ChatGPT keeps being a hot topic in AI and it seems like it has a lot of advantages for every organization. More and more businesses are using the chatbot. But with the rise in popularity comes a rise in questions about Data Privacy.
Statista conducted a survey about ChatGPT concerns across four Southeast Asian countries. According to this survey, almost half of the respondents have concerns about chatbots like ChatGPT because it collects personal data. On top of that, 42% of the respondents had ethical concerns related to data privacy and intellectual property.
ChatGPT is still relatively new and a lot of people have questions about it in regards to the topic of privacy and security of their data. And you might have questions as well. It’s good to have questions about important topics like this. To help you get a better understanding of how ChatGPT handles privacy and security, we’ll provide you with all the answers.
What is ChatGPT?
ChatGPT is a Large Language Model (LLM) that generates text based on your input (prompts). An LLM needs training to improve its performance. It learns from the input it gets and from the output it gave. In other words, it learns from the data you put in and the answers it generates. ChatGPT was developed by OpenAI and it’s currently running on their newest LLM GPT-4o.
Does ChatGPT save my data, if so, why?
Yes, ChatGPT saves your data. It saves your prompts, chat conversations and account details. These details include your name, email, IP address, and location. Collecting all this information is not uncommon. Most websites collect these kinds of data for analytics. This also counts for ChatGPT, but there’s more to it for them than only analytics.
AI training
ChatGPT’s main reason for saving your data is not for analytic purposes. The main reason is training their LLM. ChatGPT is an AI model, which means that it learns from its experiences. It uses these experiences to improve itself and get better in its tasks.
With 100 million weekly users, ChatGPT generates a lot of data. This all adds more data to the extensive knowledge base of ChatGPT.
Before the public launch of ChatGPT, and the collecting of user data, the knowledge base was already formed. ChatGPT was mostly trained on public information from platforms like online fora, blogs, and social media. Now they also use your prompts and data to train their model.
Hallucinations
Another reason for OpenAI to collect data is to prevent hallucination. Some AI models tend to hallucinate at times. This means the model doesn’t know the answer to your prompt, but still presents an answer and makes you believe it is the truth. In other words, it gives you misinformation because it doesn’t know the right answer. By training the LLM model, OpenAI can mitigate the risk of hallucinations.
Prevention
OpenAI is also saving your data to monitor it. The reason for monitoring the data is to prevent abuse and harmful content generation. By reviewing and analyzing mistakes, the chatbot will become more user-friendly.
Why is Data Privacy a concern when using ChatGPT?
Concerns about data privacy are a hot topic. Especially with the continued rise of new technologies. It’s sensible to question companies that use your data. And the fact that ChatGPT saves all your data may raise questions.
Simply put, the information you enter in ChatGPT can be used to train the model. This means that it may be used to generate an answer for another person’s question. If you are concerned about this, you could turn off training the model with your data. Later in this blog you’ll read how to turn it off.
Turning off the model training with your data may resolve your own concerns. But there are still certain rules in the world of privacy, like GDPR, and the question is; how is ChatGPT living up to those rules?
GDPR in Europe
The main regulation in privacy land is the GDPR, the General Data Protection Regulation from the EU. This act allows natural persons to maintain control over their own personal data. Additionally, it protects the data from being misused by organizations.
One of the most essential parts of the GDPR is the ‘right to be forgotten’, this means that you can request an organization to delete your personal data. And this is also where ChatGPT tends to fall short.
It would be quite an extensive task to erase someone’s personal data. Especially from an intensively trained model like ChatGPT. It’s very hard to track down which data to erase and where to find it. Moreover, AI systems like ChatGPT can’t forget like humans, but they can adjust the importance of data in its knowledge. In short, it can’t delete your data, but it can choose to not use it.
Complying with the GDPR seems like a real challenge for OpenAI. The company has already been accused of data breaches by a man from Poland. Additionally, Italy already banned the chatbot for nearly a month because of the data concerns. So there’s still work to be done.
Data Security at OpenAI
Besides privacy, it’s also wise to question what happens to your sensitive data in terms of security. OpenAI has several measurements in place to protect your data:
- Limit data sharing. Your data can be reviewed by authorized personnel or external service providers for monitoring purposes. Your data is only shared with a select group of trusted service providers. OpenAI states that the service providers are subject to ‘strict confidentiality and security obligations’. Your data won’t be shared with third-parties for marketing purposes.
- Secure data storage. Your data is stored on OpenAI’s systems and, if necessary, on the servers of the service providers.
- Bug bounty program. OpenAI invites you to report vulnerabilities, bugs, or security flaws in the system. If you detect some security breach you can get a reward via the Bug Bounty Program.
- End-to-end encryption. All the conversations with ChatGPT are end-to-end encrypted. This makes sure that your messages are protected against third-party interceptions and your messages are only readable for the intended receiver.
ChatGPT is trying its best to mitigate your concerns. But if you want to take it a step further, you can take the matters into your own hands as well.
How to make ChatGPT more privacy friendly?
