News

Artificial Intelligence (AI): What laws apply?

The use of AI is developing fast. Before your business embarks into the world of AI, how do you know you won't fall foul of the law? We look at the regulations.

Male and Female grey model robots sat back to back with laptop and tablet indicating artificial intelligence (AI).

Most people will have read about Tesla’s automated cars or experienced online chatbots stepping-in to field customer service queries. The use of artificial intelligence (AI) is on the rise and software is being developed at a fast pace to automate many human functions. Perhaps you’ve had a play around with ChatGPT or other text/image/video generators out there.  Have you created your own Andy Warhol version of your face yet?  Maybe you want to get some AI input into creating your marketing content?

Well… before your business embarks into the world of AI there are some things you need to check and consider.  As existing legislation was not drafted with AI in mind, it’s a murky world at the moment, and one that will inevitably see an increase in intellectual property and data protection infringement claims over the next few years.  For now, you are best equipping yourself with some knowledge and using AI with caution.

What laws and regulations apply?

At the moment, the AI industry is not being specifically regulated (as such).  In 2021, in its UK National AI Strategy paper, the UK government set out some proposals for how the UK will be investing, planning, supporting and governing the use of AI technology over the next ten years.  Following on from this, the UK government published a white paper in July 2022 which set out some proposals for the regulation of AI and an action plan setting out the government’s implementation plans for their earlier paper.

Without any specific AI legislation in place, you need to consider existing intellectual property and data protection laws when using AI technology (especially when you are using it within a business context).  The law of copyright (contained in the CDPA 1988) will be most relevant and if you are using any personal data when inputting information into AI technology then compliance with the GDPR will be crucial.

Discussions and consultations on how to legislate are taking place.  The Intellectual Property Office (IPO) has consulted on whether any changes are needed to the laws of ownership and infringements when considering copyright.  The IPO received multiple responses to their consultation, and they are now considering the options.  Some of these include potentially scrapping protection for computer-generated works outright, perhaps reducing the scope or duration of copyright protection and maybe improving the licensing environment for text and data mining (which is what happens when content/data is input into an AI platform) or even extending copyright exceptions for text and data mining.

Equally, the Information Commissioner Office (ICO) is hotly exploring the world of AI in relation to the use of personal data.  Last November they issued some guidance on how to use AI with personal data and tips to stay compliant with the laws.  It seems that there are no plans to reform data protection legislation, so for now, GDPR compliance is still key.

What do I need to consider when using AI technology to create new content?

Check the T&Cs of the AI provider Carefully read the software provider’s T&Cs.  Annoyingly, they all differ!  AI providers seem to take a different stance on IP ownership and liability.  As the owner of the software and the copyright in the coding, you need to make sure you have the necessary rights/permissions to use the AI software.  You also need to check that you are able to use the output for the reasons you require and that there are no restrictions that will affect your use.  For example, if you are using AI to create some marketing text, make sure you are allowed to use that output for your business purposes.

Check the input materials Have you got all the necessary rights to the data you want to input into the AI platform?  Is the text / image under copyright protection?  Are there any exemptions that apply (for example, is it for personal use or for training/research)?  Are you intending to use the output for commercial gain? To reduce your legal risk, you need to check you are not infringing someone else’s copyright and won’t be in breach of any licence provisions.

Who is going to own the output?  Check the T&Cs of the AI provider.  Their IP clause should state explicitly what the position is.  Will they retain ownership and grant you a licence (so simply a permission to use for a certain purpose) or will you be the actual owner of the content, and therefore free to use it as you wish?  Even if you do own the output, you need to be wary, as you can never be sure where the AI platform have scrapped all the data from.  You could end up breaching someone’s IP.

There is debate whether an AI provider’s claim that the IP in the output should belong to them will actually hold up.  Under UK copyright laws, and for works generated by a computer, the position is that the owner of a work will be ‘the person by whom the arrangements necessary for the creation of the work are undertaken’.  But what does this actually mean?  Could this be interpreted as the organisation behind the creation of the AI software?  Perhaps the actual end user of the AI software?  Or maybe even the original artist of the work that is being input into the AI software by the end-user?  It is vague, and due to this being a new area (and currently un-tested in the legal courts) it is uncertain as to who the copyright owner would be.  Some say that the courts may look to see the amount of human effort that has gone into creating the output and the extent of the creativity used by the human (as exposed to the algorithms that run in the background).  We will  have to wait and see how the legal position unfolds in the English courts, when claims start trickling through on copyright ownership and infringement in relation to the use of AI platforms.

