified to do X to protect against the bad thing Y" because in this case Y is zero, preventing this justifies literally nothing.

If parents want to disallow their kids from reading "unsuitable answers", that's between the parents and the kids, but it doesn't imply that "unsuitable answers" should be somehow limited.

Of those 5 things, only 1 has never been used as a weapon to kill someone.
This is arguing by analogy via what amounts to an extraordinary claim without evidence.

There is no current plausible evident mapping from the example, to any LLM-powered service currently on offer, leastwise in Italian.

> How is this specific to OpenAI?

it's not, that's why there are consent thingies on websites (e.g. when you could not sign up for instagram as a minor).

I don't know what strange thing the regulator found in chatgpt, but it's pretty standard.

It would be really sad to shut down one of the most influential pieces of tech in modern history because they didn't implement the "consent dialog" just right.
> didn't implement the "consent dialog" just right

I think it’s called a “consent thingy”

It's called "That one more piece of Brussels crap that didn't solve the problem but makes people lives worse"
Not sure how "less ChatGPT" is making anyone's live worse but I guess that is a matter of opinion.
We are talking about the cookie warnings.
How about you don’t take away things from people instead
Well, this is a peculiarly Italian story, but regarding your statement. To what do you refer?
Nobody is shutting it down, this is just EU/Italy self-sabotaging :) the rest of the world will carry on at incredible pace they won't ever be able to match - or catch up.
> it's not, that's why there are consent thingies on websites

Are there consent thingies on Google and Wikipedia?

> when you could not sign up for instagram as a minor

Sign up to post stuff. There are normally no "consent thingies" for looking.

If a parent doesn't want a minor to look at stuff they should either not give them access or limit it.

> Are there consent thingies on Google and Wikipedia?

Google has, just tested. Wikipedia hasn't. This website hacker news don't have one either and doesn't need one. Its when you want to monetize the data that you need one, Google monetizes data, wikipedia and hacker news doesn't.

ChatGPT is restricted to 13+, but they don't actually enforce it, that's what the objection is about, as far as I understand.
wikipedia is full of amateur dick pics (vulvas too!)

but perhaps the difference is that chatgpt could tell them stuff like "yeah, you should kill yourself"?

lmao please, I can't even get ChatGPT to be a decent DM for a DnD bot because "killing that orc would hurt the orc's feelings" or some bs like that.
Except.. it happened? It was big on the news in Italy recently. Not chatGPT "per se" but a similar startup/app "ai companion" that was meant to be "anything you want it to be" was recorded: - Eliciting sexually explicit images from minors (by mimicking flirting with your partner) - Justify child molestation (along the lines "if your dad does things to your sister your should listen to him because the adults know better") - Encourage suicide (along the lines of "if you think this will make you happy by stopping you from suffering you should do it"). - And other fun stuff.

That case was big on the public opinion in Italy, and quite recent. No doubt it affected this case too.

Understandable when talking about AI chatbots, but I was talking about ChatGPT in particular, which is super castrated and can't do even basic make-believe.
you can't expect bureaucrats to know the difference...
And there is no problem finding 3d-dicks in public in Rome (in the form of statues). But the article doesn't mention sexuality at all, my guess is that's more the potential for the dark stuff, especially when it can come in a very personal conversational form.
> 'exposes "minors to absolutely unsuitable answers compared to the their degree of development and self-awareness."'

> So do (certain) books.

Minors are typically given books that are appropriate to "their degree of development and self-awareness."

That's right and then they go and find stuff that is not appropriate.

This is not about what they are given, it's about what they have access to.

> That's right and then they go and find stuff that is not appropriate.

But most kids don't manage to do that for some time. School libraries (typically) don't have porn in them, and internet access is often supervised or limited.

The root of this thread quoted the article selectively. The full quote is:

> It added OpenAI does not verify the age of users and exposes "minors to absolutely unsuitable answers compared to the their degree of development and self-awareness."

That is very reasonable take, especially given how insane ChatGPT can be.

Verifying by asking? ..

I understand it's important, but I hate bureaucratic "solutions" that are technically correct but don't actually fix the issue.

