Ethical Commerce AllianceMenu icon
ABOUT US
Our mission
RESOURCES
Education
MEMBERSHIP
Contact US
BACK TO BLOG
SHARE THIS
PrivateLLM: Empathy.ai Case Study
by
Daniela Maldonado
ECA Community Builder

In the past years, particularly in this industry, the concept of an LLM has become increasingly more relevant. A Large Language Model, as I'm sure you know, is an AI system designed to understand and generate human language. LLMs are trained on vast amounts of data.

Commonly, when something “new” becomes increasingly popular in our society, it tends to be followed by ethical considerations. We have seen this a lot in the field of technology, and perhaps one could say that the ethical considerations should come before the new technology,not the other way around. Still, the fact that “ethical” is a consideration within technology is quite an advance in our society. Maybe one day ethics will be the a priori, and this would make us ecstatic at the ECA!

… So, LLMs eventually raised concerns, some of which include privacy issues related to the personal data used during LLM training, potential bias within the training data, and the possibility of LLMs generating misinformation, followed by the question: Who is accountable? Due to the complexities within their inner workings, other issues relate to  worries around the intellectual property of the training data material.

However, generally, when we talk about LLMs, we are referring to Public Large Language Models (Public LLMs), which is not the same as Private Large Language Models (Private LLMs). The shift toward PrivareLLMs represents a conscious effort to address many of the ethical issues associated with LLMs being public.

Today, we will address the theoretical frameworks of ethical considerations regarding LLMs with the empirical example of empathy.ai by empathy.co, our founding partner. Empathy.ai leverages PrivateLLMs to enhance user experience while ensuring data privacy, in the field of e-commerce. Their approach integrates ethical considerations  in the very design of the AI system, ethics a priori. 😉

What is a PrivateLLM?

While a PublicLLM is built on digital text from every corner of the internet, PrivateLLMs guarantee that entrusted information is contained in secure repositories by operating within the boundaries of a specific organisation. These boundaries may include use cases like privacy, legal compliance issues, or niche applications. When operating in a secure environment, some of the ethical risks of LLMs are significantly reduced. For example, third-party access is reduced, and the LLM can be integrated smoothly with an organization’s  existing systems.

PrivateLLMs are also more sustainable, since they operate within boundaries, and not built on all the available data, they require less energy.

Moreover, to safeguard privacy within LLMs, these strategies have been developed:

  • Federate Learning implies the training of models across multiple decentralized services without data sharing, ensuring that data remains private and secure in local services, and minimizing risks of breaches during model training.
  • Homomorphic Encryption is a cutting-edge encryption method that allows data to be processed in its encrypted form. This allows for sensitive information to be encrypted as private while allowing for computational operations. Still, homomorphic encryption is what we might call an a posteriori ethical consideration, not by design.
  • Local deployment of LLMs is the opting for on-premises deployment of Large Language Models in an organization’s secure infrastructure. This ensures control over data and the model and reduces risks since there is no external access to the data.

Empathy.ai

Following the theory of PrivateLLMs and how they address the ethical considerations mentioned above, we will use empathy.ai as an example of a Large Language Model that is ethical in its design. We will also present how empathy.ai aligns with the GDPR (General Data Protection Regulation).

We presented before three theoretical strategies developed to safeguard privacy within PrivateLLMs which empathy.ai addresses:

Empathy.ai is built on its own self-hosted, self-operated GPU (Graphics Processing Unit) infrastructure, free from commercial clouds. This means that empathy.ai complies both strategies: federate learning, by having a decentralized service that allows for data to remain private and local, and exemplifies a local deployment of LLMs, LLMs being deployed within the organization’s own infrastructure, having control over their data, improving accuracy, and reducing misinformation. Moreover, empathy.ai doesn’t require homomorphic encryption because it puts privacy a priori, meaning that it directly does not process sensitive data or personal information, so there is no need for an a posteriori ethical consideration ;)

To obtain better technical responses in the study, we asked two empathy.ai engineers to answer a series of questions which came to mind while researching about LLMs.

How is empathy.ai ethical in its design? How does it structurally tackle the challenges of Private LLMs?  

Empathy.ai applies certain approaches in its structure for data privacy and security:

Firstly, it has a controlled deployment, as empathy.ai is a PrivateLLM, its core structure involves its deployment within a secure environment controlled by Empathy, either on-premise (the self hosted GPU cluster) or in a private cloud. Therefore, structurally, data exposure is limited to third parties.

