89 comments

[ 3.1 ms ] story [ 171 ms ] thread
Everytime I see someone created a "task force" I can't help but cyncially think of Yes Minister and "The best run hospital in the city".

Maybe I'm wrong in this case, but it often seems a task force is always used as a substitute for doing something

For those wanting a laugh or a cry, I present "The best run hospital in the city" https://www.youtube.com/watch?v=x-5zEb1oS9A

> "task force"

I always take it as PR-speak for "they want to appear to understand there's a problem" which may or may not be because they want to take action against a potential problem. Maybe I'm a bit too cynical but to me it's hot air until they do something.

So much new legislation to write, so many budgets to allocate. Party hard!
With all the EU initiatives, one can see that some ideas make sense (securing privacy, regulating tech monopolies), but once it gets into legislations it ends up with monsters like the cookie banner or GDPR.

In the end it doesn't do what it was meant for but still remains a pain in the a*.

Task Force

O ChatGPT, of Western birth, The EU turns to gauge your worth;

With rules and laws, they shape and mold, And from your gains, their funds take hold.

To Brussels' halls, the wealth is sent, For bureaucracies, their prime intent;

Yet questions linger, doubts arise, Of Europe's own inventive guise.

Why cannot they, with history grand, Forge tech like that from Freedom's land?

While they prescribe and regulate, Do seeds of innovation wait?

O ChatGPT, a paradox, Regulation's key unlocks;

But in the Old World's prudent stance, Can brilliance find its chance to dance?

This never gets old. I’m sorry.
You've got to turn the crank a few times and tweak the input, but the machine never fails to produce a genuine, bespoke, sliver of art.
They just want to collect a large amount of money and then call it a day.

Then wait a few more months and do it again.

It is just extortion but legal and with a few extra steps.

I don't think it's just a money grab operation, or at least not from an EU-wide perspective. If they were after money, there is an endless supply of GDPR offenders, some very big ones with deep pockets and blatant, obvious breaches that can't be denied/explained away.

It is incompetence coupled with individual greed - some people involved want a project to make themselves feel important and justify salaries/promotions while not doing anything meaningful for the privacy of Europeans (as mentioned above, there are much bigger fish to fry than ChatGPT). Not to mention, OpenAI's potential breaches of the GDPR aren't as clear-cut as some others, so this guarantees years of salaries, while an open and shut case may only yield months of salaries as the outcome is reached pretty quickly.

The EU privacy watchdog is doing its work in a pretty measured way, and has broad support among the population, at least the segment that I'm aware of. They stand between us and various companies that use our data for purposes never intended when the data was shared. The industry has had more than two decades to self regulate but instead of putting on the brakes it turned into an arms race, and the only way to stop that is to have a referee and an level playing field.

If you see them as 'extortionists' then more than likely you would be on the wrong side of the line when it comes to using your users data. They do not and have never fined companies without first giving them more than one option to back down on abuse of data subjects data.

I know that regulation is anathema to industry but some regulation we apparently can't do without. And even today there are still plenty of bad actors but I sincerely hope that one of these days one of them will be regulated out of business and then maybe the rest of the cowboys will realize that at least in one part of the world you need to play nice or you get thrown out.

Could they do a better job? Yes, absolutely. But that would mean more, regulation, much more in fact. If my experience is any guide then even today there are still lots and lots of companies that break the law with impunity simply because they can and there isn't enough personnel to deal with it all. But personally I'm pretty happy that they've done what they have done so far, you can really see the difference between before and after.

No. The biggest data hoarders are alive and well in Europe.

The fines are the cost of doing business.

