Table of Contents
While generating Privacy Policies is not the intended use of ChatGPT, several individuals have used the tool to write their Privacy Policies. Thus, in the spirit of sportsmanship, our first task was to ask ChatGPT whether we should do so. Here is its response:
Issue 1: Does GDPR actually apply to you?
As discussed before, ChatGPT cannot determine what privacy laws apply because it cannot ask questions. Thus, by using ChatGPT, it would be up to the business owner to determine what privacy laws apply to them, which means reading each privacy law and interpreting the factors of who those privacy laws apply to. In this case, we told ChatGPT that GDPR applies to us, and thus the tool is assuming that this is indeed the case and thus we cannot entirely blame the tool for this issue if GDPR does not actually apply to us.
|Last updated date||Yes|
|What personal information is collected||Yes|
|The legal basis for collecting and processing the personal information||No|
|Purposes for which the personal information will be used||Yes|
|Consequences for not providing personal information||No|
|Whether personal information will be shared||Yes but the text is self-contradictory because it first states that personal information will not be shared but then states that personal information may be shared with third-party service providers.|
|The categories or names of the third parties with whom personal information will be shared||No|
|The privacy rights provided to individuals||Yes. However, certain privacy rights such as the right to portability, and the right to complain to a competent authority are missing.|
|How individuals can exercise their privacy rights||Yes|
|If personal information is used for automated decision making or profiling, then the logic behind such automated decision making or profiling||No (if you do use the personal information for automated decision making or profiling).|
|Where personal information will be transferred to||No|
|If the business has a Data Protection Officer, that Data Protection Officer’s name and contact details||No (if you do have a Data Protection Officer).|
- Only one privacy law applies to you;
- You provide ChatGPT with all of the disclosures required by that privacy law;
- You provide ChatGPT with your exact privacy practices; and
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.