In November of last year, OpenAI released ChatGPT, an artificial intelligence application that uses a method of transfer learning by utilizing both supervised and reinforcement strategies. The app skyrocketed in popularity due to its thorough responses to users in a variety of subject areas. As AI advances and expands into new industries, the question of IP ownership of AI production becomes debatable, along with many other burning legal questions.
There have been a few hiccups in the road for ChatGPT since its release in 2022. The first issue is the accuracy of generated responses. The app crawls the internet for data and may assemble and disseminate incorrect responses without fact-checking. According to OpenAI, ChatGPT “sometimes writes plausible-sounding but wrong or illogical answers.” This tendency, known as artificial intelligence hallucination, is typical of large AI-based language models.
The second issue plaguing the viral app is privacy. The language model ChatGPT is powered by needs tons of data in order to operate and improve. The model gets more adept at seeing patterns, foreseeing what will happen next, and producing credible text as more data is used to train the technology. To get the app started, OpenAI provided ChatGPT an estimated 300 billion words, but where did OpenAI get those words? Everywhere. Books, articles, blogs, social posts, and more – all without consumer consent.
Consider the information you may have included in a personal blog or social media post from family member names, locations, and potentially sensitive data about your health. When ChatGPT scraped the annals of the internet nothing was off limits.
But if the information was publicly available, so why does it matter? Because even if data is in a public forum, there’s a reasonable expectation of privacy by consumers and the use of that information by an entity can breach contextual integrity – meaning the information was used beyond its originally intended purpose. When asked about his thoughts on ChatGPT, Truyo president Dan Clarke said, “It definitely raises questions about whether it has your information, but another burning question is whether it violates anyone else’s privacy. To answer simply, I would say probably not because they allegedly use only public information, but it is worth evaluating.”
You may be asking yourself how you can find out if ChatGPT has stored or used your information. It’s a question that currently doesn’t have an adequate answer. As of right now, there is no mechanism for you to check if they have any of your data, and if individuals can’t ask what information they have, good luck submitting a delete or forget request.
The app’s parent company OpenAI was recently valued at $29billion USD and new feature releases such as a paid subscription model for ChatGPT means this dialogue isn’t going away any time soon, especially as AI becomes more prevalent. Adding fuel to the fire, the privacy concern goes beyond the data the app gleaned from its initial scrape/feeding. As users feed the app more information, it will continue to store an increasing amount of data whether the user accepted terms of use or not, a privacy feature that’s not currently in effect. For example, if you submit a personal work for review to ChatGPT, the app now owns the submitted items and subsequential output to be used to further bolster the application and inform responses to other users, whether you like it or not.
Moreover, OpenAI collects a variety of other user data beyond the publicly sourced information used to augment the app. The company’s privacy policy states that it gathers information on users’ IP addresses, browser types, settings, and information on how they interact with the site, including the kinds of material they engage with, the services they utilize, and the activities they perform.
Truyo anticipates that it’s only a matter of time until OpenAI and ChatGPT are called to the carpet for harmful privacy practices as the US federal government moves forward with discussions about the American Data Privacy and Protection Act. We could see movement in Europe with the app’s GDPR compliance being called into question, as well.
The most important move by any privacy enforcement body is to consider a more technology-agnostic approach to legislation that can cover a multitude of data controllers no matter their industry, data collection practices, and use of that data. An umbrella approach is the only way to ensure that evolving technologies don’t evade privacy guidelines.