CHATGPT’NİN GÖLGESİNDE KİŞİSEL VERİLERİN KORUNMASI

Year 2024, Volume: 6 Issue: 1, 14 - 27, 30.06.2024

Ahmet Demirtaş

Abstract

ChatGPT ve benzeri yapay zekâ teknolojilerinin hayatımıza bu derece hızlı girdiği günümüzde meselenin hukuki uyum yönü yine tartışmalara sebep olmuştur. Çok büyük miktarda kişisel veri işleyen bu yapay zeka teknolojileri özellikle kişisel verileri koruma hukukunun temel prensipleriyle doğrudan çelişebilmekte ve bu prensipleri ihlal edebilmektedir. ChatGPT gibi diyalog modelleri özünde bir yazılım olmakla birlikte, bu yapay zeka teknolojisinin diğer yazılımlardan belki de ayrılan en önemli özelliği düzenli ve güncel bir şekilde veri ile eğitilmesi gerekmesidir. Başka bir deyişle, veri ChatGPT’nin enerji kaynağıdır ve verilerin bu derece fazla kullanılmadığı bir durumda ChatGPT verimli olmaktan çok uzak olacaktır. İşlenen veriler arasında kişisel veriler de büyük yer tuttuğundan, doğal olarak hukuk birtakım sınırlamalar ve güvenceler öngörecek ve kişileri koruyacaktır. Fakat her zaman olduğu gibi yine teknoloji çok hızlı yol alırken, yasa koyucular meseleyi düzenlerken gecikmektedir. Tam da bu durumda hukukun temel prensipleri en azından asgari korumaları sağlayacak güvenceler içermektedir. Özellikle, sınırlı amaçla veri işleme, verilerin asgarileştirilmesi ilkesi ve şeffaflık prensibi adeta ChatGPT için tasarlanmış gibi muhtemel veri koruma hukuku ihlallerini engelleyici bir role sahiptir. Kişisel veri koruma otoritelerine bu noktada önemli görevler düşmekte ve yapay zekâ teknolojilerinin artılarından mahrum kalmadan, hukuki uyumu sağlayacak tedbirler alınmalıdır. Aksi halde kişiliğin bir parçası olan kişisel verilerin korunması hakkı ChatGPT gibi yapay zekâ teknolojilerinin faydaları karşısında toplumun ve bu teknolojileri üreten şirketlerin gözünde harcanabilir bir hak olarak görülür.

Keywords

ChatGPT, Yapay Zeka, Kişisel Veri Koruma Prensipleri

Thanks

Kişisel verilerin korunması hukukuna ilgi duymamın sebebi olan kıymetli hocam Dr. Cihan Avcı Braun'a ve hukuk perspektifimi genişleten değerli avukatlar Mutlucan Solak, Elçin Karatay ve Begüm Ergin'e teşekkür ediyorum.

PROTECTING PERSONAL DATA IN THE SHADOW OF THE CHATGPT

Abstract

In today's world, where artificial intelligence technologies like ChatGPT have rapidly entered our lives, the legal aspect of the issue has once again sparked debates. These artificial intelligence technologies processing a massive amount of personal data are particularly in direct conflict with the fundamental principles of data protection law and violate these principles. While models like ChatGPT are fundamentally software, a distinguishing feature of this artificial intelligence technology is the necessity for regular and up-to-date training with data, setting it apart from many other types of software. In other words, data is the fuel for ChatGPT, and if the model is not regularly exposed to a significant amount of data, ChatGPT will be far from efficient. Given the substantial presence of personal data within the processed information, legal frameworks naturally anticipate a set of limitations and safeguards for the protection of individuals. Nonetheless, in the ever-quickening realm of technology, legislators often find themselves trailing behind in the regulatory landscape. It is precisely in such instances that the foundational principles of law incorporate assurances, albeit minimal, to ensure essential safeguards. In particular, the principle of data limitation, data minimization and the transparency play a role seemingly designed for preventing potential data protection law violations in the case of ChatGPT. At this juncture, significant responsibilities fall upon the data protection authorities, and measures should be taken to ensure legal compliance with artificial intelligence technologies' benefits without deprivation. This includes securing a balance between harnessing the advantages of these technologies and upholding legal standards. Otherwise, the right to the protection of personal data, an integral part of one's personality, might be perceived as a dispensable right in the eyes of both society and the companies which developing technologies like ChatGPT, when weighed against the benefits of artificial intelligence technologies.

