/ Rodrigo Velasco about ChatGPT: “One of the security flaws was the extraction of data from paying users”

April 26, 2023

Rodrigo Velasco, technology and intellectual property partner at Alessandri Abogados, was on Vía Pública, on TVN’s 24 Horas, where he talked about Chat GPT and artificial intelligence.

On April 4, 2023 Rodrigo Velasco, managing partner of intellectual property and technology, was interviewed by journalist Matías del Río in Vía Pública, 24 Horas TVN. The interview focused on the “famous ChatGPT” and its possible risks.

Can it be banned, can it be regulated, should it be regulated, should it be allowed to operate freely? These are some of the questions that Matías del Rio asked himself in the program regarding the blocking of this type of Artificial Intelligence (AI) in Italy.

Rodrigo began by explaining that the banning was ordered by the Italian personal data protection agency because it does not comply with European data protection directives. Italy does not intend to be the only country in the world that does not have GPT chat, but to regulate the privacy policies of this AI. “Both the cookies that the chat uses to know where you are, and the history of your queries, as well as the personal data that you pour into that conversation with the robot, are not being treated in the way that this European directive establishes,” he said.

In addition, the partner of Alessandri commented that a data protection law is being discussed in Chile, which is currently in its final stages. “Soon we will have a data protection agency in Chile, which could basically do the same (as the Italian agency) because regardless of whether it is an AI engine, this has happened repeatedly with financial services and mass consumer products,” Rodrigo clarified. He added: “We want to know what they do with our data (…) One of the security flaws that GPT chat had was data leaks of normal users and paying users that it also has, and obviously the non-compliance with consent standards, which is actually the basis of the lawfulness of the processing of personal data“.

To this clarification on the Italian case, Matias del Rio asked: Why only Italy? What is being discussed in other member countries of the European Union? And what about the United States in data processing?

To these questions Rodrigo opined that there is likely to be a sort of chain effect regarding the interpretation of the Italian office. Regarding the U.S., “There is a geopolitics that has been taking place with respect to the attitude that exists in the U.S. for personal data processing, perhaps with specific sectorial laws for health data, but not with a federal law since it does not yet exist,” he pointed out.

Our partner stressed that “it is not covering the sun with a finger” to ban AI until data processing is regularized, because we must not forget that any application or program that we use for free, we are actually paying for it with our personal data. “Companies are collecting data that they can in turn transfer to third parties and use for bad purposes, and the truth is that the problem is not the technology, I believe that no one can subtract from artificial intelligence, but you want to know if the phone is listening to you, and the important thing is precisely in that consent,” stated Rodrigo.

Another important point made by our partner was that the Chilean case is paradoxical. We are one of the most backward countries in terms of data protection legislation, but we started very advanced with a privacy protection law at the end of the 90’s. “Today the OECD demands that we have a data protection agency that is standardized with the agencies of other countries, so that there is what they call a safe harbor, that personal data can be transferred from one country to another without violating the guarantees of the users and the people who provide them”, said Rodrigo.

The lawyer ended the interview insisting that the Italian agency’s pronouncement has to do with the non-compliance of personal data, which is an issue “that I think is interesting in Chile because it is coming on strong. Today there are very few powers of Sernac to regulate consumer relations, only the privacy protection law. According to the signals that at least the government has given, the law could be enacted this year and we would have a data protection agency in Chile”, said our partner.