Today that technological evolution unfolds through the innumerable capabilities demonstrated by artificial intelligence, topics such as protection of privacy and the confidentiality of personal data they stand out as priority issues.
Although attention has been paid for some time now, these issues are coming back to the fore due to the massive diffusion of chatbot conversazionali come ChatGPTGoogle Bard and Bing Chat, whose interaction with humans raises several questions about the nature of the data shared on these platforms.
Not for nothing, at the end of March this year the Europen Privacy Guarantor I had access to the OpenAI chatbot suspended because it does not comply with community legislation on privacy regarding the illegal collection and storage of user data. Which has also moved other governments to ensure that security that AI could jeopardize.
In the first draft of the European legislation to regulate AIknown as AI Actwe read that for systems of generative artificial intelligence transparency has been elected as a “fundamental requirement”. Therefore, models like ChatGPT and DALL-E will have to disclose, among other things, the origin of the generated content.
While there is a concrete possibility that ChatGPT is removed from the European Union marketif you do not find it possible to adapt to the GDPR, it is good to be aware of that information that should never be disclosed in prompts created to converse with the chatbot.
-
1. Why keep sensitive data confidential
After about a month from block to ChatGPT ordered by the Privacy Guarantor, in April the OpenAI chatbot started working again in Europe. With the precautionary measure that forced it to satisfy some community privacy requirements before returning online, OpenAI committed to align its technology with people’s rights.
Although the Europen control body has expressed satisfaction with the safety measures adopted so far, it is necessary to take further actions for complete compliance with the European data protection legislation, better known as GDPR.
Perhaps not all Europens are aware of the right to refuse to hand over your data for training the machine learning models that power ChatGPT. But unfortunately this is not enough.
First, the possibility that someone might must be considered exploit vulnerabilities to infiltrate servers of OpenAI and steal user data. It is important to remember that in March 2023, due to a technical issue with ChatGPT, some people were able to access the conversations and payment information of Plus version users.
Furthermore, compared to storing chats on servers managed by “reliable US suppliers“, it is legitimate to ask what guarantees the actual reliability of these platforms. And if OpenAI eliminates personally identifiable information, before this step the data still enters the servers in raw form and could be potentially accessible by staff.
In fact, OpenAI allows access to certain members of its staff for AI model maintenance purposeswhich means that some conversations may be read or analyzed by staff.
Finally, although OpenAI promises not to share user data with third parties for marketing or advertising purposes, it does share it with those who are responsible for maintaining the website and mobile applications in order to guarantee the correct functioning of the services.
-
2. Hide identity, credentials and banking information
The first and fundamental stage in this digital odyssey is the recognition of the most delicate aspects of individual identity, which, if disclosed, could lead to serious consequences. Information such as full namel’residential addressthe date of birth and the Tax ID code they constitute pillars of personal privacy, the exposure of which could open the way to ill-intentioned people. In fact, beyond the danger posed by OpenAI, there is the risk of falling victim to hackers who could target this sensitive data. It is also best not to communicate details about travel plans or extended absences from home.
However, caution should not be limited to the basic information just described. Sharing login credentials, i.e password they usernamewould open a digital Pandora’s box, exposing users to potential cyber attacks and identity theft. There is therefore an absolute need to protect such data with the same attention reserved for family jewels.
The analysis continues in the territory of banking data, a precious source for malicious actors who are just waiting to steal some account codes. Details like credit card numbers and IBAN, essential for financial operations, have no role in ChatGPT’s sphere of competence. Their revelation represents not only a danger, but a clear futility.
-
3. Information on work and health is also off limits
A further topic worthy of attention is represented by the working context. Here, caution in sharing sensitive information must be even greater, considering the possibility of a leak of confidential documents or portions thereof. Just like the IT giants have implemented measures of corporate data security e imparted restrictive policies for employeesit is crucial that individuals refrain from sharing sensitive details of the work context with ChatGPT.
The approach to the medical sphere is equally crucial. While ChatGPT can proficiently identify symptoms or abnormal physical conditions, nothing can replace medical advice of a professional. Details regarding health should remain the prerogative of competent and specialized figures, avoiding relying on a chatbot.
Finally, adopt a careful approach to sharing information, avoiding excessive disclosures, represents the bulwark in a landscape increasingly governed by AI. In the context of conversational bots like ChatGPT, the individual becomes the helmsman of his own privacy and only with cunning and foresight will he be able to fully enjoy the benefits that AI can offer without compromising his own security.
To know more: ChatGPT, what it is, how it works, what it is for, how to use it for free