ChatGPT: Generating Privacy Labels from Website Privacy Policies

Imagine if a tool could crawl a website, review its privacy policy, and provide relevant and actionnable recommendations.

If you haven't heard of #ChatGPT yet, let me introduce you to its potential for streamlining privacy audits. ChatGPT is the latest initiative from OpenAI and is currently available for "research preview" at no cost. This model was trained to "interact in a conversational way," which means it is capable of having a conversation and remember the contexte of the discussion. This dialogue format allows ChatGPT to answer follow-up questions, admit mistakes, challenge incorrect premises, and reject inappropriate requests.

Some people have described ChatGPT as a major advancement in #generativeAI, comparing its significance to the birth of the Internet, the moon landing, the first iPhone, or even the first nuclear explosion.

"ChatGPT was dropped on us just bit over 24 hours. It's like you wake up to the news of first nuclear explosion and you don't know yet what to think about it but you know world will never be the same again." - Shital Shah - Principal Researcher, Microsoft on Twitter

After playing a bit with it as a copywriting tool to proof, improve or translate my writings, being amazed by its potential in an academic context and messing around with my LinkedIn profile, I got down to a more serious task:

Could ChatGPT be used to streamline a privacy audit process?

Turn a website privacy & cookie policies into Apple Privacy Labels?

For this demonstration, I used the full version of the BBC website's privacy and cookie policy to test ChatGPT's capabilities in streamlining an audit process.

I started with a very simple question - which is what many people have been doing so far with ChatGPT. This is very basic - using it as some kind of smarter Google search tool.

The ICO suggests a similar approach to what ChatGPT has outlined. Using those steps, I could have formulated questions for a data protection impact assessment (DPIA) document. However, my interest was in seeing if ChatGPT could summarize the policy in a table similar to Apple's Privacy Labels. I believe that the Privacy Labels have done more to educate consumers about data protection in a short period of time than the General Data Protection Regulation (GDPR) has in years.

So, would ChatGPT take a web privacy policy and turn it into something similar to Apple's Privacy Labels? It didn't want to make it easy for me:

So I tried something else...

Hmm... what about this?

Ok, now we're getting somewhere!

I'm making progress! I haven't completed all of my experiments yet, but it's clear that there is potential to create something interesting from a privacy audit and compliance perspective. I'm excited to continue exploring the possibilities.

Parting thoughts

In conclusion, this experiment demonstrates ChatGPT's ability to answer general questions using natural language processing and combining concepts, as well as its flexibility in manipulating data. While there may be errors and omissions in its answers, this was not the main focus of my exercise.

Others have criticized ChatGPT for being biased, poorly trained, and potentially dangerous. Some have compared it to a "stir-fry" of information, mixing together various sources without understanding the context or implications. Alexander Hanff (LLM, CIPPE, CIPT) , a prominent figure in the privacy community, has raised concerns about the accuracy of ChatGPT's answers, stating that since they are based on information from the internet, they can't be reliable. In other words, the quality of ChatGPT's responses is only as good as the information it is given. This is a significant risk and should be considered when using the tool.

Consider the following:

• The potential for ChatGPT to be used in niche areas, like GDPR and privacy, is significant. In the future, the technology behind ChatGPT could be used to facilitate conversations by training it with a wealth of accurate, authoritative information.
• Currently, ChatGPT can not access internet resources - and this is intentional. The internet's gates will likely be opened in the future, providing new and powerful opportunities for conversation using actual content.
• It is worth noting that the current version of ChatGPT is based on GPT-3, but GPT-4 is expected to be much larger, with as many parameters as the human brain has synapses.
• One could very well create a new model based on the ChatGPT powerful technology and train it only with authoritative, niche knowledge like the GDPR and privacy;

The true power of ChatGPT lies not only in its ability to provide answers to simple questions, but in its potential to generate creative solutions to existing problems. As the technology continues to evolve and improve, it will be exciting to see the innovative ways in which ChatGPT is used in the future.

So, back to my initial statement:

Imagine if you could leverage the ChatGPT technology to crawl a website, ask it to review its privacy policy based on the GDPR or other regulation, and provide relevant and actionnable recommendations.

I'm confident this is possible. What do you think?

About the headline image

The capture from ChatGPT headlining this article was a big surprise to me, as I only began using the #NoConsentNoTracking hashtag two years ago. My ramblings about this notion are only a drop in the Internet universe. While the explanation provided by ChatGPT correctly represents the spirit of it, it is worth noting that I have never used the word "campaign" in this context and I do not recall explicitly insisting on "raising awareness" or mentioning privacy enhancing tools like VPNs or encryption.

When asked for its opinion on the #NoConsentNoTracking campaign, ChatGPT provided a factual response, stating that as a machine learning model, it does not have personal opinions or beliefs and can only provide information and explain the likely reasoning behind the use of the hashtag. It is up to individuals to decide for themselves whether they support the campaign and its goals.

Whether you agree with the spirit of #NoConsentNoTracking or not, it is important to continue the conversation and consider the implications of using machine learning models like ChatGPT and its impact on creativity, and its potential to solve privacy challenges.

If you have made it this far, please note this weekly newsletter is being done completely independently and without any financial support. If you want to support me, you can?Buy Me a Coffee!

If you want to sponsor an upcoming edition and reach my audience of over 10,000 people,?contact me!