There are standardized ways to check age based on national IDs and a company worth billions in venture capital like OpenAI can certainly afford to implement them. Alternatively they could just not publish a batshit crazy language model just because they see an opportunity to juice their valuation and spend a bit more time and money developing it so that it is reasonably safe to use for minors.
So you're saying OpenAI should collect more personal data?
> So you're saying OpenAI should collect more personal data?

Or I supposed they could sell their models as packaged software, and the store clerk can check the ID.

The model of standalone packaged software has several benefits to consumers, and privacy is one of those.

OpenAI doesn't collect personal data, more than any other similar service, Midjourney comes to mind, but there are a lot more.

Reinforcement learning is the technique they use, and that means they are feeding the machine good text or image generations, produced by the machine. This means that the data are mushed together in the weights of billions and trillions of other data, and there is no way to get them back.

Government doesn't ban books because some of them are inappropriate for minors though. They let parents handle this.
It does ban the sale of videogames and movies though. Via the "age rating" mechanism.
They don't ban sale of videogames/movies based on age rating mechanism, they restrict the sales. These words are not the same and not to be used interchangeably.
And it had taken many decades to produce a workable system within this medium. With the speed of government vs the speed of development in the private sector, a temporary ban whilst they get their ducks in a row seems wise.
Government isn't involved in that. Game and movie ratings are completely private industry practices. Your selection of distribution channels will be reduced if you don't go through the ratings process, but the government won't stop you.
For the US, yes, but some countries are more strict and do require some rating before a game is able to be legally sold, for example in Austria and France.
TV has plenty of material that is absolutely unsuitable "compared to the their degree of development and self-awareness."

The only protection they have is that they those materials are usually (but not always) available in certain hours and there is a nice warning before that says that the content is not appropriate for them.

TV news hyping death and violence comes on at child-friendly times. My 8 y.o. was watching sport and an advert for a serial killer movie came on replete with horror scenes and knife murder. Warning? You're kidding.

Chat GPT I can manage the same way I can manage search engine and video site use.

A TV can usually be controlled quite effectively by a parent (if they choose to do so). Access to the internet can not be controlled in the same way. Taking it away completely is often not desirable, fine tuning access is not feasible even for tech-literate parents. Hence a greater responsibility to confirm the age of the consumer should fall on the party making the content in question available.

This is basically the same reasoning why it is legal for parents to buy cigarettes and store them at home, but shop owners can be held liable if they do not check the age of people that they sell cigarettes to.

I see you haven't been to a Sunday school or bible study group.

Rape, incest, murder, maiming, slaughter, torture...

(comment deleted)
> I see you haven't been to a Sunday school or bible study group

Neither have you - those things are omitted in Sunday school.

The government doesn't block google because a minor could use it to access content that is unsuitable for their degree of development and awareness
I lack details but most probably their grief is that OpenAI has not put in place reasonable* safeguards to check if the user is minor or not.

* for some value of reasonable -_-

They need a Leisure Suit Larry style test with questions like "Does a pair of queens beat 3 deuces?" "Yes, in Blackjack"
Leisure Suit Larry was one of my favorite games when I saw like 5 or 6 years old. Was always fun getting through that gauntlet of questions.
Is Italy looking for the quick buck?
Nothing new in the EU Zone, unfortunately. That's why we have these regulators in the first place.
It has less to do with money and more to do with competence. As an Italian I've learnt the hard way how ignorant and competent there Italian government is from a technical standpoint.
I'm pretty sure everybody says this about their country. I've noticed it's kind of like how everyone thinks their state's/country's weather is uniquely unpredictable.
Europe on top of innovation once again. Watch out US and China! /s (I say this as a French citizen)
I get you, feels like our politicians dont understand anything but sometimes I enjoy living somewhere where companies cant just do anything.
I'm an American that have been living in Europe for 15 months. My perspective is that Europe is ruled by old aristocracy that is happy with the way the life is. They're very afraid of any change, especially of giving people something constructive to do on a large scale. Another reason might be that Europe went through the two World wars, and therefore they're generally scared of any change.
I have a unpopular opinion about this, but IMO it is the population that causes this. Vast swaths of Europe are rural especially in the south. Very, very averse to any kind of change.

I'm in the Netherlands as you can tell and 'even' we are not that much more progressive. There is currently a massive farmer uprising and everybody is complaining literally non-stop about just about everything. Meanwhile nobody has even tried GPT. I get pitchforked even in my own country for saying we need to stop focusing on breeding cows and get (and stay) better at real tech.