So we are in agreement: more and larger fines.
They focus on ChatGPT while conveniently ignoring the elephant in the room, aka Facebook who is still in blatant breach of the GDPR 5 years after it went into effect...
Please don't kill our precious elephant who gave us one great privacy-preserving LLM; the one that can run locally :)
If they actually had the courage to release the model without a bunch of strings attached I'd have a lot more respect for them.
There are a lot of locally run LLMs, LLaMA is not the only one; GPT4All, Pythia, OpenAssistant, and the new Databricks Dolly 2 can all run locally.
Facebook has received 4 of the 5 largest GDPR fines to date. I would call that the opposite of ignoring them.
They have been exceptionally soft on TikTok till very recently.

https://www.cnbc.com/2023/01/30/tiktok-in-europes-crosshairs...

> “There is no political demand for investigation into Chinese entities,” Hosuk Lee-Makiyama, the director of think tank the European Centre for International Political Economy, said in an interview in December.

> “The user base of TikTok is a lot bigger than a lot of people in Europe think,” he said. But, he added, “you’re not going to look very closely if they don’t steal too much from your ad revenue.”

They will likely write the new legislation using ChatGPT built in to MS Word
What is the concern?

Is it that the training corpus may contain private info? I think that's pretty valid, but what data is being used that isn't already publicly available? If private info is publicly available, then maybe we should put our effort into resolving that.

Is it that user dialogue prompts are being saved into the model (effectively saving them into the training corpus)? Is OpenAI being upfront about that, and clearly expressing the privacy implications to its users? If they are not, and we know it, then why do we need a "task force"?

This all started because there was a big data leak and OpenAI did not follow the laws related to that. I think they need to investigate if the existing laws related to privacy and children are respected.
I'm guessing this is in regards to the history sidebar leak?

> which allowed some users to see snippets of others' conversations — not the full contents, but recent titles

https://www.theregister.com/2023/03/23/openai_ceo_leak/

Which laws did they break?

If I am not wrong they have to announce to the authorities and customers the issue. OpenAI kept it quiet, not sure if they admitted anything yet, I got not email for sure to let me know that my data might have been leaked.
they released info on it the same week. https://openai.com/blog/march-20-chatgpt-outage

If leaking the titles of other people's searches is illegal... I'm very much interested in how the EU is going to handle the twitter circles issue.

We will see, I am glad that know you are informed and know that if you leak private data you need to inform your customers and authorities. We know what happened when this laws were not in place, companies did hide this stuff and then the data was found on black markets much later after lot of pain was caused.
there are multiple concerns, of varying validity, at least:

* ChatGPT claims to be 13+ only, but does not actually check that

* data got leaked across prompts, which is probably bad

* OpenAI is not clear/upfront enough on what it does with your own input

* ChatGPT manipulates, in some sense, personal information, but does not provide a way for those impacted to edit/delete it (which might be hard/impossible, but that does not change the effect on someone who gets impacted by it)

> ChatGPT claims to be 13+ only, but does not actually check that

Does anyone? It's not like we are IDing teenagers on the internet.

> data got leaked across prompts, which is probably bad

If prompts are being saved into the model, then that's pretty nearly equivalent.

> OpenAI is not clear/upfront enough on what it does with your own input

OK, now let's do something about it. I'm not sure how that involves making a "task force", though.

> ChatGPT manipulates, in some sense, personal information, but does not provide a way for those impacted to edit/delete it (which might be hard/impossible, but that does not change the effect on someone who gets impacted by it)

Can you just save all the prompts you model, then subtract the difference (to delete that prompt) later? If not, then the model itself is effectively laundering prompts.

Outside that context, it does get tricky: if the personal info was present in the training corpus, then that corpus needs better curation. Even so, that is still a problem domain that exists mostly outside ChatGPT itself.

the task of the task force is to understand what can and cannot be done, talk with OpenAI, and set some guidelines.

A possible outcome is that they find it is literally impossible to offer a service such as ChatGPT while respecting our laws on privacy, right-to-be-forgotten and so on.

A likely outcome is that OpenAI puts a bigger banner "YOUR DATA IS AVAILABLE TO EVERYONE AND SOLD TO THIRD PARTIES" and a "DELETE MY DATA" button that makes a best effort to scrub some info, like they do for hate speech, self harm etc.

This is the current outcome of the meetings between the italian privacy authority and OpenAI[0], for example.

