Generativ AI
Guidelines for the use of generative AI
SDU is working on clarifying the framework for the use of AI systems. For now, the systems should be used within the guidelines already adopted at SDU. This page is a preliminary guide to the use of the systems, as the guidelines currently stand. The page will be updated as work continues at SDU.
Digital tools, services, and utilities based on generative AI, e.g., ChatGPT or Midjourney, can be a valuable resource to use as an employee at SDU. However, when using generative AI, there are a number of factors you need to be aware of.
What is generative AI?
Generative AI is a collective term for artificial intelligences that can create and generate new content. A characteristic of generative AI is that it often requires interaction or 'input' from the user. This could be anything from a question to a command in a natural language. This is called a prompt. The generative AI uses this input to generate a response or a solution.
Use of generative AI
Considerations in relation to the use of generative AI
- Good use of generative AI: Use the generative AI as a support tool, but remember that you are the expert and be critical of the answers you receive.
- Get more qualified answers: Elaborate and provide context in your prompt. By contributing more context and background knowledge, you get better answers. Depending on the setting, the generative AI remembers your previous inputs in a conversation and therefore understands the context around, the input you give.
- What can I use generative AI for?: The generative AI can be used for planning, invitations, summaries, excel, information retrieval, etc. Some services are more geared towards information retrieval than others e.g., Microsoft Bing, which can also give you online sources for its knowledge. ChatGPT is better at creating new text, but it cannot cite sources, and if you ask it for sources, it is possible that it makes up sources based on knowledge of what source citations often look like.
Only your imagination sets the limits. Be critical of the quality of the answers and, not least, be aware of SDU’s guidelines when using generative AI.
Guidelines
Personal data and business data
AI is trained with input. Therefore, you are helping to train, for example, Google's image recognition software when you indicate that you are not a robot by identifying all cars. Similarly, the producer of the generative AI service often has the right to use your input to train the software - especially when the software is provided free of charge.
Personal data: Never use personal data as input in generative AI. Personal data are information about a person, if they say something about the person who is either identified, can be identified from the information, or can be identified by comparing the information you have about the person against other available information.
Business data: If you want to use other SDU information (without personal data) as input in generative AI, you should be aware of the type of information:
If the information is published or to be published (e.g., text for sdu.dk), you may use it as input.
If the information is internal SDU information (e.g., ordinary meeting minutes without closed items or person names), you should consider whether it is safe to use them as input. You should consider whether there might be a risk in relation to the AI service you use and the specific information you share. There will be many situations where this is not a problem, but be aware that there may be a risk of the information being shared with unauthorized persons.
If the information is confidential (e.g., Closed meeting items, information subject to confidentiality agreements, information about patentable inventions or the like) must never be used as input in AI solutions that are not explicitly approved for it.
Copyright: Be aware that you can only provide inputs to a generative AI service, which you have the right to disclose. I.e., you must not upload images, text, or code that infringes third party copyrights.
License terms: Be aware of license terms. Even the free solutions have requirements that they set as a condition for use. E.g., it is stated in ChatGPT's license terms that answers from ChatGPT must not be used for direct decisions that can have legal effect for physical persons. Similarly, you must declare that the text is written using AI if it is used user-oriented.
Approval of AI services
The Committee for Information Security and Data Protection at SDU (UID) has approved new guidelines for security approval of IT systems in IT procurements. The guideline is under implementation. According to the guideline, central systems that are purchased and license-controlled by SDU IT, including systems that students at SDU are expected to use, must be centrally approved by SDU IT and possibly SDU RIO, if personal data is processed in the system.
If you are considering using generative AI for teaching, you should therefore ensure that the system/service (e.g., ChatGPT) is centrally approved. If the service is not centrally approved, the teacher cannot require the students to use it as part of the teaching, where they must sign up for the service. However, this does not prevent teachers from using the services and their output in teaching if the aforementioned rules about input are complied with.
Systems/services, which the department wishes to use for delimited research projects or other local purposes that are not aimed at students or handle student information, are called local systems/services. These can be used locally, provided that the individual VIP/TAP and their management themselves guarantee the lawful use of the system. This also applies to the use of generative AI. In practical terms, this means that the relevant VIP/TAP must be able to assess whether the security in the service is commensurate with the input you intend to feed the service with. In addition, the principles in relation to the processing of personal data, copyright and license terms must of course also be complied with. This also applies in relation to SDU's data, if the relevant VIP/TAP uses a service as a personal tool.
If you need further information, you should initially contact your local GDPR and information security coordinator. You are also welcome to contact the Helpdesk or SDU Digital Compliance at sdu-digital-compliance@sdu.dk.