Skip to main content
Service Pages

Search

Dansk
Menu

Guidelines concerning security, copyright, and more when using generative AI (subject to change)

SDU is working to establish the guidelines for the use of AI systems. For now, the systems should be used within the framework of the guidelines already adopted at SDU. This page serves as a preliminary guide to using the systems based on the current guidelines. The page will be updated as work at SDU progresses.

Digital tools, services, and assistive utilities based on generative AI, such as ChatGPT or Midjourney, can be a valuable resource for employees at SDU. However, when using generative AI, there are several considerations you should be aware of.

What is Generative AI?

Generative AI is a collective term for artificial intelligences that can create and generate new content. One characteristic of generative AI is that it often requires interaction or input from the user. This input can range from a question to a natural language command. This is known as a prompt. The generative AI uses this input to generate a response or a solution.

Using Generative AI

Below, you can find some considerations to keep in mind when using generative AI. Your imagination is the only limit. Be critical of the quality of the responses and, most importantly, be aware of the upcoming guidelines for the use of generative AI.

 

Elaborate and provide context in your prompt. By contributing more context and background information, you will receive better responses. Depending on the settings, the generative AI may remember your previous inputs in a conversation, thus understanding the context surrounding the input you provide.

Use generative AI as a tool but remember that you are the expert, and approach the responses you receive critically.

The generative AI can be used for planning, invitations, summaries, Excel, information retrieval, and more. Some services are more suitable for information retrieval than others, for example, Microsoft Bing, which can also provide online sources for its knowledge. ChatGPT is better at generating new text, but it cannot provide sources. If you ask it for sources, it may even create sources based on its understanding of how source citations typically appear.
Guidelines

Most generative AI solutions are built so that your input is delivered “out of SDU” when you use them. This means that the provider of the solution can use data, and that we risk that they are read by others. Data can be used to train the model, or can be read by the provider’s employees. Even if the provider promises not to, SDU does not always have the ability to control it.

 

If the AI system is assessed generally at SDU, you should follow the limitations outlined in the SDU-assessment (you can read more here). If not, it is possible to use the system locally (see more below).

Many generative AI systems are operated by entities other than SDU. In these cases, you typically may not use personal data in your inputs, and you should be aware of the types of information you input:

If the information is publicly available or intended for publication (e.g., text for sdu.dk), you are allowed to use it as input.

If the information is internal SDU information (e.g., regular meeting minutes without closed points or personal names), you should assess whether it is justifiable to use them as input. You need to consider whether there may be a risk in relation to the AI service you are using and the specific information you are sharing. There will be many situations where it is not a problem, but be aware that there may be a risk of the information being shared with unauthorized individuals.

If the information is confidential (e.g., closed meeting points, information subject to confidentiality agreements, information about patentable inventions, or similar), it must never be used as input in AI solutions that are not explicitly approved for it.

Be aware of license terms. Even free solutions have requirements they impose as a condition of use. For example, ChatGPT's license terms specify that responses from ChatGPT may not be used for direct decisions that may have legal consequences for individuals. Likewise, if the text is used in a user-facing context, it must be declared that it was written with the assistance of AI.
Be aware that you may only provide inputs to a generative AI service that you have the right to disclose. In other words, you must not upload images, text, or code that infringes on third-party copyrights.
Never use personal data as input in generative AI, unless the AI-system is specifically approved for it. Personal data is information about an individual that either identifies the person, can be identified from the information, or can be identified by matching the information one has about the individual with other available information.

Approval of AI Services
The Committee for Information Security and Data Protection at SDU (UID) has approved new guidelines for security approval of IT systems in IT acquisitions. The guideline is currently being implemented. According to the guideline, central systems procured and licensed by SDU IT, including systems expected to be used by SDU students, must receive central approval from SDU IT and possibly SDU RIO if the system involves the processing of personal data.

If you intend to use generative AI for teaching, you must ensure that the system/service (e.g., ChatGPT) is centrally approved. If the service is not centrally approved, instructors cannot require students to use it as part of the curriculum, where students have to sign up for the service. However, it does not prevent instructors from using the services and their output in teaching as long as the aforementioned rules about input are followed.
Systems/services that the department wishes to use for limited research projects or other local purposes that are not directed towards students or involve student data are referred to as local systems/services. These can be implemented locally if the individual faculty or staff member and their management take responsibility for the lawful use of the system. This also applies to the use of generative AI. Specifically, it means that the concerned faculty or staff member must be able to assess whether the security of the service is adequate for the input they intend to provide to the service. Additionally, the aforementioned principles regarding the handling of personal data, copyright, and license terms must also be followed. This applies even when the faculty or staff member is using a service as a private individual in relation to SDU's data.
If you need further information, you should initially reach out to your local GDPR and information security coordinator. You are also welcome to contact the Helpdesk or SDU Digital Compliance at sdu-digital-compliance@sdu.dk.

 

 

Last Updated 28.11.2023