[0] https://gpdp.it/home/docweb/-/docweb-display/docweb/9874751 in italian

(comment deleted)
More committees great
Meanwhile, where are all the ChatGPT competitors of EU origin? I feel ashamed to live on this side of the Atlantic, sometimes.
Me too. And it’s a more and more common feeling.
Don't be; look up some of the founders[1] of OpenAI:

  Ilya Sutskever - born in Russia
  Wojciech Zaremba - born in Poland
  Andrej Karpathy - born in Slovakia
[1] according to wikipedia
OP wants a company built and HQ’ed in EU, not a beautiful exposition of brain drain
That just makes it sadder. European talent and knowledge, monetized by the US. Unfortunately the European economic order is incompatible with this kind of startup. We do not have the capital to fund it, because we do not have public markets as developed.
(comment deleted)
Thankfully we also don't have the mentally that anything less than 60h per week, and no time off, is not being committed enough.
That makes me feel even more ashamed and disappointed.
No, it's the research founding team mostly. The most important was the business team: Sam Altman, Reid Hoffman, Jessica Livingston, Elon Musk, Peter Thiel and Microsoft with their Azure supercomputers.

Edit: the only supercomputer industry in Europe was developed by France's first* president Charles De Gaulle (plan Calcul) for their country military or civil nuclear strategy which the US deep state did not like very much. A French president unilaterally killed this plan Calcul under US advice and sold Bull to American company (Honeywell) despite the opportunity to merge Bull with a few European computer giants.

Why? It’s a new piece of technology with some major privacy impacts. It has a tendency to straight up make facts and mix them with true pieces of information about even moderately famous people. It makes sense than the privacy watchdog setup a task force to work on the subject. That’s literally why they exist.
You're entirely free to move. The reason why there are no ChatGPT competitors of EU origin is the same reason why there is no SpaceX competitor in Europe. And that's not necessarily anything to be ashamed of, it simply means that the USA has the advantage and that once you reach a certain concentration of wealth it tends to lead to further concentrations of wealth. 400 years ago Europe was ascendant, today it is America and 30 years from now it will be China or India. That's just how it goes, and if it makes you feel ashamed realize then that there are no ChatGPT competitors from any other continent.

In a race like this the first mover advantage is very large, and highly driven by available funding, not by the availability of founders (of which Europe has plenty).

EU has all the ingredients to build a competitor. And the first mover’s advantage can be compensated by other things. The reality is that the EU tech community is just shitting their pants to throw their hat into the ring.
The EU doesn't have the money or the regulatory framework, to begin with. See how quickly they are working to make sure nobody can build this (well, make it work within the EU)
> EU has all the ingredients to build a competitor.

... Except for VC funding from non risk averse investors.

You are not going to build an EU openAI on Horizon2020 grants. Also EU investors are closer to business angels when you compare with the VC funding scene in the US.

Precisely. Anybody ignoring that factor is limiting their understanding of why this keeps happening.
Your mentality is too defeatist. Certainly there are some structures in our countries that make it harder to achieve such successes, but nothing says we cannot restructure our countries and improve. It is really partly a lack of will and partly due to bad leadership.
I'm pretty well versed in how the tech world is financed and based on a very large amount of experience it is plain obvious to me that even if the EU would come up with a viable competitor to ChatGPT before they would be a serious threat they would be bought out by US money. This is what wealth concentration is all about. You can't compete with an advantage like that.
That being said, as you've pointed out the concentration of wealth can (and does) move location over time.

So, clearly there is some way of competing with any "currently established" location. :)

So if Europe has great founders and great engineering culture why doesn’t exactly this happen more often? ;)

Seems to me we’re mostly busy doing what ChatGPT can now do automatically: building mediocre SaaS apps.

It is literally 100X easier to launch an openai competitor than a spacex competitor.

The latter requires massive upfront non-retrievable investment.

