ChatGPT and Data Protection: Ensuring Compliance and Minimizing Risk

Technology has made significant progress in recent years, providing us access to highly advanced Generative AI that can generate text and engage in conversations with users. ChatGPT is a platform that allows users to communicate with AI and generate content as per their command. With a user-friendly interface, it’s easy to understand and use. Imagine searching for a query and getting a descriptive answer within seconds; that’s the kind of service ChatGPT provides. It’s a language-based model designed by OpenAI with the ability to transform our access to information. 

Insights from Blackberry’s Survey: Key Findings and Analysis

Blackberry surveyed approximately 1500 IT professionals to compile a report on cybersecurity risks associated with ChatGPT. The report’s findings indicate that concerns about ChatGPT are prevalent among those responsible for our technology and cyber defenses.

One of the significant outcomes of BlackBerry’s research on ChatGPT and cyberattacks is that 51% of IT experts believe we are less than a year away from a successful hack attributed to ChatGPT, with some predicting it could occur within the next few months. Furthermore, around 78% of the stakeholders surveyed believe a ChatGPT-related attack will inevitably occur within the next two years. Additionally, a large majority (71%) believe nation-states already utilize ChatGPT for malicious purposes.

Recent High-Profile Case in the News: Overview and Implications

Recent news about ChatGPT involves Amazon, the tech giant that warned its workers not to share corporate information using the chatbot. According to an internal communication review, a corporate lawyer advised employees against sharing confidential material or code with ChatGPT due to concerns that the chatbot could mirror Amazon’s internal data. As a precautionary measure, Amazon implemented this safeguard to protect their sensitive information.

Currently, the laws regulating Information Technology in India do not offer any protection from Artificial Intelligence (AI) and Machine Learning (ML). The Indian Information Technology Act (IT Act) predates the introduction of contemporary cellular phones and does not address the unique challenges presented by these technologies. In the modern era of machine learning and neural networks, which are conditioned on vast amounts of personal or sensitive data, lawmakers must create a preemptive pathway for legislative amendments that strike a balance between regulating new technology and promoting innovative solutions.

Re-evaluating and Updating Your Internal Policies: Strategies for Improvement

The ability of ChatGPT to share personal information from its training datasets with its users presents a potential legal risk, as it may conflict with data protection regulations in many countries, such as the GDPR and India’s recently proposed Digital Personal Data Protection (DPDP) Bill. However, OpenAI’s privacy policy website only references the California Consumer Privacy Act (CCPA), which is applicable in the state where OpenAI is located.

The company asserts that California residents have the right to know what personal information has been collected, how it has been used and shared, the right to request deletion of their personal information, and the right to be free from discrimination related to exercising their privacy rights. The foreign privacy regulations differ from those in the United States, which raises concerns about the app’s legal status.

If you are concerned about your company’s data privacy, it’s never too early to take steps to protect it. Encrypting your data and removing it from public databases can prevent it from being used for monitoring or training AI systems.

Author: Vidhi Krishali, Research Associate, Law, Rainmaker Directions and Contributions: Akanksha Arora, AVP-Legal, Rainmaker

Disclaimer : No information contained in this website may be reproduced, transmitted, or copied (other than for the purposes of fair dealing, as defined in the Copyright Act, 1957) without the express written permission of Rainmaker Online Training Solutions Pvt. Ltd.