Secondly, empathy.ai uses Retrieval-Augmented Generation (RAG), an architectural pattern that decouples sensitive knowledge from the core model. Private data is stored in an external, secure vector database, and only relevant fragments are provided to the LLM as runtime context, rather than being integrated into the model’s weights. For data protection mechanisms, the PrivateLLM, integrates security layers in its structure. These include encryption in transit (TLS) and at rest (AES-256), anonymization or masking of training data, prompts, and responses, along with strict access controls (RBAC, MFA).

Empathy.ai also uses specialised hardware to create isolated execution environments, Trusted Execution Environments (TEE), that protect data and the model, even from the host operating system, during processing. Lastly, it uses structural layers, guardrails, and filtering to validate inputs, prevent prompt injection, and filter outputs, to remove PII or toxic content.

Empathy.ai also approaches computational requirements and costs:

Empathy.ai uses efficient architectures and Parameter-Efficient-Fine-Tuning (PEFT),. A smaller model is favored to reduce resource usage, and techniques like LoRa (Low-Rank Adaptation) enable the adaptation of pre-trained models by modifying only a small fraction of parameters. This reduces the computational cost of fine-tuning.

Other techniques used by empathy.ai are model compression, structural methods such as quantization, distillation and pruning are applied to reduce model size and inference load.

Moreover, the use of RAG eliminates the need for costly full retraining to update the model’s knowledge, offering a more cost-efficient alternative.

To address issues related to performance and reliability, RAG is also used to provide relevant and up-to-date context from trusted sources. This helps reduce hallucinations (when an AI system produces false or misleading outputs) and grounds the LLM’s answers. Empathy.ai also employs speculative decoding, specialized hardware, and optimized libraries that improve latency and performance. Again, for performance, continuous monitoring systems help detect issues like performance degradation or model drift.

Lastly, empathy.ai also applies techniques in its structure for deployment and management complexity. These include containerization and orchestration (Docker and Kubernetes), managed platforms (such as AWS SageMaker, Azure ML, NVIDIA NeMO, or Databricks), and integration patterns (API Gateways, SKDs).

These approaches show that empathy.ai implements a structural approach to target possible challenges, showing that these involve making deliberate choices about model architecture, deployment environment, data security layers, and integration patterns to  mitigate risks and optimize the operation of PrivateLLMS within empathy.ai’s constraints and priorities.

How does empathy.ai align with the EU AI Act requirements or GDPR compliance?

Empathy.ai is committed to protecting personal data and strictly adhering to the General Data Protection Regulation, their systems are designed based on the following principles:

  • Data minimization: by only collecting  and processing personal data that is strictly necessary to fulfill clearly defined and legitimate purposes.
  • Purpose limitation: Data is used exclusively for the specific, explicit, and legitimate purposes communicated to users, with no unauthorized repurposing.
  • Transparency: providing clear and accessible information about what data is collected, for what purposes, how it is used, and what rights users have regarding their information.
  • Accuracy and updates: keeping personal data accurate and up to date, and implementing measures to ensure data integrity. Users can request corrections to inaccurate information at any time.
  • Storage limitation: Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, after which it is deleted or anonymized.

How is Empathy.ai aligned with the values of the Ethical Commerce Alliance?

To finish, we asked a very important question to empathy.ai’s engineers. At the ECA, we maintain the importance of always putting ethics at the core, so we wanted to know how this PrivateLLM technology aligns with our values.

Our mission is to leverage technology responsibly, which is why we support technologies like empathy.ai that prioritize:

Privacy, at the core, making technologies where data protection and user privacy is embedded into the development and operation of AI systems by communicating users about the processed and stored data and always asking for customer consent; minimizing collected information in compliance with regulation and prioritizing device storage over cloud storage, so consumers have full control over their data.

Customer centricity, enabling individuals to transparently select what data they wish to share to AI-powered services, ensuring that personalisation is always underpinned by explicit consent and user control.

Empathy.ai’s innovative approach to leveraging PrivateLLMs in e-commerce demonstrates a clear commitment to ethical AI practices. By prioritizing data privacy, security, and transparency, Empathy.ai not only aligns with GDPR and the values of the Ethical Commerce Alliance but also sets a new standard for responsible AI development. As LLMs continue to evolve, Empathy.ai's example highlights the importance of integrating ethical considerations into the very design of AI systems, paving the way for a future where technology empowers businesses and consumers alike while upholding fundamental rights and values.

This study benefited from the expertise of two empathy.ai engineers, Oscar Huarte Andrés Doncel Ramírez , who provided detailed insights into the company’s empirical adherence to ethical frameworks for PrivateLLMs.

Gallery