Use ser­vices like Micro­soft Copi­lot and Azu­re AI in com­pli­ance with the law

With Micro­soft Copi­lot, Micro­soft is brin­ging advan­ced lan­guage under­stan­ding and gene­ra­ti­on capa­bi­li­ties to its appli­ca­ti­ons, which makes auto­ma­tic text sum­ma­ries, trans­la­ti­on and crea­ti­on pos­si­ble. Micro­soft Azu­re AI Ser­vices offer cus­to­mers a data­ba­se that they can use to access more than 1,600 AI models. The­se include LLMs such as GPT, but also spe­cia­li­sed models for pro­gramming and mathe­ma­tics as well as image, music and video gene­ra­ti­on. This pro­vi­des Micro­soft users with uni­ma­gi­ned bene­fits and a wide ran­ge of pos­si­bi­li­ties. At the same time, howe­ver, com­pa­nies also face legal chal­lenges that requi­re careful consideration.

Data pro­tec­tion requirements

The spe­cial thing about Micro­soft Copi­lot is that the LLMs used can gene­ra­te company-specific and context-related respon­ses by acces­sing the infor­ma­ti­on of the respec­ti­ve cus­to­mer in the Micro­soft cos­mos. As with the use of Micro­soft Azu­re AI Ser­vices, per­so­nal data can be pro­ces­sed in the pro­cess. Alt­hough Micro­soft con­trac­tual­ly assu­res in the Micro­soft Pro­ducts and Ser­vices Data Pro­tec­tion Adden­dum (DPA) that cus­to­mers retain full con­trol over their own data and that cus­to­mer data is not used for trai­ning pur­po­ses, com­pa­nies must imple­ment num­e­rous data pro­tec­tion requi­re­ments. This appli­es in par­ti­cu­lar to the fol­lo­wing points:

The indi­vi­du­al use of AI in com­pa­nies and the spe­ci­fic cir­cum­s­tances of the indi­vi­du­al case are decisi­ve for data protection-compliant use of AI.

Intellec­tu­al property

The rights to trai­ning data, prompts and out­puts are now not only a mat­ter for US courts, as in the dis­pu­te bet­ween the New York Times and Ope­nAI, but also for the courts in Ger­ma­ny. The AI Regu­la­ti­on  obli­ges AI pro­vi­ders to imple­ment copy­right com­pli­ance stra­te­gies and estab­lishes trans­pa­ren­cy obli­ga­ti­ons for the trai­ning of AI models. If copy­righ­ted con­tent is used to train AI sys­tems and traces of it are found in the out­put, the­re is a risk of legal dis­pu­tes. In addi­ti­on, the out­puts of AI appli­ca­ti­ons such as Micro­soft Copi­lot are not auto­ma­ti­cal­ly pro­tec­ted by copy­right under cur­rent law. Stra­te­gies to pro­tect intellec­tu­al pro­per­ty and trade secrets when using AI are the­r­e­fo­re essen­ti­al for companies.

Rea­li­sa­ti­on in practice

Com­pa­nies should not be deter­red by the exis­ting legal chal­lenges and should not pre­ma­tu­re­ly reject the use of Micro­soft Copi­lot or Azu­re AI Ser­vices. Ins­tead, anyo­ne wis­hing to uti­li­se AI appli­ca­ti­ons from Micro­soft should take a clo­se look at the deploy­ment sce­na­rio and assess pos­si­ble risks as part of an AI stra­tegy. In order to con­sider and imple­ment data pro­tec­tion requi­re­ments, it is advi­sa­ble to car­ry out a data pro­tec­tion impact assess­ment (DPIA), which is even requi­red by law in the case of high risks. To pro­tect their intellec­tu­al pro­per­ty, com­pa­nies should check on a case-by-case basis whe­ther copy­right pro­tec­tion exists and docu­ment the use of AI, the prompts used and the edits made. Usu­s­al­ly, a case-by-case exami­na­ti­on can ensu­re the legal­ly com­pli­ant use of Micro­sof­t’s AI applications.

Down­loads

reuschlaw Onepager Data protection impact assessments

reusch­law One­pager Data pro­tec­tion impact assessments

reuschlaw Onepager Microsoft 365

reusch­law One­pager Micro­soft 365

reuschlaw Onepager AI Regulation

reusch­law One­pager AI Regulation

back

Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.