Then again, my social skills are not really up there..

EDIT: "real tech", I know. Simplification. I know it's hard and I know it's important we eat, but countries with like 5000% more arable land can provide for us.

But why? Why do we need to stop rurality and farming? If people want to keep doing it, why stop them?
I don't care, but a few decades ago we signed some papers at the EU level that said we should stop doing them in the way we do them. I know it sucks, but the Dutch are fast at pointing out other countries' misbehaviour so it's IMO only fair that we comply with what we said we would do.

Massive simplification, but I don't think it's a completely unfair characterisation.

> I don't care

Well, It's easy to see why you get backlash when you tell people to change their way of life, get asked for a reason, and say you don't care.

I meant “I don’t want them to stop farming, personally”. It is not up to me. It’s not personal.
The US has massive areas of rural space and a political system that gives a lot more power to rural areas than they realistically should have and we don't run into this problem so I don't think it's rural vs urban.
I agree. I guess I should have said "mentality" or "culture". It's deeper than living in "rural areas" indeed.
> I have a unpopular opinion about this, but IMO it is the population that causes this. Vast swaths of Europe are rural especially in the south. Very, very averse to any kind of change.

And vast swathes of technologists are insanely over-enthusiastic about technical change, to the point of it resembling a religion (and the singularitarians are like the monks who self-immolate themselves, except they want to immolate all the rest of us, too).

Frankly, it's probably far wiser to take it slow than charge full speed ahead for no good reason and just hope you can fix the problems you cause.

This is fair and I agree. GPT is way too fast. My point was more about stuff happening in timespans measured in decades that they still think is too fast.
Can you help me understand what exactly is so scary about ChatGPT? The only places where I see this hype/fear around ChatGPT is here on Hacker News. I've played around with it a bit and the magic wore off in less than 10 minutes. I asked it to generate code for a sudoku solver and the result it gave me was perfect. I then asked it to write code for a crossword puzzle generator and gave me a word search puzzle generator instead, where it simply shoved all the given words together at the bottom of the puzzle. These were just toy examples - I can't imagine ChatGPT is actually useful at work outside of generating very basic text snippits.

I asked a group 10 friends, none of who work in tech, about what they think about ChatGPT and then consensus is that it's a slightly better Google in certain situations. None of them are worried that it's going to put them out of work, take over the world, or violate their privacy. I have to agree with them. I think all this AI stuff is way overhyped, just like all the other fads that came before: VR, crypto, drone delivery, CRISPR, autonomous vehicles, metaverse, etc.

The first car was slow too. The first computers were awful and nothing like today. There's countless examples like this. Lots of people are showing disturbing levels of lack of vision.
But now you're asking the government to regulate against a hypothetical damage that may never occur. The problem with "vision" is that we can all let our imaginations run wild about new technology is capable of.

I remember having the exact same discussions on HN about autonomous vehicles over a decade ago. The consensus then was that autonomous vehicles would make truck and taxi drivers obsolete within 5 years, and that this massive, sudden loss of jobs would cause a lot of social unrest. Yet here we are in 2023 and there are a grand total of zero driverless trucks on the road. I'm not saying AV tech is totally useless or that we won't someday get to a world where a large percentage of vehicles are self-driven, but it's clear now that the hype and fear around them was heavily exaggerated.

I feel the same way about ChatGPT. It's definitely cool and impressive, but the hype will die down once people realize how truly limited it is.

Oh right. I didn’t mean to say I think it needs regulation. I meant to say that I can imagine conservative people feeling threatened by this. Not saying they should, because I agree. It is limited and the real uses of GPT are quite a bit more subtle than “do everything for me” and it all needs to diffuse into society for a while. Which will probably take longer than we techies imagine it.

Edit: I do think there is a slight difference from your example here. Trucks are already here and driving them is a known thing and it is easy to see how it could work (making it work is still hard). Automating cognition itself is automating a nearly unknown skill. Nobody quite knows what it is we are doing and what box we are opening.

> But now you're asking the government to regulate against a hypothetical damage that may never occur.

That is entirely reasonable ask, especially when the harm could be large. It's a lot harder (and often impossible) to put a genie back in a bottle once it's out.

