Spanish Data Protection Agency investigates ChatGPT

  • Not everything goes in the name of progress. The Spanish Data Protection Agency investigates ChatGPT and its information management.

  • We have told you a lot about the advantages of Artificial Intelligence for eCommerce, the possibilities it has and how it is capable of boosting business productivity to levels never seen before.
    But not everything is as pretty as it seems. There are some aspects that concern the community, among them data management that this chat collects. Will it be in accordance with the law? Moreover, should not there be a regulatory framework specifically designed for these self-generating AI-based technologies?
  • Critical Voices on the Evolution of Artificial Intelligence

  • Faced with the cruising speed that AI technology has taken in recent months, with hundreds of applications such as ChatGPT, Bard, Midjourney or Leonardo emerging almost every day, some referents in the world of technology are calling for pause and reflection.
    In fact this petition, which has already been signed by more than 7,000 people, has been driven by such relevant names as Steve Wozniak (Apple), Jaan Tallinn (Skype) or the controversial Elon Musk. The latter is especially notorious, since it should be remembered that he was part of Open AI, the company that created ChatGPT.
  • It is not that they are against this technology, but they do consider that it is not being properly managed, and this entails a serious risk for humanity. They urge to stop training for at least 6 months, and use this period to establish a protocol, good practices, an audit of the projects and, of course, a legal framework that we lack so far.
  • Europe and Spain investigate ChatGPT

  • This particular concern has also reached institutions and governments. In this case, the main concern is the management of the data collected by the chat and the subsequent use that the tool can make of it.
    ChatGPT is not able to discriminate which of these data are protected or sensitive and which are not. As it is a totally open interface, we have no guarantee of what can happen with the information we are introducing in a global system such as the one designed by Open AI.
    There is no filter, not even a simple warning. Therefore, when, for example, a worker in our company uploads a text to make a summary to facilitate a presentation, this data becomes part of the learning of the model itself and, consequently, we lose control over it.
    This means that it may appear in an answer to a question asked by a competitor, but what if it contains information about our employees, or if it is related to our strategy or a new product?
    Italy has been the first European country to take action. On Friday, March 31, Italian authorities ruled that access to ChatGPT should be limited and blocked on the grounds that it was in breach of GPDD rulings issued by the Italian Data Protection Agency.
    Textually, they speak of the "unlawful collection of personal data" and, consequently, have opened an investigation.
    In Spain the situation is similar. On April 13, a press release was published on the website of the Spanish Data Protection Agency (AEPD). In this press release it is made public that the AEPD has initiated an investigation into ChatGPT for non-compliance with national data protection regulations and the European GDPR.
  • It is important to emphasize that, foreseeably, the actions derived from this research could be applied within the framework of the European Economic Area, since they are intended to be "harmonized and coordinated" among all the Member States, within the framework of the GDPR.
    Literally, the aim is to advocate the development and implementation of innovative technologies such as AI, but in full compliance with current legislation. To this end, a working group has been set up and is already operational.
    Therefore, it is not that the use of artificial intelligences is being criminalized or prohibited; but so far, the management of all the information collected, stored and processed is opaque, and this is incompatible with laws that are increasingly restrictive in this regard.
  • From our point of view, this is good news. If we care about the security of our customers' data, it makes sense that the tools we use should be just as scrupulous.
  • Do you think the fact that the Spanish Data Protection Agency is investigating ChatGPT will slow down its development? Share your thoughts with us in the comments or on our social networks.

  • Images | Unsplash.

Jordi Ordóñez

Jordi Ordóñez is an eCommerce and SEO consultant with more than 16 years of experience in online projects. He has advised clients such as Castañer, Textura, Acumbamail, Kartox or Casa Ametller. Write in the official blog of Prestashop, BrainSINS, Marketing4ecommerce, Photography eCommerce, Socialancer, and SEMRush among others. He is an editor on the Oleoshop blog.

search posts

Last posts

This website stores data as cookies to enable the necessary functionality of the site, including analytics and personalization. You can change your settings at any time or accept the default settings.

cookies policy


Necessary cookies help make a web page usable by activating basic functions such as page navigation and access to secure areas of the web page. The website cannot function properly without these cookies.


Personalization cookies allow the website to remember information that changes the way the page behaves or the way it looks, such as your preferred language or the region in which you are located.


Statistical cookies help web page owners understand how visitors interact with web pages by collecting and providing information anonymously.


Marketing cookies are used to track visitors on web pages. The intention is to show ads relevant and attractive to the individual user, and therefore more valuable to publishers and third-party advertisers.