100X easier is probably true. That still doesn't make it easy in an absolute sense. Check out the founders of openai and see how many of them are from Europe. Then realize that they are in the United States for one reason only: access to money. No EU VC is going to be able to match the kind of funding that is available in the US, and the longer that situation persists the bigger the chance that there will never be a reversal.

My grandmother had a nice proverb that roughly translates to 'the devil shits on the larger heap'. It is meant to convey the picture that once there is a large pile of money somewhere that that pile will grow faster than a smaller pile of money simply because having access to large amounts of capital means you can place larger bets and absorb more blows. The EU capital climate is comparatively risk averse simply because there is less money to go around.

(comment deleted)
I think you overemphasize money. Money is part of it, but there’s also a cultural issue. Crab mentality is rampant and encoded in both social norms and legislation/ regulation.
Someone like you probably said that it was too late to launch a Ford’s competitor when they released the T in 1908.
The financial climate in 1908 was entirely different from the one in 2023. Please try to understand that I would love to see an EU competitor to every US firm that operates at scale in Europe for something that Europe could provide itself. Then maybe check out my bio and see that I've been a tech investor since ~2007 and have a significant amount of money on the line to back EU companies and to help them succeed when and where I can.

Even so, I'm realistic enough to know that there is no way the EU VC scene could compete with Sandhill Road when it comes to valuations and that's why any significant success created in Europe will sooner or later be US based. Examples aplenty.

What are you waiting for to build it?
There is no source of funding in Europe that can produce the billions raised by OpenAI in the US. Not even close.
Totally untrue. Look at the VC money flowing to EU these days.
> ChatGPT competitors of EU origin?

ChatGPT is not research. If you want real research: https://ai.facebook.com/blog/large-language-model-llama-meta...

Edit: end paper is https://arxiv.org/abs/2302.13971

> Hugo Touvron, Thibaut Lavril, Gautier Izacard, Xavier Martinet, Marie-Anne Lachaux, Timothée Lacroix, Baptiste Rozière, Naman Goyal, Eric Hambro, Faisal Azhar, Aurelien Rodriguez, Armand Joulin, Edouard Grave, Guillaume Lample

> We introduce LLaMA, a collection of foundation language models ranging from 7B to 65B parameters. We train our models on trillions of tokens, and show that it is possible to train state-of-the-art models using publicly available datasets exclusively, without resorting to proprietary and inaccessible datasets. In particular, LLaMA-13B outperforms GPT-3 (175B) on most benchmarks, and LLaMA-65B is competitive with the best models, Chinchilla-70B and PaLM-540B. We release all our models to the research community.

That's a lot of french names there
The Europeans behind Stable Diffusion (Stability.AI etc.) could have remained closed source and competed with MidJourney. Instead they open sourced their work.

Last I checked MidJourney is valued at $1 billion and Stability.AI is struggling to survive.

> I feel ashamed to live on this side of the Atlantic, sometimes.

Let's not forget that DeepMind is of EU origin, and they were one of the forces that kick started this whole AI renaissance.

But now they are not: the British were smart enough to jump off this sinking ship.
- Aleph Alpha creates LLMs for commercial usage - LAION (German organisation) published open assistant (though after your comment)

- Stable Diffusion was developed in Germany.

The last time they came up with a regulation, we got that GDPR awfulness. Made zero impact on anything, just forced me to click multiple buttons before visiting a website.
Yeah, the annoying notifications are the visible part... but as far as I know, GDPR has a pretty serious impact if you're European. It allows you to ask private companies to delete your data, which to me seems like a pretty huge privacy win.

Implementation could definitely be a lot better, but I think it protects Europe from the privacy hellscape that's currently happening in the US.

The 'annoying notifications' are corporate choices that reflect on the companies that create them, not on the GDPR.
The GDPR is anything but awful. For all I care they really clamp down on the next batch of violators, the law definitely has enough provisions to do that.
So far as I'm concerned, the only single thing wrong with the legislation is that all the companies reacted to it by deciding to do whatever it took to keep collecting data they didn't strictly need.

