The Case for Self-Hosting Code-Generation Tools in Enterprises
Data privacy remains a paramount concern for enterprises, especially in the context of adopting generative AI (GenAI) technologies for enhancing efficiency and reducing “time to market” in the product development process.
The recent decision by Samsung to ban the use of ChatGPT and other generative AI tools by its staff [1], citing data privacy concerns, underscores the importance of this issue. This move has led to increased discussions among enterprises about the feasibility and desirability of self-hosting code-generation tools as a way to mitigate these concerns.
Self-hosting code-gen tools offers enterprises a way to leverage the power of GenAI while maintaining control over their data. This approach can help mitigate risks associated with data privacy and compliance, particularly for organizations operating in jurisdictions with strict data protection laws.
A significant hurdle in the adoption of GenAI tools like OpenAI’s offerings is the apprehension regarding data privacy and compliance, especially in light of regulations such as the General Data Protection Regulation (GDPR). Despite assurances and clarifications from OpenAI regarding their data usage policy, concerns persist among key decision-makers in enterprises.
According to OpenAI’s data usage policy: [2]
- OpenAI will not use data submitted by customers via our API to train or improve our models.
- Any data sent through the API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted.
- The OpenAI API is only available over Transport Layer Security (TLS), and therefore customer-to-OpenAI requests and responses are encrypted.
Despite these measures, the lingering doubt about GDPR compliance remains a barrier for some enterprises.