The rise of publicly accessible AI chatbots like ChatGPT raises privacy concerns that businesses and regulators are just beginning to grasp.
These AI tools are trained on large amounts of publicly accessible data, but often also learn from information fed by users. This may include personal medical or financial data, or proprietary business information, which may be incorporated into the bot’s responses to other users. While the U.S. lags behind in regulating both privacy and AI issues, countries with stricter technology rules are just beginning to address the privacy risks surrounding chatbots and image generators.
On Friday, Japan warned ChatGPT creator OpenAI against collecting people’s personal information for machine learning. This country is her third largest market for bots. Italy banned ChatGPT in April, citing data privacy concerns, but allowed the product to be reinstated a month later. Countries such as France, Canada and Germany are also investigating data privacy concerns about his ChatGPT, and the European Union is formulating major regulations on artificial intelligence.
Industry is also vigilant. Companies like Apple, Northrop Grumman, Goldman Sachs, Samsung, and Verizon have banned or restricted employees from using his ChatGPT and generative AI for business purposes. Some companies also warn employees against putting confidential or proprietary information into these systems.
“Every interaction with data can inform models in ways that people don’t actually expect or understand,” said Justin Bruckman, head of technology policy at consumer advocacy group Consumer Reports. And there is a possibility that the data will be used secondarily.” “At the moment, if you play around with it, you can feed it all sorts of information, but you have absolutely no idea how it’s going to be reused.”
How AI chatbots use data
AI products are trained on the vast amount of data that exists online. Companies “scrape” the web or use automated systems to collect information from numerous websites to develop these applications, much of which can be personal. there is. AI systems continue to learn from the information you enter. Asking one of these bots for a more detailed follow-up response will help educate them on how to respond in the future.
However, many users are concerned about how the information they provide to chatbots in queries and other interactions (which may provide details about a person’s mental state, financial information, trade secrets, etc.) will be used. don’t know. Some people use ChatGPT to write humorous haiku, while others make it personal beyond mere entertainment. Financial data for budgeting. Recently, an attorney in a federal court case filed a dossier written entirely by his ChatGPT citing a non-existent lawsuit, and a Samsung employee uploaded a “confidential code” into the system.
“People should care because [things like] Personally identifiable information such as social security number or creditor information – if you paste it [into a chatbot] You never know where it will end up,” said Wayne Chang, founder of LLM Shield. LLM Shield develops software designed to prevent sensitive information from being unintentionally shared or leaked into large language models like ChatGPT. “I don’t know how this will be used against me.”
Chang said the Samsung incident has made it clear to many companies that the risks of ChatGPT may outweigh the rewards of corporate use.
Even standard contracts can leak detailed information about your company to AI tools, which can then become part of your training dataset.
“People can ask ChatGPT to read this contract and help them find where they are weak and where they need to be more protected, but they can ask that question and It’s a simple act of sticking a contract, yes, and if there is a leak, they are literally giving a third party a term of secrecy,” Chan said.
clashes with regulators
Privacy concerns surface most clearly in the EU. The EU’s General Data Protection Regulation (GDPR) is one of the strongest legal privacy frameworks in the world. The bloc is also working on a set of laws specifically to regulate AI.
The recent brief suspension of ChatGPT in Italy shows how unprepared AI companies are to tackle the privacy implications of their products. Italy took action in late March, citing OpenAI’s failure to inform users about its data collection practices and failing to meet various legal justifications for processing personal data. The regulator also said OpenAI allows children under the age of 13 to access ChatGPT, which violates EU rules banning children’s data collection.
OpenAI responded by adding a measure that allows users to delete their chat history, but the company plans to keep chat history for 30 days to deal with abuse cases. We also added new information to our website detailing how we use your data to train ChatGPT, and added the option for EU users to opt out of having their data used for training.
Since there is no national privacy law in the United States, we assume that such data is public and may be fair game. In the EU, people are required to consent to their data such as their name and email address being used, something AI companies are not doing.
“Web scraping, the collection, storage and processing of this public data requires a clear legal basis,” said Katharina Kellner, principal researcher in technology at the International Association of Privacy Professionals (IAPP). increase. “So what we are concerned about is web scraping.”
Other issues, Kellner said, include transparency about the data collected and explainability in the sense of “how did this particular AI or machine learning system arrive at this conclusion or output?” said to include areas of
The EU also has a “right to be forgotten” that allows citizens to ask companies to delete or correct their personal information. It is unknown if AI models can do that.
As ChatGPT and other large language models gain more users, they are on a course that conflicts with existing privacy laws, which means they will have to react quickly or not at all. .
unique concerns
Lawmakers and the White House are increasingly calling for government regulation of AI, but so far there has been little indication.
Regulators such as the Federal Trade Commission have warned companies against making exaggerated claims about AI or using it to cheat. But Congress has been slow to move the bill and is asking tech companies for advice on what the rules should be.
Brookman said he believes the FTC has the authority to address misuse of AI, saying that local laws such as the recent Washington State Health Act requiring user consent to collect, share and sell health data have led to AI pointed out that it could affect Meanwhile, the EU updated its AI law to directly address generative AI, including everything from chatbots to image generators. But it’s unclear if the block can keep up with rapid advances in AI technology.
“It’s like social media,” Bruckman said. “I didn’t think about what the long-term implications of this would be. It just made it much easier to get a lot of information about someone.”