OpenAI knows that people are questioning the data privacy of ChatGPT. In order to take the doubts away, OpenAI made it possible for you to take your own measures.
Opt-out of data training in ChatGPT using Data Controls
Your data is used to train the ChatGPT model. But if you don’t want that, you can opt-out. Every user is able to opt-out by following the next steps:
- Log in to ChatGPT
- Click on your name in the bottom left corner.
- Click on ‘Setting & Beta’.
- Click on ‘Data controls’.
- Toggle off ‘Chat history & training’.
- ChatGPT will automatically create a new chat.
- Now you can chat without training the model and your prompts won’t be saved in the history sidebar on the left.
Note that OpenAI will still store, review and monitor your data for abuse detection (max 30 days).
Make a Privacy Request at OpenAI to opt-out your business
Besides opt-ing out of data training only for your own account, you can submit a privacy request for your whole business here. If you have a request about data training or data deletion you can click on ‘Make a Privacy Request’ in the top right corner. After that the process will be straightforward.
If you have any other privacy request you can send it to their email address, which you can find in the same article.
Switch to ChatGPT Teams or Enterprise
Another option is to switch from ChatGPT (Plus) to the ChatGPT Teams or ChatGPT Enterprise subscription. This subscription allows you to maintain ownership and control over your business data.
There are several benefits to this type of subscription:
- You own and control your data
- Your data is not used for training ChatGPT
- You own your inputs and outputs
- You decide how long your data is saved (Enterprise)
- You decide who gets access (Enterprise)
- You get enterprise-level authentication with SAML SSO
- You have control over access and available features
- Your custom models are not shared and only available to you
- OpenAI provides comprehensive compliance with regards to security (Enterprise)
- OpenAI has been audited for SOC 2 compliance
- OpenAI provides data encryption at rest (AES-256) and in transit (TLS 1.2+)
- OpenAI has a Trust Portal where you can find more information about security measures
Note that OpenAI will still store, review and monitor your data for abuse detection (max 30 days).
Make use of the OpenAI API
The benefits for the ChatGPT Enterprise subscription also count for the OpenAI API Platform. You can find these benefits in the section above. But in short, your data is not used for training the models and it’s extensively protected.
The OpenAI API can be used to link your own application to ChatGPT. For example, you could use the API for generating content or translating text. And the best part is that your data won’t be used to train OpenAI’s AI models.
Note that OpenAI will still store, review and monitor your data for abuse detection (max. 30 days).
Azure OpenAI Service
Microsoft offers a service where you can create your own AI applications using OpenAI models. With the Azure OpenAI Service you can build your own chatbot, content creator, and many more. And the best part is that your data is not used to train their model. Microsoft controls the service, which means that OpenAI has no access to your inputs and outputs.
However, Azure still has monitors to your data to prevent abuse and harmful content generation. Microsoft securely stores the prompts and generated output for up to thirty days. After that your data will be deleted from Microsoft’s servers.
But, you can get an exemption to the monitoring. You can make a request so Microsoft won’t process your data for abuse detection. This could be relevant for organizations that use sensitive, confidential or legal data, but still want to use Azure OpenAI Service.
More information about how Azure OpenAI Service handles data privacy can be found here.
Some additional tips
Using ChatGPT is like using a hammer, it’s a very helpful tool, but you should be careful when you use it. If you’re not careful you’ll hurt yourself or someone else.
ChatGPT relies on data to improve, and while OpenAI prioritizes protecting your data, caution is key when inputting sensitive information. Even with high standard security measures in place, like any online service, ChatGPT isn’t immune to potential data breaches.
When you’re working with sensitive data please keep the following in mind:
- Use a secured WiFi-network or use a (company) VPN. This ensures that your connection is encrypted and your traffic is protected against unauthorized parties.
- Think twice before you enter your data. Always ask yourself if it’s necessary to mention that name, address, or organization. Assume that everything you put in would end up in the public domain. Is it worth it?
Consider AI-as-a-Service, like offered by DataNorth, to get help by AI professionals. This will help you to make sure that you use ChatGPT in a safe and privacy respecting way. It can also help you find the best, most impactful, use cases for ChatGPT within your organization.
Be extra cautious when using third-party plugins or GPT’s
ChatGPT plugins are really helpful tools which can elevate your experience. A plugin adds capabilities to ChatGPT’s shortcomings.
It’s important to know that most plugins are owned by third-parties. This means that OpenAI can’t protect all the data you put in. This is why you should be extra cautious when using third-party plugins or GPT’s in ChatGPT.
Need help using ChatGPT with Data Privacy in mind?
ChatGPT and Data Privacy will always be an important topic. In this blog there’s a lot of information that could be hard to comprehend. So if you have any questions regarding ChatGPT you can get in touch with DataNorth.
DataNorth offers a ChatGPT workshop to answer all your questions regarding ChatGPT. And if you’re not sure where using ChatGPT could be beneficial, DataNorth can help you find opportunities with the ChatGPT Assessment.
Ready to optimize your business with ChatGPT? Get in touch with us!