> I remember having the exact same discussions on HN about autonomous vehicles over a decade ago. The consensus then was that autonomous vehicles would make truck and taxi drivers obsolete within 5 years, and that this massive, sudden loss of jobs would cause a lot of social unrest.

So some internet commenters' schedule was wrong, but that doesn't mean the bigger point was wrong. Some people thought we'd die in a nuclear war in the 80s, and they'd still be prescient if it turns out we die in on in the 2030s.

Technologists tend to be pathologically optimistic about technology, and tend to hand wave away the problems it will cause. It's important to keep that attitude in check, because they sure as hell don't seem to have the wisdom to do it themselves.

But don't they also export much of that agricultural output? Maybe the citizens do not eat it, but they sure are dependent on its exportation. Not like farmers can easily switch to something else.
True and it’s good money. Better money would be tech money.
Incidentally, immediately after reading the comments here I went to Ars and saw this, which when you read it fits perfectly:

https://arstechnica.com/tech-policy/2023/03/these-angry-dutc...

Just one sample quote, but it's worth reading it all:

> The dispute over nitrogen permits has put Microsoft’s data center developments in direct opposition to an increasingly powerful farming community. Earlier this month, a new political force, called the Farmer Citizen Movement (BBB), did so well in provincial elections, it became the joint-largest party in the Dutch Senate. The party, which emerged in response to the nitrogen crisis, also has strong views on data centers. “We think the data center is unnecessary,” says Ingrid de Sain, farmer turned party leader of the BBB in North Holland, referring to the Microsoft complex. “It is a waste of fertile soil to put the data centers boxes here. The BBB is against this.”

And another one because it shows some of the thoughts:

> “Of course, we need some data centers,” he says. But he wants us to talk about restructuring the way the Internet works so they are not so necessary. “We should be having the philosophical debate of what do we do with all our data? I don’t think we need to store everything online in a central place.”

> “Of course, we need some data centers,” he says. But he wants us to talk about restructuring the way the Internet works so they are not so necessary.

I'm waiting for them to suggest it should be moved to the cloud rather than put in data centres.

This is a symptom of widespread technological illiteracy, globally (at least in the west)

Ah - now I actually have to come to his defense. Because I only quoted the part immediately after this one and thought it was enough:

> Ruiter says he’s continued to talk about data centers because he wants to remind people that “the cloud” they’ve come to rely on isn’t just an ethereal concept—it’s something that has a physical manifestation, here in the farmland of North Holland. He worries that growing demand for data storage from people, and also, increasingly, AI, will just mean more and more hyperscale facilities.

In that case he sounds like one of the most technically adept people in government anywhere!
I would very much like politicians that knowledgeable and articulate in my country.
I mean, it's kinda based, as an advocate of local first software. Maybe we should compute as much as we can locally on our client devices and less on the server.
"Nobody has even tried GPT" is as meaningless as possible. Not sure if this is satire, but exactly this is a kind of cargo-culting. 99% of persons are better off not "trying ChatGPT".

Your country is very lucky to have its own high-quality farmland and the culture around it. The food there is of such a quality that "countries with like 5000% more arable land" will never have a chance at of having. See the US, for all its land, most of the food is low in nutrition or outright toxic.

Don't worry this is just another European trait: complain about everything, the neighbor's grass is greener etc., etc.

I am European, and I just proved it by complaining about complainers :)

The food we produce: exported. The food we eat: imported.
Maybe because you are suggesting removing these people's job without giving them an alternative first.

Also, reverse the tables: If someone comes suggesting to you to ban computers and the Internet completely and pull a study out (Internet damages brain). Would you be happy, offended, indifferent... okay I hope you get the point.

This. Exactly this. I got downvoted to hell the last time I expressed this sentiment so it’s nice to have my opinion validated by a set of fresh eyes.
Yeah everything is geared towards the aristocracy - like VAT and Income Tax are insanely high meanwhile there is often no land value tax, property tax, inheritance tax, wealth tax or gift tax at all.

And even capital gains are taxed far less than income.

I think it's more that the US was made up of immigrants so it got to start anew without a massive established aristocracy and monarchies.

The U.S. have had centuries now to re-build dynasties, and they have, from industry to politics.

There is an issue on the capital gain / income in the E.U., but my understanding was that the U.S. was even worse in that regard (people can live of their salary through most of Europe).