Can the AI platform use my input?

Again, you need to check the T&Cs of the AI platform to find out the answer.  It seems most require you to give them permission to re-use your input.  So think carefully – do you really want the AI to ‘learn’ from your content and ‘re-use’ it?  Potentially with multiple end-users?  This is especially important if the content you are inputting isn’t actually your own original work.  You could be committing copyright infringement.  Also, are you comfortable with your work being potentially used by others (from the data mining that occurs in the background)?  It may get re-used and then you have infringement cases to fight – which might be tricky if the AI platform’s T&Cs don’t give you ownership.  Can you see how murky it all is?!

What about data protection?

The world of AI doesn’t escape the requirements and obligations imposed by the GDPR.  Are you intending to use facial recognition for example?  That’s personal data.  Also, there was a recent case in the world of AI involving a Hungarian bank, which resulted in a data breach fine for processing (via AI voice analysis) customers’ emotions – also considered personal data.

The key message is to do your due diligence before using personal data in AI.  If you are inputting any personal data then you need to make sure you have a lawful ground for processing the data in that way, and check what the AI platforms are actually doing with the data.  You may need to update your privacy policy and obtain consents from the data subject(s).  You might even need to carry out a Data Protection Impact Assessment.  If unsure, check in with the ICO (they have lots of guidance) or reach out to us.

So what can you do to best protect your business now?

Whilst waiting for both legislation and guidance from the government and for legal cases to unravel the ambiguity, you should implement the following steps:

  1. Always read the AI software provider’s T&Cs and don’t breach them.
  2. Make sure anything you input into an AI platform is your own original work. If not, make sure you have permissions from the copyright owner to use their content in this way.
  3. Check if the AI platform can re-use your input material. If so, are you ok with this?  If using other people’s copyright in your input, again you need to consider whether you have their permission to use their content in this way.
  4. Will you be inputting personal data into the AI platform to create your content? If so, make sure you are GDPR compliant.
  5. Be wary of how you use AI-created content: do you actually own it? Can you use it for your intended purposes?  Are there any limitations / restrictions on use?

What’s the future?

It seems that with such a new and fast evolving industry we need to sit back and wait and see how it all pans out.  Some people are concerned with the ethics behind the use of AI – is the mining of all this data by the AI companies even fair?  Should there be some kind of licensing system in place to compensate the copyright owners whose work is being churned through these systems?  Is this perhaps the new Napster (do you remember all the music piracy before the likes of Spotify came along)?  Is the scale of a licensing system too large and impractical to actually licence anyway?  Maybe the government will take a lenient approach and welcome the use of AI as a way to innovate and progress.  The trouble is, it is way too early to know how these questions are going to be answered.  But by knowing these questions exist and the potential issues with using AI, you will at least be helping to reduce your legal risk.

The best advice is to keep up to date with developments, avoid using others’ content and think twice before inputting data you would rather not be used, again and again, by the AI world! If you aren’t sure – it is always best to check. Our dedicated commercial team will be happy to help, with the most up-to-date advice.

This article was written by Clare Veal

Please note the contents contained in this article are for general guidance only and reflection the position at time of posting. Legal advice should be sought before taking action in relation to specific matters.

More Articles

Epsom Property Business Network Lunch

We were delighted to share networking opportunities and lunch at the May gathering...

Written by Rebecca Cox

How will the court deal with business assets on divorce?

When considering finances on a divorce, particular attention should be given to the...

Loss of mental capacity: what is a deputy?

There is a lot of information in the media about the importance of...

Written by Katherine Carroll

Find out how we can help you

GET IN TOUCH

© Peacock & Co 2024. All Rights Reserved.

Peacock & Co is authorised and regulated by the Solicitors Regulation Authority.