Keywords

ChatGPT, Artificial Intelligence, Principles of Data Protection

References

• 2016/679 Sayılı Avrupa Genel Veri Koruma Tüzüğü
• 6698 Sayılı Kişisel Verileri Koruma Kanunu
• Article 29 Data Protection Working Party Guidelines on Automated Individual Decision-Making and Profiling for the Purposes of Regulation 2016/679
• CATE Fred H. - DOCKERY Rachel (2019) ‘‘Artificial Intelligence and Data Protection: Observation on a Growing Conflict’’.
• CHALUBINSKA-JENTKIEWICZ, Katarzyna – NOWIKOWSKA, Monika (2022) ‘‘Artificial Intelligence v. Personal Data’’, Polish Political Science Yearbook
• GRAFENSTEIN, Max von (2018) ‘‘The Principle of Purpose Limitation in Data Protection Laws: The Risk-based Approach, Principles and Private Standards as Elements for Regulating Innovation’’.
• HERVE, Alan (2021) ‘‘Data Protection and Artificial Intelligence’’, The European Union’s Internal Approach and Its Promotion Through Trade Agreements, Cambridge University Press, s.193-214.
• JEZOVA, Daniela (2020) ‘‘Principle of Privacy by Design and Privacy by Default’’, Regional Law Review.
• KESA, Aleksandr – KERIKMAE, Tanel (2020) ‘‘Artificial Intelligence and the GDPR: Inevitable Nemeses?’’, Journal of European Studies.
• KONING, Merel Elize (2020)‘‘The Purpose and Limitations of Purpose Limitation’’.
• MİTROU, Lilian (2018) ‘‘Data Protection, Artificial Intelligence and Cognitive Services: Is General Data Protection Regulation (GDPR) Artificial Intelligence Proof’’.
• OSMANOVIC, Thunström A. - STEINGRIMSSON, S. (2022) ‘‘Can GPT-3 Write an Academic Paper on Itself, with Minimal Human Input?’’.
• PEHRSSON, Emily (2018) ‘‘The Meaning of the GDPR Article 22’’, European Union Law Working Papers, Stanford-Vienna Transatlantic Technology Law Forum.
• SEİZOV, Ognyan - WULF, Alexander J. (2020) ‘‘Artificial Intelligence and Transparency: A Blueprint for Improving the Regulation of AI Applications in the EU’’, European Law Review.
• SPAGNUELO, Dayana – FERREIRA, Ana – LENZINI, Gabriele (2019) ‘‘Accomplishing Transparency within the General Data Protection Regulation’’, s.114-125.
• STIENNON, Nisan - OUYANG Long (2020) “Learning to Summarize from Human Feedback: OpenAI”.
• SUN, Fei (2022) ‘‘ChatGPT: The Start of the New Era’’, A Bright and Gloomy Future.
• TOSONI, Luca (2021) ‘‘The Right to Object to Automated Individual Decisions: Resolving the Ambiguity of Article 22(1) of the General Data Protection Regulation’’, Research Paper Series No.2021-07.
• YAKIŞIR, Ceren (2023) ‘‘An Evaluation of the ChatGPT Decision Which Italy Blocked Access on the Grounds of Violation of the GDPR’’.
• AKSOY, Hüseyin Can (2022) ‘‘Kişisel Verilerin Korunması Yönüyle Algoritmik Karar Verme’’, Kişisel Verileri Koruma Dergisi, Cilt No: IV, Sayı: 2, s. 69-87.
• BIEGA Asia J./ FINCK Michele (2021) ‘‘Reviving Purpose Limitation and Data Minimisation in Data Driven Systems’’ Technology and Regulation.
• BINNS Reuben/ VEALE Michael (2021) ‘‘Is That Your Final Decision? Multi-Stage Profiling, Selective Effects, and Article 22 of the GDPR’’, International Data Privacy Law, Volume: 11 Issue: 4, 319-332.
• BOMMARITO Michael/ KATZ Daniel Martin (2022) ‘‘GPT Takes the Bar Exam’’.
• BRAUN AVCI, Cihan (2018) ''Kişisel Verilerin İşlenmesinde Rıza’’, YÜHFD, C.XV, 2018/1 s.13-33.
• BRKAN, Maja (2018) ‘‘Do Algorithms Rule the World? Algorithmic Decision Making in the Framework of the GDPR and Beyond’’, International Journal of Law DOI; 10.1093/ijlit/eay017, s.91-121.
