Can GPT-4o be trusted with sensitive data?

On May 13, OpenAI published a new AI model GPT-4oShe has incredible opportunities and is much more human-like: it can solve equations, tell bedtime stories and, according to the company, can detect emotions from facial expressions.

OpenAI stresses its commitment to making its tools accessible free for everyone. However, experts say that as GPT-4o's capabilities have expanded, so has the amount of data the company can access, creating privacy risks for users.

OpenAI has a poor track record when it comes to protecting user data. After launching ChatGPT in 2020 and publishing technical article It emerged that the AI ​​generative text system had scraped millions of pages of Reddit posts, books, and the web at large — including personal data that users shared online — to create the system. This led to ChatGPT being temporarily banned in Italy last year, drawing the attention of data protection regulators.

Shortly before the launch of GPT-4o, the company released a demo desktop application ChatGPT for macOS, which made it clear that the chatbot will be able to get access to the user's screen. And in July, the same app came under attack again: it turned out that due to security issues You can easily find chats saved on your computer and read them in unencrypted form.

OpenAI was quick to release an update that encrypts chats, but given the current level of public scrutiny of the company and GPT-4o, it's easy to see why people are so concerned about privacy.

So how private is the new iteration of ChatGPT? Is it any worse than previous versions in this regard? And can the user restrict its access to data?

OpenAI Privacy Policy

Privacy Policy OpenAI makes it clear that the model collects large amounts of data, including personal information, usage data, and the content you feed it. ChatGPT will collect all of this data by default to train its models unless you disable the setting in the settings or upgrade to the enterprise version of the solution.

OpenAI states in its privacy policy that users’ personal data is “anonymized.” But the company’s real approach is more of a “let’s collect everything we can get our hands on, and then we’ll figure it out,” says Angus Allan, a senior product manager at CreateFuture, a consultancy that helps companies use AI and data analytics. “OpenAI’s privacy policy clearly states that it collects everything a user enters, and reserves the right to train its models on that data.”

According to Allan, the broad definition of “user-generated content” likely includes images and voice data as well. “It’s a data turbo-vacuum, and the policy is very clear about that. The policy hasn’t changed significantly with the release of GPT-4o, but given the expanded capabilities of the model, the volume of what counts as ‘user-generated content’ has increased dramatically.”

OpenAI’s privacy policies stipulate that ChatGPT doesn’t have access to data on a user’s device beyond what’s entered into the chat. However, ChatGPT collects a lot of user data by default, according to Jules Love, the founder of Spark, a consultancy that helps companies use AI tools in their workflows. “It uses everything from prompts and responses to email addresses, phone numbers, geolocation data, network activity, and device information.”

Open AI says the data is used to train the AI ​​model and improve its responses, but the terms of the policy allow the company to share users’ personal information with affiliated organizations, service providers, and law enforcement. “So it’s hard to know where your data is going,” Love said.

According to data scientist Bharat Thot, the data collected by Open AI includes full names, account credentials, payment card information, and transaction history. “Personal information may also be stored, particularly if the user uploads images as part of the prompts.” Similarly, if the user chooses to connect to a company’s social media pages such as Facebook, LinkedIn, and Instagram, personal information may also be collected when contact information is shared.”

Machine learning expert Jeff Swartzentruber notes that OpenAI uses consumer databut it doesn’t sell ads. “Instead of advertising, the company provides tools, and that’s an important distinction. The data entered by the user is not used directly as a commodity. It is used to improve the service, which benefits the user, but at the same time increases the value of OpenAI’s intellectual property.”

Privacy Management

After facing criticism and privacy scandals after the launch of Chat GPT in 2020, OpenAI has implemented tools and controls to protect user data. OpenAI says it is “committed to protecting people’s privacy.”

In the case of ChatGPT in particular, OpenAI said it understands the reluctance of some users to share their information to improve models, so it provides them with ways data management. “ChatGPT Free and Plus users in settings can easily control whether their data contributes to improving models,” the company's website says. It also states that training is not performed on user data API, ChatGPT Enterprise and ChatGPT Team.

“We’ve provided ChatGPT users with a variety of privacy controls, including an easy way to opt out of training our AI models and a temporary chat mode that automatically deletes chats,” OpenAI spokesperson Taya Christianson told WIRED.

The company said it does not collect personal information to train its models, nor does it use public information from the internet to create profiles of people, target ads, or sell user data.

The Voice Chat FAQ on OpenAI's website states that audio clips from voice chats are not used to train models unless the user chooses to transmit audio to “improve voice chats for all users.”

“If you provide us with audio from voice chats, we will use it to train models,” the same FAQ says. Additionally, depending on the user's choice and tariff plan, the model can also be trained on transcribed chats.

In recent years, OpenAI has “to some extent” increased transparency about how it collects and uses data, giving users options to manage their privacy settings, says Rob Cobley, a commercial partner at data protection law firm Harper James. “Users can access, update, or delete their personal information, giving them control over that data.”

The easiest way to keep your data private is to go to your personal settings and turn off data collection.

Angus Allan recommends that “almost everyone” should take a few minutes to opt out of model training as soon as possible. “This will not remove your data from the company’s platform, but it will prevent it from being used to train future models, which could be leaked.”

To opt out of model training, you need to go to Settings, Data Controls and turn off Improve the model for everyone.

Another way to prevent OpenAI from collecting your data is to use only the temporary chat. Click on ChatGPT in the top left corner and then turn on at the bottom of the list Temporary Chat.

However, disabling data collection limits functionality. The model will not remember anything from your previous chats, so responses will be less accurate and nuanced.

In the ChatGPT web interface, users can delete their chat history, add a personalized privacy guide, manage all shared links, request data exports, and delete their account. For added security, users can also add multi-factor authentication and the ability to sign out of their account on all devices.

When working with ChatGPT, you should think more often about the security of your data. For example, when using Custom GPT You may unwittingly expose your confidential data.

You can also control the data you share with the chatbot by choosing what content you share with ChatGPT-4o from the start. The tricky part, experts say, is balancing privacy with user experience. Limiting the data you share with ChatGPT can make your experience with the AI ​​worse, reducing the relevance, accuracy, and personalization of your responses because the AI ​​will have to rely on more limited and generalized algorithms.