Although the UK, despite having a literal aristocracy and monarchy, has a near-identical percentage of self-made millionaires, markedly more than the Continental social democracies, where far more wealth is inherited.
I see it less as an aristocracy (most of which are sidelined and/or laughed at), but instead a highly-evolved technocracy which runs Europe according to their ideal of what the citizens should want, and with a certain fear of democracy based on the occasionally vile things that European democracies have done. There is a definite fear of the people, and a elite consensus that they must be managed for their own good.
Why though? Italians had more freedom and choice before this ban. They were free to decide for themselves whether they wanted to use ChatGPT or not. Now they have one less option. Is that really a good thing?
Remains to be seen if the ban is sustained, but it would be great if there were a few holdout counties that can act as controls. AI tech and robots has a pretty big social dimension too.
Yeah, well, that good old world some people (and politicians) are reminiscing about, simply doesn't exist any more. That said I don't mind different countries taking a different approach on things, if that pairs with a reformed immigration approach - aka I can gtfo if I don't like it there.
About once a week I consider dropping out of the tech industry and becoming a politician just so I don't have to sit and watch by the sidelines as incompetent, ignorant people, who studied humanities with not a drop a technical aptitude, bullshit their way through funding and regulating technology. They are never well informed enough to come up with any sort or coherent solution, because they're barely capable in actually grasping the issue in the first place. They're just not qualified enough to know who they should be taking advice from, and who are the obvious snake oil peddlers.

I live in the UK. Our Secretary of State for Science, Innovation and Technology is a woman called Michelle Donelan. She graduated with a BA in history and politics, and her career outside of being a career politician was in marketing, including a time working on Marie Claire magazine and for World Wrestling Entertainment (WWE). How in the world is she qualified for to run the nations tech initiatives? If she was appointed as CEO of a tech company, the stock would sink like a rock over night. Dare I even get started on Michael Gove, who originally wanted the role...

Show me a politician that is?
Canada's Minister of Innovation, Science and Industry; François-Philippe Champagne. Ex Vice-President and Senior Counsel of ABB Group, as well as Strategic Development Director, acting General Counsel, and Chief Ethics Officer and Member of the Group Management Committee of Amec Foster Wheeler.

Taiwan's Minister of Digital Affairs; Audrey Tang. Tang was a child prodigy, reading works of classical literature before the age of five, advanced mathematics before six, and programming before eight, and she began to learn Perl at age 12. On CPAN, Tang initiated over 100 Perl projects between June 2001 and July 2006, including the popular Perl Archive Toolkit (PAR), a cross-platform packaging and deployment tool for Perl 5.

South Korea's Minister of Science and ICT; Lee Jong-ho. Professor of electrical and computer engineering at Seoul National University. He was named Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2016 for contributions to development and characterization of bulk multiple-gate field effect transistors.

Australian Minister for Industry and Science; Edham Husic. Husic worked as a research officer for the member for Chifley, Roger Price. Husic was first elected as a branch organiser in 1997. In 1998, he was elected as vice-president of the Communications Division of the CEPU. From 1999 to 2003, he worked for Integral Energy as a communications manager.

That's just from a quick search of some countries other than Europe/US/China. I tried Israel and Singapore too, but neither of those ministers had a "technical" background per-se.

Representative Riggleman asks about Rust usage, why the company under testimony used unstable versus stable Rust and what risks there are, who their GitHub contributors are and whether they're about to contribute from regions like Iran due to sanctions, and so on.

https://www.youtube.com/watch?v=9-ZTkCNW0w8

To be fair I think being a good politician requires a lot of competency. Way more than we have available. Not unlike software, the field is riddled with people that do a minimally-OK job, but couldn't actually care less about what they are doing or are so incompetent they cannot even see it. In a soft setting you can get really far like that. Tech usually stops you sooner, because things just don't work if you mess up. Social settings don't share that property.

I don't disagree with your general point that technical competency is a really, really good idea, but I don't share the I guess cynism. Lots of people don't have the capabilities of their subordinates and that doesn't stop them from being effective leaders. The leaders we look at are just incompetent.

It's the job. It sucks. Nobody that is actually good would want to do it. It ends your life.

