Artificial Intelligence
DTI's AI Transfer Principles
- Users should be able, at their request, to download personal data from AI services, and to request the direct transfer of personal data between AI services. This data should be in a structured, machine-readable, well-documented format.
- User-directed portability should focus on personal data, and should not extend to training data, model weights, or other elements of AI services not specifically related to the user initiating data transfer; however, personal data used to customize the actions of the AI service should be included as within scope.
- Data portability tools and interfaces should adhere to an open, interoperable technical specification to allow users to easily transfer personal data directly between AI services on a reciprocal basis.
- AI services, including generative services, AI agents, and tools, should communicate with other services through open protocols and should not impose unduly restrictive terms on data interfaces to ensure that users have their choice of products or services.
- Where data is transferred directly between service providers at a user’s request, all parties should employ reasonable, well-documented frameworks and practices for security vetting of the other party to the transfer, including organizational policies regarding data privacy, data security, end user transparency, and authentication of transfer parties and end users.