This Cybersecurity Awareness Month, Grab the best offers before


ChatGPT and its privacy concerns

ChatGPT and its privacy concerns


Chat GPT, the most popular open AI chatbot, has been generating news since its launch in November 2022. According to estimates, it garnered 1 million subscribers in an entire week, becoming the most rapidly expanding consumer app in history. Chatbots driven by AI are all the rage these days because ChatGPT is the shining star. It eclipsed industry heavyweights like Instagram and TikTok to become the fastest-growing online community in history, boasting over 100 million monthly users just a few months after its launch. It’s easy to see why Open AI’s ChatGPT is so popular.


For those who are unfamiliar with Chat GPT, it is a programming model constructed by OpenAI that is supposed to generate human-like writing. It is also used to answer questions, translate languages, compose music, generate stories and poetry, summarise, write code, and many other things.

Chat GPT is trained on vast amounts of data, and in the case of inaccurate data or missing information, the responses will reflect those issues. This may spread incorrect information and prove ineffective in the case of unique queries. Chat GPT is not capable of verifying the accuracy of the information in the training data and may generate responses that are false or misleading. Sometimes it can solve a complex algorithmic problem but give inaccurate results for a simple mathematical problem.


ChatGPT and others based on artificial intelligence models have grown in popularity in recent years, and many businesses increasingly rely on them to deliver fresh material. However, this application raises a number of moral and legal concerns, particularly concerning data privacy. One of these questions revolves around whether Open AI can comply with GDPR Article 17 by removing information about an individual from the model without request.

Here are the few red flags that we are currently facing due to ChatGPT:

  • Privacy concerns

The use of artificial intelligence language models raises concerns about the security and confidentiality of the personal data needed to train and develop them. It saves the user’s data along with confidential information, which might be dangerous if the data is abused. Concerns have also been raised regarding who gets access to this information and how it is handled, preserved, and safeguarded. To put it simply, all of your chats may be saved and analysed by human trainers in order to examine and enhance the AI model.

  • Creating phishing emails

The most serious risk of chat GPT is the reality that it may generate phishing emails in many languages. To the joy of hackers, they may request an advertisement, a shopping notice, or an update to software in their own language and receive a well-crafted answer in English. Typos and grammatical mistakes are common indicators of phishing emails, but without such indicators, identifying phishing emails can be difficult.

  • Plagiarism

Chat GPT has the ability to produce text that is identical to current content, which may result in plagiarism. Furthermore, because it bases itself on training data patterns, Chat GPT is incapable of unique ideas and creative responses.

  • Misuse and exploitation of technology

Another ethical problem is the possibility of technological misuse and abuse. Chat GPT may create human-like writing, which might be used for malevolent objectives like distributing disinformation or impersonating people. It is critical to put protections in place to avoid such misuse and to punish those who do so.

  • No question of permission

We were never asked if OpenAI could use our data. This is an obvious breach of privacy, particularly as the data is sensitive and may be used to determine us, our closest relatives, or our location. Even when data is publicly available, its use might violate textual integrity. This is a crucial premise for privacy law issues. It demands that individuals’ information not be disclosed outside of the situation in which it was created.

  • No regulation of the storage of data

There are no procedures in place for individuals to figure out if the corporation maintains personal data about them or to request that it be thrown away. This is a given privilege guaranteed by the European General Data Protection Regulation, although whether ChatGPT corresponds with the standards of the European General Data Protection Regulation remains to be debated.

  • Questionable privacy policy

OpenAI collects a wide range of additional user data. According to the business’s privacy policies, it gathers customers’ IP addresses, browser types, and settings, as well as data on users’ interactions with the site, such as the sort of material they engage with, services they employ, and actions they accomplish.

It also captures data on users’ surfing habits throughout the year and across websites. To fulfil its commercial objectives, OpenAI indicates that it may share users’ confidential data with unidentified third parties without warning them.


The mechanism used by OpenAI to get the data on which ChatGPT is based has yet to be released, but privacy experts have cautioned that acquiring training data by merely scanning the internet is illegal. Scraping data points from websites, for example, might violate the GDPR (and UK GDPR), the ePrivacy instructions, and the EU Convention of Fundamental Rights in the EU. Clearview AI, which created its face-recognizing database using photographs taken from the internet, was recently sent enforcement notifications by numerous data protection agencies.

People have the “right to erasure” under GDPR, which allows them to request that their personally identifiable information be totally erased from an organisation’s records. The issue with methods that use natural language processing, such as ChatGPT, is that the engine ingests potentially personal material, which is subsequently transformed into a type of ‘data soup,’ making it hard to retrieve an individual’s data.

As a result, it is unclear if ChatGPT conforms with GDPR. It does not appear to be accessible enough; it may be unlawfully gathering and processing personal data, and it appears that data subjects may find it difficult to take advantage of their rights, including the right to receive notification and the right to be erased.


Some researchers believe ChatGPT represents a watershed moment in artificial intelligence, an acknowledgment of advancement in technology that has the potential to transform the way we as a species work, learn, write, and even think. Regardless of its potential benefits, we must keep in mind that OpenAI operates as a privately owned company whose objectives and commercial operations imperatives do not always align with larger societal needs.

The privacy hazards associated with ChatGPT serve as a red flag. And, as users of an increasing number of artificially intelligent technologies, we must exercise extreme caution in sharing information with such tools.



Share On

Upcoming Events

Build Your Privacy Career | Webinar

Eager to kickstart a successful career in data privacy? Don’t miss our exclusive “Build Your Privacy Career” webinar, providing vital insights into India’s data laws.


18th Nov, 5:30 PM IST

DPDPA – Conducting Effective Privacy Impact Assessment | Demo Session Other Events

Unlock the secrets of Effective Privacy Impact Assessments in our Exclusive DPDPA Demo Session.

21st Nov, 5:30 PM IST

Start in Data Privacy

Supercharge your career as a well-paid Privacy Professional with our Exclusive Webinar. Gain essential skills in data privacy, network with experts, and enhance your expertise.

28th Nov, 5:30 PM IST

Other Blogs

Get In Touch !

By submitting this form, you give consent to the Privacy Statement

Get In Touch !

Get Free Consultation!