• BÜYÜKSAĞİŞ, Erdem (2021) ‘‘Yapay Zekâ Karşısında Kişisel Verilerin Korunması ve Revizyon İhtiyacı’’, YÜHFD, C. XVIII, 2021/2, S.529-541.
• DOWLING, Michael – LUCEY, Brian, (2023) ‘‘ChatGPT for (Finance) Research: The Banarama Conjecture’’.
• FALLETTI, Elena (2020) ‘‘Automated Decisions and Article No.22 GDPR of the European Union: An Analysis of the Right to an Explanation’’.
• FERRETTI, Federico (2014) ‘‘Data Protection and the Legitimate Interest of Data Controllers: Much Ado Nothing or the Winter of Rights?’’, Common Market Law Review, Volume:51, Number:3, s.843-863.
• HALLINAN, Dara – BORGESIUS, Frederik Zuiderveen (2020) ‘‘Opinions can be incorrect (in our opinion) On Data Protection Law’s Accuracy Principle’’, International Data Privacy Law, DOI:10.1093/idpl/ipz025 .
• KAMINSKI, Margot (2019) ‘‘The Right to Explanation, Explained’’, Berkeley Technology Law Journal.
• KARAKOÇ KESKİN, Elif (2023) “Yapay Zeka Sohbet Robotu ChatGPT ve Türkiye İnternet Gündeminde Oluşturduğu Temalar”, DergiPark, s.114-131.
• YÜCEDAĞ, Nafiye (2019) ‘‘Kişisel Verilerin Korunması Kanunu Kapsamında Genel İlkeler’’, Kişisel Verileri Koruma Dergisi, Cilt: 1, Sayı: 1, s.47-63.
• ‘‘Digi v. Nemzeti’’, Case-77/21, 2022.
• ‘‘G.C. v. Others’’, Case-136/17, 2019.
• ‘‘İlgili Kişi Tarafından Alenileştirilen Kişisel Verinin Alenileştirme Amacı Dışında İşlenmesi’’ Hakkında Kurul’un 07.11.2019 Tarihli ve 2019/331 Sayılı Karar Özeti.
• ‘‘Norra Stockholm Bygg v. Per Nycander’’, C-268/21, 2023.
• ‘‘TK v. Asociatia de Proprietari bloc M5A-ScaraA’’, Case C-708/18.
• ‘‘Uber Drivers v. Uber B.V.’’, C/13/687315, Amsterdam District Court, 2021.
• COSTA, Monica Oliveira (2013) ‘‘Big Data, Open Data and Purpose Limitation: How Are They Linked?’’ < https://www.lexology.com/library/detail.aspx?g=ab2dd08f-3e32-4e31-8447-69b658b86399 > Erişim Tarihi: 03.03.2024.
• COUNCIL OF EUROPE: HANDBOOK on European Data Protection Law (2018), < https://fra.europa.eu/sites/default/files/fra_uploads/fra-coe-edps-2018-handbook-data-protection_en.pdf > Erişim Tarihi: 03.03.2024.
• DEMİRTAŞ, Ahmet (2023) ‘‘OpenAI-ChatGPT: Fikri Mülkiyet ve Veri Koruma Hukukunu Nasıl Sarsıyor?’’< https://solakpartners.com/openai-chatgpt/ >. Erişim Tarihi: 03.03.2024.
• GATES, Bill, ‘‘The Age of AI Has Begun’’ (2023) < https://www.gatesnotes.com/The-Age-of-AI-Has-Begun > Erişim Tarihi: 01.03.2024.
• HERT, Paul de - LAZCOZ Guillerme (2021) ‘‘Radical Rewiriting of Article 22 of the GDPR on Machine Decisions in the AI Era’’ < https://europeanlawblog.eu/2021/10/13/radical-rewriting-of-article-22-gdpr-on-machine-decisions-in-the-ai-era/ > Erişim Tarihi: 01.03.2024.
• KRAMCSAK, Pablo Trigo (2023) ‘‘Can Legitimate Interest be an Appropriate Lawful Basis for Processing Artificial Intelligence Training Dataset?’’, Computer Law & Security Review < https://www.sciencedirect.com/science/article/abs/pii/S026736492200108X?via%3Dihub > Erişim Tarihi: 01.03.2024
• OpenAI’s explanation to train ChatGPT < https://openai.com/blog/chatgpt > Erişim Tarihi: 01.03.2024
• OpenAI March 20 ChatGPT Outage: Here’s What Happened < https://openai.com/blog/march-20-chatgpt-outage > Erişim Tarihi: 01.03.2024
• OpenAI Data Controls FAQ < https://help.openai.com/en/articles/7730893-data-controls-faq > Erişim Tarihi: 01.03.2024
• PURTOVA, Nadezhda (2018) ‘‘The Law of Everything. Broad Concept of Personal Data and Future of EU Data Protection Law’’, Law, Innovation and Technology 10(1).