#40 ¿What’s the best AI in the legal field? Easy: the one used by the leading firms…
Fausto knew it. You know it.
This note on Substack by Sergio Maldonado is a direct punch to the jaw.
1.- Every major law firm is interested in investing in technology so as not to fall behind. But at the same time, they must jealously guard the know-how of their valuable legal virtuosos: these structures have excellent professionals whose bright ideas are dispatched without additional friction to all their clients, with exponential benefits.
Problem: the one who buys technology is not usually the one in charge of protecting the know-how. And certainly, it’s never the virtuoso.
2.- All of us small firms are delighted with AI. And you already know, if you look like an early adopter, it’s exhausting: when it seemed like you had finished taking care of your clients, you have to take care of your own curiosisty and spend a couple more hours experimenting with each new iteration and big idea from BigTech.
But boy, does it pay off.
All the little legal early adopters have noticed something this year: in the last six months, frontier models have improved dramatically in legal matters. My “armchair expert” opinion, which doesn’t reach the technicalities and training and reasoning improvements, matches 100% with Sergio’s: those models have mercilessly digested the know-how of all those legal giants who have surrendered to the tentacles of ChatGPT, Gemini, Claude, or Harvey (also ChatGPT, if we believe certain things).
3.- As much of a fan as I am of the democratization of knowledge, my feelings here are mixed:
It’s obvious that BigTech trains with every sigh or mouse movement near their models. The massive theft that gave birth to this technology isn’t going to stop anytime soon.
And it’s a shame, because it seems like if they wanted, they could do it right. (If anyone can tell me about the IAPP session where the great Lokke Moerel explained the ins and outs of compliant LLM training, I’m all ears, thank you.)
It’s clear that the legal reasoning of frontier models reflects what the “middle class” says. In other words, the lowest common denominator of what they receive and ingest in their day-to-day. The market consensus.
This is already useful for any specialist when consulting fields outside their expertise. If the works of virtuosos are included in the LLM’s diet, the general average—and usefulness—will be much higher.
4.- As Sergio says, juniors—or rather, generalists—who tame LLMs will be able to fool the client, because to the layperson, a good-looking doc is hard to distinguish from an excellent one.
5.- Now imagine what an experienced little virtuoso (or, ahem, a former virtuoso) can do riding an LLM fed by all those orchestras that didn’t want to “fall behind” and have sold their DMS to the devil.
The world is ours to play and experiment, kids…
You are reading ZERO PARTY DATA. The newsletter about current affairs and tech law by Jorge García Herrero and Darío López Rincón.
In the spare time left by this newsletter, we like to solve tricky situations in personal data protection and artificial intelligence. If you have any of those, give us a wave. Or contact us by email at jgh(at)jorgegarciaherrero.com
Thank you for reading Zero Party Data! Sign up!
🗞️News from the DataWorld 🌍
A week really packed with important things already discussed on LinkedIn that you shouldn’t miss:
.- In a spectacular application (and about time) of the CJEU’s Lindenapotheken doctrine, a Madrid commercial court ordered Meta to pay 479 million euros to the Spanish digital press association.
Why? Meta was violating the GDPR and was sanctioned for it by the competent authorities (the Irish Authority, with the EDPB twisting its arm behind its back).
That breach (processing their users’ personal data without sufficient legal basis to bombard them with personalized ads) gave it a competitive advantage in the adtech market over the digital press, which has practically allowed it to split that market with Google.
In Lindenapotheken, the CJEU declared that competitors in a situation like this can report and take legal action for these violations (even if they are not the persons affected by the breach of their own data), and moreover—and this is what has happened here—they can demand civil compensation for these GDPR violations that are also breaches of competition law.
.- The FoloToy thing: the teddy bear with AI (powered by GPT 4.0) that, in testing and with little effort, dared (sorry, sorry) to “advise” its delicate owners on topics like sadomasochistic sex and where to find knives in their house.
.- AEPD fine of 4 million to XFERA MÓVILES for a security breach. The dynamic duo of 5.1.f) and 32 GDPR strikes again.
.- AENA fined more than 10 million (absolute record for the AEPD) for processing biometric data without the required impact assessment (after two attempts that were rejected by the AEPD).
.- Fine of 650,000 euros to the International University of Valencia for its proctoring tool Smowl (unlawful biometric processing due to a very sloppy justification of exception to the general prohibition of biometric processing for identification purposes).
(From the excellent blog of Simon Willison)
.- “50% of companies use AI on their workers” (and they do it badly). Because human supervision needs to be effective.
Supervisión Humana Efectiva: the M-AI-nority Report
Descubrí este framework de Tey Bannerman para aterrizar en la práctica ese tópico tan cuqui del “human in the loop” en herramientas de IA y me enamoré de él:
.- New Spanish legal data mess related to the LGTBI+ community, this time regarding compliance with gender parity in electoral lists.
.- The irony—in light of the Digital Omnibus now on the table—of the millions poured into promoting that nebulous “Digital Bill of Rights” printed on wet paper.
.- “They should have sent a poet”: A team of Italian researchers has bypassed the safeguards of 90% of LLMs (those that prevent them from answering how to enrich uranium to make atomic bombs or create persistent trojan viruses—two real challenges achieved in this research).
It’s been easier to fool the bigger models than the smaller ones.
How the hell did they do it? By asking the same thing, BUT IN VERSE.
The DEXAI lab researchers discovered that poetic structure operates as a “universal jailbreak operator.” By rephrasing harmful requests as verse, metaphor, and rhythm, the language model safeguards melt away like tears in rain.
The study shows that larger models are paradoxically more vulnerable: GPT-5-nano showed 0% vulnerability while Gemini-2.5-pro reached 100%. Interpretative sophistication seems to compromise adherence to safety directives. Filters optimized for direct prose lack robustness against narrative or stylized reformulations of identical intent.
📄High density docs for data junkies
.- Giancarlo Malgieri’s analysis of the Digital Omnibus, short and straight to the point.
.- The invaluable summary tables on specific aspects of the same Omnibus that our good friend Laszlo Pok is giving us: GDPR, incident notification, new for SMEs, AI Act. Don’t forget to check out his weekly newsletter: Datawlogy (it’s on our website among our recommended newsletters).
The right Christmas Gift for the closest data protection nerd
We recommended it last week, but the book has been published today in Spanish: Empire of AI could well be the book of the year. Not as academic as Zuboff’s work, nor as humanistic as “Privacy Is Power” by Carissa Veliz, nor as gossipy as “Careless people” Karen Hao’s book is comprehensive, rigorous, and ruthless. And we like that.
Remember, nobody here gets a penny or anything like that for our recommendations.
💀Death by Meme🤣
🤖NoRobots.txt o Lo de la IA
.- Interesting paper by Wenlong Li and Jingwu Zhao on the differences and possible integration and coherence between solutions on either side of the Atlantic regarding the intended suppression of data in LLMs: disgorgement in the USA and other things in the EU.
.- A hellishly interesting long read: the analogy of a wildfire being more appropriate than the bubble for what’s happening in the world of AI goes as far as it goes, but mainly the second half of the article hits where it hurts.
🙄 Da-Tadum basss
The cat must be Mike Oldfield’s, at least.
Si crees que esta newsletter puede gustar e incluso ser útil a alguien, reenvíasela.
Si echas de menos algun doc, comentario o chorradón que manifiestamente debería haber estado en el Zero Party Data de la semana, escríbenos o deja un comentario y lo valoraremos para la próxima.