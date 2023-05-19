Cybersecurity company Surfshark conducted an analysis of ChatGPT's data collection practices and uncovered several potential flaws, echoing concerns raised by the Italian Data Protection Authority.

The rising popularity of ChatGPT has come under scrutiny due to concerns surrounding its data collection practices and overall safety. These worries led to Italy imposing a temporary ban on ChatGPT and prompted the formation of task forces by the European Data Protection Board (EDPB) and the US Department of Homeland Security (DHS) to address the issue.

One of the main privacy issues that were identified is the massive amount of personal data collected by ChatGPT for training its AI models. It is alleged that this data collection may have been conducted without a valid legal basis, as required by the General Data Protection Regulation (GDPR).

Italy's temporary ban was partially based on this violation. In response, OpenAI, the organisation behind ChatGPT, has recently introduced a form allowing users within the European Union (EU) to opt out of having their data used for training purposes. However, the opt-out form is currently limited to EU users only, leaving non-EU users with their data potentially remaining on the platform.

Another concern raised by Surfshark is ChatGPT's failure to notify individuals whose data was utilised to train the AI model. Under the GDPR, data controllers are obligated to inform users about the collection and use of their data. By neglecting this requirement, OpenAI may have violated privacy laws. Since many people are unaware that their data has been collected and employed by ChatGPT, they are unable to take action, such as opting out, exacerbating the issue of potentially unlawful data collection.

“ChatGPT is not in line with the principle of accuracy — The platform's provision of inaccurate information can significantly damage an individual's reputation. For instance, it may falsely assert a person's guilt or accuse them of crimes they have never been associated with,” the report said.

In terms of user age verification, ChatGPT reportedly falls short in preventing children under the age of 13 from accessing the platform. In response to Italy's ban, ChatGPT introduced a tool to determine if users are over the age of 13. However, this tool lacks the ability to verify the accuracy of the age entered by users, enabling children to falsely claim adulthood and freely utilise the platform.

Furthermore, ChatGPT is said to lack a parental consent verification process for users aged 13 to 18. Although the platform's terms of use state that parental consent is required for children in this age group, there are no mechanisms in place to verify whether consent has been obtained. Consequently, children within this age range can use the platform without parental consent.

Gabriele Kaveckyte, the privacy counsel who conducted the analysis, emphasised the need to address these potential privacy issues within ChatGPT.

“While some improvements have been made by ChatGPT following Italy’s temporary ban, there is still room for improvement. Addressing these potential privacy issues is crucial to ensure the responsible and ethical use of data, fostering trust and safeguarding user privacy in AI interactions,” she added.