Law

With OpenAI’s and Azure OpenAI’s API offerings, businesses are enabled to develop their own applications on top of the powerful large language models (LLMs) underlying ChatGPT, Whisper, and OpenAI’s other models. Close to a thousand commercial applications already exist that make use of OpenAI’s foundation models, including our own PrivateGPT which acts as the privacy … Read more

The rapid advancement of generative artificial intelligence (AI) has raised intriguing questions about the copyrightability of AI-generated output. As AI systems become increasingly capable of producing what we would commonly consider original creative works, it becomes essential to examine the copyright implications and ask ourselves who, if anyone, can claim copyright to the output of … Read more

If you are building or thinking about using an application based on OpenAI’s ChatGPT or another large language model (LLM) which will collect or otherwise access health information, you may have to comply with some of the strictest data protection laws currently in force. If your business offers its services in the US, this Mobile … Read more

Bill C-27, which includes the proposed Consumer Privacy Protection Act (“CPPA”), the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act (“AIDA” or the “Act”), is currently in its second reading in the House of Commons. On April 24, 2023, the second reading of the bill was completed. In order … Read more

Healthcare organizations are required to perform a delicate balancing act between healthcare data protection and disclosure of high utility data to further research and innovation leading to better healthcare services. There will often be a trade-off between these two interests, as excluding or altering data in an effort to protect individuals’ privacy regularly comes at … Read more

If your organization ever finds itself in the position of wishing or having to disclose personally identifiable information (PII), e.g., to third parties for processing purposes, to researchers for scientific purposes, or to the public as a result of access to information obligation, you have to ensure that the privacy of those individuals to whom … Read more

PHI stands for “Protected Health Information” and can include information about an individual such as blood type, condition, injury, etc. This term is subject to a lengthy and complex definition in a regulation under the US Health Insurance Portability and Accountability Act of 1996 (HIPAA), which we will examine in detail below. The term is … Read more

PCI is often mentioned in the triage PII, PHI and PCI in the context of data protection. PCI stands for “Payment Card Industry” data, which includes information such as bank account numbers, credit card numbers, card expiration dates, CVV numbers, etc. This article zeroes in on PCI and explains what data is captured under this … Read more

With more than 100 million German speakers worldwide, there are many use cases for redacting personal data from German text, including compliance with the GDPR in Germany and elsewhere. With many privacy-preserving de-identification solutions being optimized for English, you might expect that transferring the same approaches to its close linguistic relative, German, would be simple. … Read more