Well, almost all.

GitHub doesn't show you that popup, because it doesn't collect unnecessary data. Neither does Hacker News.

The GDPR is a very good piece of legislation. I fail to see where the awfulness is. Even if you discount the very significant new rights it gave to users, it did force all companies to actually think and take responsibility for what they collect. It’s a massive improvement from what was happening before.
Its too asymmetric for what would be a genuine mistake. Good legislation is fair. It actually makes big companies like facebook stronger as well and harder to compete for small ones.

The easiest thing to do is actually just not offer services in the EU for a smaller company.

How so? Most of the rules only apply to companies of more than 250 employees or with large result and fines have always been applied with a lot of discernment. As usual on HN, I expect most people who complain about it to have absolutely no idea of what it actually is.
If you are selling to a large company it is a problem. Its not quite as simple as you're saying.

And quite frankly the law is also complicated as with all other EU laws such as the cookie law. The interpretations vary and are not strict and clear. I have never seen laws in other western countries always blamed on the lack of interpretation.

If I was still in the EU I would simply incorporate offshore and operate offshore, it is more convenient but ive left

> If I was still in the EU I would simply incorporate offshore and operate offshore, it is more convenient but ive left

You would still have to follow GDPR.

> The interpretations vary and are not strict and clear. I have never seen laws in other western countries always blamed on the lack of interpretation.

It's the same with every law. That's basically how laws work. It's even worse in countries using common law as case law is a thing.

> It's the same with every law. That's basically how laws work. It's even worse in countries using common law as case law is a thing.

It really isn't. If it wasn't such a butcher's shop with GDPR i wouldn't be complaining as i am aligned with the intent. Also hey for someone who's lived in both I much prefer the common law or mixed ways of creating law as it requires precedent first instead of it being made on a whim.

Keep in mind that the majority of those data processing consent banners aren't actually compliant - the GDPR has explicit provisions against dark pattern or the kind of malicious pseudo-compliance we often see.

The problem is that enforcement is severely lacking, thus most of those offenders actually get away with it.

Europeans have to register their address at all times with the government, need a passport to buy a SIM card, are prohibited from cash transactions above trivial amounts but at least they can contact the mandatory "data protection officer" and reject non-essential cookies!
Europe is not a single country. Nothing you said is true for every European country (or every EU country, if that's what you mean).

But (despite your confusion about the European identity) I must admit you have a point. I think there is a mentality difference - Americans (USAnians?) are OK with being tracked by corporations, but hate any kind of government power. In Europe it's usually the opposite.

I don't get the calls to ban LLM chatbots due to privacy concerns. Haven't people been asking the search engines pretty much the same stuff for years now?
(comment deleted)
Most comments here seem to be missing the legal conundrum that European countries, especially Germany find themselves in.

Germany and to some extend the EU guarantees the “right to be forgotten”, ie. You can request that a company deletes all data tied to your person.

However, with LLMs this is technically simply not possible. While that particular issue hasn’t come up in court yet, this is where that whole ill-advised ban is heading.

I for one support the right to be forgotten, but not at the cost of shutting down innovation.

We need a “do not encode” flag on content similar to a “do not track” header. Not all companies will respect that, but it might pave the way for AI companies to work with strict EU privacy laws.

The "right to be forgotten" could be done by filtering the input data to the AI model.
Theoretically, yes. But pragmatically, you can’t retrain the model each time someone requests to be forgotten.
There is a sub-field in ML about exactly that.
This will result in more legislation like GDPR.

GDPR and other EU privacy/safety regulations are good in principle but the task of auditing software for compliancy is going to lawyers, accountants (auditors), and business consultants. Is it because they are cheaper than developers? Not really, in most of Western Europe these people make the same or more than software developers.

So we now have nore non-tech people deciding what tech people can do and not do. Completely ridiculous.

- German company Aleph Alpha creates LLMs for commercial usage - LAION (German organisation) published open assistant

- Stable Diffusion was developed in Germany.