ChatGPT Security Implications & Privacy Concerns

5 Tips for Using ChatGPT Safely & Securely 

ChatGPT security implications and privacy concerns have been growing since OpenAI released the chatbot for public use in November 2022. In addition to the influx of AI image generators that have recently hit the market, the popularity of ChatGPT has led to discussions about the misuse of artificial intelligence. Namely, there are worries about AI software being used to collect and analyze data, potentially leading to data breaches. 
 
In this blog, we'll first answer the questions of whether ChatGPT collects personal data and what type of data it saves. We will then discuss the major concerns relating to ChatGPT about security and privacy, before sharing 5 tips on how to use the chatbot in a safe and secure way. Click here to jump to our recommendations.

Does ChatGPT Save Data? 

The quick answer to this question is yes, ChatGPT does save user data. OpenAI’s privacy policy provides us with almost all the details we need regarding the company's information collection and storage practices. Generally speaking, there are 3 types of data that are saved: 

• Account Information
  "When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history". 
  Like most websites that require you to create an account, OpenAI stores your name, contact details, login credentials, payment information and transaction records.
   
• User Content 
  "When you use our Services, we may collect Personal Information that is included in the input, file uploads, or feedback that you provide to our Services". 
  ChatGPT logs and saves conversation transcripts. In other words, any information you provide in the chat is recorded.
   
• Technical Information 
  "When you visit, use, and interact with the Services, we may receive the following information about your visit, use, or interactions".  
  OpenAI automatically gathers browser and device data, including:  
  - Log Data, such as your IP address 
  - Usage Data, such as country, time zone and the type of content you view 
  - Device Information, such as name of the device and OS 
   

Who Can See Your ChatGPT Data? 

Conversations are reviewed by AI trainers and used for training the algorithms that ChatGPT relies on. In addition, point 3 of OpenAI’s privacy policy states that information is shared with: 

• Vendors & Service Providers
  "To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, event management services, email communication software and email newsletter services, and web analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us."
   
• Business Transfers 
  "If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively a “Transaction”), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets."
   
• Legal Requirements 
  "If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability."
   
• Affiliates 
  "We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI."
   

ChatGPT Privacy & Security Concerns

As we’ve established above, ChatGPT collects user data. Let’s take a look at the main privacy and security concerns that have been levelled at ChatGPT: 

• Data Collection 
  After taking a look at OpenAI’s privacy policy, the type of data that ChatGPT collects probably won’t be considered particularly surprising or alarming to most users. When you create an online account or use a similar type of service, you probably expect your account information and identifying data to be stored. What is concerning, however, is data collected from conversations users have with ChatGPT that is subsequently made available to the chatbot’s AI trainers. Disclosing personal data is one thing and should be avoided, but users have to be equally careful about sharing sensitive documents or source code with ChatGPT for work purposes.  
   
• Data Breaches 
  One of the factors that led to the Italian Data Protection Authority banning ChatGPT was a data breach suffered by OpenAI on 20 March 2023. This data breach partly exposed the conversations of some users, as well as personal details like email addresses and the last 4 digits of people’s credit cards. OpenAI has apologized for the incident and assured users that it will "work diligently to rebuild trust", but this is hardly a guarantee that further data breaches will not occur. 
   
• Lack of Age Verification
  There has been some debate about minors freely using ChatGPT. According to OpenAI’s terms of service, the chatbot is aimed at users over the age of 13. However, the service is lacking an age verification feature that would stop or at least limit minors from receiving inappropriate responses.
   
• Misleading Information 
  Another concern is related to ChatGPT’s tendency to provide users with inaccurate information. As the Italian Data Protection Authority says, "the information provided by ChatGPT does not always match factual circumstances", which can lead to personal data being processed in an inaccurate way.  
   
• Right to Be Forgotten 
  Part of the General Data Protection Regulation (GDPR), the Right to be Forgotten requires organizations to delete or ‘forget’ personal data related to an individual upon request. But can ChatGPT do this? Seeing as it’s an AI technology that cannot necessarily forget things, it’s doubtful that the platform can fail to remember an individual’s personal data. This may have been one of the factors that caused Jean-Noël Barrot, France’s Digital Minister, to state his disbelief that ChatGPT complies with GDPR.  
   

5 Tips for Using ChatGPT Safely & Securely

With the previously mentioned privacy and security concerns in mind, how should you use ChatGPT? Here’s 5 tips to keep in mind when using the service:  

• 
  Cover Your Tracks
  Consider using a virtual private network (VPN) to add an additional layer of security and privacy to your interactions with ChatGPT and other AI services. One highly rated option is ProtonVPN. To help prevent third-party trackers or cookies from monitoring your online activities, we also recommend using an ad blocker. AdBlock Plus is among the most popular and effective ad blockers.
   
• Secure Your Connection 
  Only use ChatGPT through a secure HTTPS connection that will encrypt the data exchanged between your device and the server. For extra security, you can also use a privacy-minded browser like Brave to limit the personal data that may be shared with the chatbot by your browser.
   
• Clear Your Browsing Data
  After using ChatGPT, you can use data erasure software like BCWipe to clear browsing data such as cookies and internet cache. This will remove any personal information that may have been stored.
   
• Limit the Personal Data You Share
  Be mindful of the information you share! Avoid sharing personal details, financial data, passwords, private documents or other types of sensitive information with ChatGPT.
   
• Use a Nickname 
  Instead of providing ChatGPT with your real name, you can use a nickname or pseudonym when interacting with the chatbot. This can help limit the associations between your interactions with ChatGPT and your real identity.
   

Further Boost Your Online Protection

There are clear security implications to using ChatGPT, but hopefully you are now in a position to use the chatbot in a way that doesn’t put your privacy at risk. To find out more about boosting your protection online, why not consult our guide to 10 of the best free data privacy tools.