Care Home Management

The Care Home Decision Makers’ Magazine

Insight & Analysis

Time for a little Chat?

By Howard Freeman, managing director, Fortis DPC Limited 

ChatGPT launched as a prototype at the end of 2022 and has already attracted controversy.

GPT is an abbreviation for generative pre-trained transformer (GPT) and the technology uses billions of data points in the internet to reply to questions and instructions in a way that mimics a human response. It is being used for a wide range of purposes: from explaining scientific concepts, to writing poetry and academic essays.

However, ChatGPT has already been accused of spreading misinformation by replying to factual questions in misleading or inaccurate ways. Its potential use by cyber criminals and bad actors also evokes greater concern.

ChatGPT and the GDPR

Data protection experts have warned that obtaining data by simply trawling through the internet is unlawful. In the EU, for example, scraping data from sites can be in breach of the GDPR and therefore the UK GDPR, the ePrivacy directive, and the EU Charter of Fundamental Rights. A recent example of this is Clearview AI, which built its facial recognition data base using images scraped from the internet. It is currently embroiled in data protection legal action including the use of biometric data without consent. 

Legality

The GDPR gives people the right to request that their personal data is removed from an organisation’s records, completely. This is the “right of erasure”, one of the eight rights on which the GDPR is premised.  Vendors must ask themselves how easy it is for their data subjects to exercise this right. In addition, GDPR demands transparency and AI vendors will need to clearly demonstrate this to remain on the right side of the law.  

In terms of security, ChatGPT is an open-source tool, and its data points are accessible to “bad actors”, with malicious intent. ChatGPT also creates realistic-sounding conversations which can encourage victims to click on malicious links, install malware, or give away sensitive information.

On the plus side, AI systems with a nuanced understanding of natural language can be used to monitor chat conversations for suspicious activity and also in automating the process of downloading data for GDPR compliance.  

Related

Recent Features

Newcross HealthForce

Instant access to reliable and trusted healthcare workers