ChatGPT, a popular chatbot from OpenAI, has potential data privacy flaws that have not been properly addressed, cybersecurity experts at Surfshark have warned.
Italy has recently lifted a temporary ban on ChatGPT after the country’s privacy watchdog said that OpenAI had met its demands over unlawful data-collection practices.
Yet steps taken by the Microsoft-backed company are limited in scope and may continue to be in violation of privacy rights, according to Surfshark analysis.
The basis of the Italian ban was the use of personal data to train ChatGPT models without user consent. This is in violation of the EU’s data protection and privacy laws known as General Data Protection Regulation, or GDPR.
To address these concerns, OpenAI has provided users in the EU with an opt-out of their data being collected to train the AI model.
“However, the form is only available in the EU, and those who do not actively fill out the form can expect their data to remain on the platform,” Surfshark said.
Under GDPR rules, all users whose data may have been collected and used to train the chatbot had to be informed of the fact, which cybersecurity experts say was not done.
Since many people are unaware of it, they won’t request the opt-out form, “further amplifying the issue of potentially unlawful data collection,” according to Surfshark.
Lack of "effective" tools
ChatGPT is also “not in line with the principle of accuracy,” the analysts said, noting that it may falsely assert a person’s guilt or accuse them of crimes they have never been associated with.
In a recent example, OpenAI was issued a Cease and Desist letter over “defamatory” statements allegedly made about Alexander Hanff, a privacy advocate, whom the AI falsely claimed to be dead.
ChatGPT also lacks “effective” age verification tools, Surfshark said. In response to Italy’s ban, the platform now requires its users to be 13 years or older but that seems to be more of a formality rather than an enforced policy.
“Children can lie that they are adults and use the platform freely,” Surfshark said, adding that parental controls can be circumvented just as easily.
AI companies may have to do a better job to fall in line with EU laws. The 27-nation bloc is at the forefront of regulating the explosive technology, with a comprehensive set of laws, known as the AI Act, pushing its way forward in the European Parliament.
The European Data Protection Board, the EU’s privacy watchdog, has also created a task force to keep chatbots like ChatGPT in check.
Existing privacy rules and proposed AI regulation efforts could be some of the reasons Google has left the EU out from the latest expansion of its own chatbot, Bard.
Your email address will not be published. Required fields are markedmarked