The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new, next-generation OpenAI large language model. While these tools have demonstrated that generative AI has tremendous operational and business potential, a constellation of privacy and data security risks arising from their use have become visible. In this two-part guest article series, Ballard Spahr attorneys explore these issues. This first article covers AI collection and use requirements under U.S. and E.U. privacy laws and regulations. Part two will address product liability, healthcare and employment risks, issues under wiretapping laws, and practical compliance measures. See our two-part series on the practicalities of AI governance: “Tips From a Chat Platform on Building a Program,” (Feb. 1, 2023), and “Core Compliance Strategies” (Feb. 23, 2023).