Pages

Friday, February 24, 2023

ChatGPT - Is it Compliant with the Laws?

As the ChatGPT and Aritificial Intelligence (AI) in general becomes more all pervasive in our lives, we have to ask ourselves this question - Is it Compliant with the Laws?

AI and/or ChatGPT relies on large data sets to learn and give answers and make predictions. The manner in which these large amount of data has been obtained, is a matter of concern. We can only hope that data privacy and data protection has not been compromised by these AI algorithms. Businesses should ensure to comply with data protection laws, and shall have to implement appropriate technical and organizational measures to protect personal data and obtain informed consent from individuals before collecting and using their data.

 Regarding, 

"whether ChatGPT is GDPR compliant will depend on how it is designed and used, and whether it collects, processes, or stores any personal data of individuals who are located in the EU. If you have specific concerns about the GDPR compliance of ChatGPT, I would recommend consulting with a legal professional." (link)

Legislators, especially those in Europe, are coming down hard on many of the biggest tech companies that use algorithms and AI with laws focused on privacy and consumer protection. 

 The various uses of ChatGPT – and other generative AI – can raise ethical and legal concerns regarding the violation of data privacy. While users can use ChatGPT to draft privacy notices., ChatGPT itself is under scrutiny from data protection experts. (link

#AI-powered interpretation of web search is the subject of study in the legal implications of artificial intelligence, and “the promise and the peril of the digital age..” in this link.

ChatGPT has been trained on vast quantities of data (prior to 2021), which may have included proprietary material. These may be used by ChatGPT in response, despite not being licensed by the copyright owner.

Confidentiality and data privacy are other concerns,.. employees might use ChatGPT in connection with work.

Although ChatGPT represents that it does not retain information provided in conversations, it does “learn” from every conversation. And of course, users are entering information into the conversations with ChatGPT over the internet and there is no guarantee of security in such communications. (link)

A report by CyberArk security researchers has stated that OpenAI's ChatGPT has reportedly created a new strand of polymorphic malware following text-based interactions, after bypassing the content filters preventing ChatGPT from creating malicious tools. Thanks to the ability of ChatGPT to create and continually mutate injectors, cybersecurity researchers were able to create a polymorphic program that is highly elusive and difficult to detect. (link)

The majority of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year, including malware development and convincing social engineering scams. The top worry for the IT leaders was the technology’s ability to craft more believable and legitimate sounding phishing emails (53%), followed by allowing less experienced cyber-criminals to improve their technical knowledge and develop more specialized skills (49%) and its use in spreading misinformation (49%). In addition to cyber-threats, privacy experts have discussed how the AI model is potentially breaching data protection rules, such as GDPR. (link)  

So, is ChatGPT compliant with the Laws? We don't know yet.

No comments: