Generative Artificial Intelligence

Guidance for staff and students on the processing of personal data using Generative Artificial Intelligence (such as ChatGPT)

Generative Artificial Intelligence stores and learns from data inputted, however AI systems are required by data protection law to process personal data fairly and lawfully. It is not currently always possible to delete data from an LLM neural net. Therefore these systems may not be complaint with relevant law like the UK GDPR and the Data Protection Act.

To ensure the privacy of individuals, personal and sensitive data should not be entered into generative AI tools. Any data entered should not be personally identifiable and would be considered released to the internet.

If staff and students nevertheless decide to introduce new AI systems and tools for processing personal information, then they must undertake a Data Protection Impact Assessment (DPIA) to determine the privacy risks and if those can be mitigated. They must consider if there are less risky alternatives that can achieve the same purpose, and must adequately justify their decision not to choose them.

For further information, please see the University of Edinburgh's guidance and advice on the use of Artificial Intelligence.

AI Guidance for Staff and Students | The University of Edinburgh