Read this Access Alert in Spanish | Lea este Access Alert en Español
The Superintendency of Industry and Commerce (SIC) announced the opening of a preliminary investigation to determine the compliance of Artificial Intelligence (AI) chatbot ChatGPT with Colombia’s data personal data protection legislation.
The investigation comes after ChatGPT gained worldwide popularity in recent weeks and was used by some Colombian judges to draft court rulings, generating controversy and reviving some fears related to compliance with data protection regulation, or even, the applicability of such a regulation for the use of this type of technology.
In this context, the privacy watchdog stressed that its main interest is to determine the way in which ChatGPT complies with the provisions enshrined in the Personal Data Protection Law, particularly regarding the protection of users and their personal data obtained by the famous chatbot.
Colombian regulation determines protection responsibilities for those who conduct data processing and storage, as well as legal principles for carrying out activities related to the exploitation, storage, and transfer of personal data to third countries, among others.
Despite these efforts, the Colombian regulator is not the first actor to take action in the face of ChatGPT’s rise to fame. Recently, Italy’s national data protection authority, Garante, temporarily banned ChatGPT over alleged privacy violations, citing the company’s failure to comply with the EU’s General Data Protection Regulation (GDPR). As a result, ChatGPT’s developer OpenAI, responded to the Italian’s watchdog inquiry and received approval to continue its operations, following compliance with EU personal data protection regulations.
What are possible effects from the SIC’s investigation?
Despite having a relatively short time in mainstream technology, ChatGPT enjoys great attention from users and regulators around the world. Moving forward, some potential effects from these types of investigations include forcing developers of these technologies to change their operation modes in each country to comply with different legislation, particularly that related to online minor protection, privacy, and personal data protection. In addition, they will be required to provide greater transparency to users on the type of data collected and for what purposes.
In terms of SIC’s investigation, it is possible that the regulator determines the minimum information conditions that ChatGPT’s OpenAI must present to its users in Colombia, as well as requirements to establish safeguard mechanisms for data storage and transfer to third parties, including to other countries.
Finally, situations like this reveal authorities’ interest in terms of the behavior and regulation (or lack of it) against disruptive generative AI platforms. The question remains whether countries decide that it is necessary to delve into a specific regulation for such applications, or if the existing regulatory frameworks are prepared enough for the effects of an intensive and massive use like the one proposed by ChatGPT. Likewise, Colombia is the first Latin American country to launch an investigation against generative AI systems, potentially inspiring other countries in the region to follow suit.
Access Partnership constantly monitors public policy and regulation developments in Latin America. For more information or against our services please contact Geusseppe Gonzalez at [email protected], and Rodrigo Serrallonga at [email protected].