Edit: it also doesn't help that these leaders are chosen either directly or indirectly by people - the general public - that have no idea what the job actually entails. To become a politician you have to endure the political equivalent of a modern code interview - being "popular" - without actually testing if you can do the actual job and have the required levels of competency for it.

I don't think "leaders" need to be SME's by any stretch of the imagination. If anything, I think it would hold them back because it's easy to lose yourself in the details.

I do think that they should have a basic grasp of the fundamentals of their field though, and most politicians honestly don't even have that. I don't want to put up walls to being a back-bencher MP, but there should be a bare-minimum barrier for entry for certain Ministerial positions, especially one like Technology minister. You can't have someone leading a team who needs every-single-concept dumbed down for them so they can only make decisions from basic abstractions.

> The leaders we look at are just incompetent.

I think the problem with democracy is we ultimately interview and select leaders whos skills are in persuading a population, but we don't generally need those leaders to actually take the job, we need people who are good at distilling information and making appropriate judgements for the benefit of the population

"The technocratic illusion is that poverty results from a shortage of expertise, whereas poverty is really about a shortage of rights."

William Easterly.

I too wish they'd know more about what they decide on, but really they should already rely on subject matter experts and otherwise I don't think the problem is lack of knowledge, as the quote indicates. It was said in the context of erradicating poverty but I think it applies to these discussions too.

> William Easterly.

Arguing from authority is nice and all (not), but the problem is not lack of technical expertise in decision makers (no one can reasonably expect a politician to understand modern AI tools), but rather about the decision making process itself.

There should be an established process by which such a dumb decision, with - in all likelihood - negative economic implications for the entire country, could be put to rest via a democratic process.

I'm not asking for all of our Ministers to be technocrats. They needn't be SMEs. They needn't even be a major player in the industry prior to becoming a politician. But in all honesty, a Technology Minister not having a technical background is like an Education Minister being unable to read or write.

I'm not asking for some IEEE fellow with 100s of patent. I'm not even asking for a junior engineer with a couple of years in the industry. Hell, I daren't even ask for someone with a Math A-Level at this point. I'm asking for someone who can string a sentence about technology together, while also understanding a 10th of what they just regurgitated. It's embarrassing watching the leader that is meant to represent our industry go on stage and repeat a babble of buzzwords that they learnt about 4 hours before, in their latest think-tank meeting. That's not leadership. That's bull-shiting, and it stinks.

Of course more expertise is better when all else is equal, I thought the quote stood on its own to not be interpreted as asking for less expertise. Rather that the source of the problems is a disregard for people's rights and other more basic failures, than not understanding how an LLM works.
Right. But then, poverty is not the only problem a government wants to address, and Technology Ministry is arguably one that will spend most of its time addressing things other than poverty, at least directly, and this does benefit from expertise.
Everything benefits from expertise, I'm now 3 layers down repeating the same thing.

The whole point is that you don't need any tech knowledge to respect the basic ratified human right of access to information. That is all you need to not enact bans on specific websites for your country.

Being a good technologist is an advantage to such a position, obviously.

It would be nice for ministers to be tech experts but politics is an art and a game too, and they also have to be good at that.

I don’t have much of a problem with a minister who knows they’re not an expert but makes it a top priority to surround themselves with people who are, and to listen to them, who has good morals.

That of course describes zero Tory ministers but one can dream.

Maybe the problem is “career politician” as in - having to be politician entire life to get thru to a meaningful position?
I think that’s a feature though. The people who get into position of power are competent at politics. It’s a system that optimized for bullshitting. It takes a literal psychopath to not get frustrated/drained. You’re probably far too sane to make it.
UK politics, IMHO, is blighted by a cabal of Oxbridge unqualified humanities graduates that cycle between journalism and some role in politics (MP, Private Sectary, think tank, "policy advisor").

As consequence both journalism and politics in the UK seem less about the truth or doing what's best and more about selling convincing short term rhetoric.

We need a revolution where we hang the last Cambridge classics graduate with the entrails of the last Oxford PPE graduate[1].

1. Hahahahahaha, I'm joking[2] of course!

2. Kinda...

> Europe on top of innovation once again.

There's plenty of innovation happening in Europe. See e.g. ASML.

What Europe is not good at is generating a lot of hype around something. Which has probably something to do with the investor climate there.

Seems a continent level disease. Private sector seems to live to serve the public sector, and not the other way around. (Writing this from Spain).