These tools claim to provide human-like responses by accessing large databases of content. However, critics argue that this database access can harm privacy, security, and intellectual property rights.
These tools may use user input to personalize future interactions, potentially storing individual preferences and query phrasing.
Recently, VigiTrust Founder, Mathieu Gorge, has presented a research paper. He mentioned that he interviewed 15 Chief Information Security officers, all of whom voiced concern regarding generative AI.
According to Mathieu, the most serious concerns involve IP leakages and confidentiality. Besides, these tools may risk creating other forms of shadow IT. While generative AI tools process data using the internet, they never detail where they store the data physically.
IT experts have also questioned the different terms and conditions of such services. They have emphasized the cruciality of going through the said terms before sharing sensitive personal information with conversational AI tools.
The behavior of these systems varies widely. While some rely on outdated data, others actively seek and analyze available information.
Data Privacy Policies, Limitations And Compliance Questions
Generative AI tools typically implement data privacy policies. OpenAI’s ChatGPT, for example, offers users options to delete individual conversations, all data, or their accounts within a 30-day timeframe. The service also monitors queries to prevent abuse.
On the other hand, Google’s Bard gathers conversations and user feedback but claims not to access sensitive personal information stored in users’ Google service accounts.
Besides security disputes, public chatbot services have experienced compliance questions associated with the General Data Protection Regulation (GDPR).
However, despite these security measures, Generative AI tools pose challenges for businesses. They rely on publicly available data to train their models and lack control over the training data compared to enterprise-based machine learning solutions.
Industry experts suggest that Generative AI services should implement dedicated policies and guidelines related to data privacy. They should include transparency about data storage and usage for training and improvement purposes.
While obtaining consent for sharing client data with internally operated systems is relatively simple, it is challenging for public chatbots. This concern has led to state bans on ChatGPT, as seen recently in Italy. Similarly, the UK has postponed Bard’s launch in the country.
Generative AI’s potential has been recognized by numerous experts. CIOs and Chief data officers are intrigued by their possibilities. However, the technology seemingly needs further development before organizations employ it in their mainstream settings. The quality and consistency of the responses should be monitored.
The makers of Generative AI models should hand over access to finetune and control these tools to enterprises so that the models can align with the business’s unique requirements.
Most importantly, there is a prominent need to address ethical considerations, mitigate biases, and ensure fairness in generating responses.