I asked ChatGPT to draft a Privacy Policy for "my grocery shopping app". It wrote a really nice one. In two seconds (non-billable). Any idea what lawyers will do next?
Aside from all of the apprehensiveness already shown by people in this comment section. This Privacy Policy, which by the way is actually a Notice, or supposed to be, is going to land the grocery store in trouble. It’s not detailed. Everyone know a grocery store running an online App probably collects more data than that anyway. ChatGPT will create the context for some lawyer’s work, it will never be a susbstitute, it can support the work though.
In addition to knowing the business well enough to ensure fuller transparency, build a policy that speaks to the customer directly and represents the brand. I recognize the later two are rare (having read hundreds of them, I can only think of a handful that actually do this well). But a great privacy attorney will take the bones required and create something that enhances customer trust. Lawyers are missing the mark if this is the type of policies that law firms are pushing out. Simple and streamlined as this is (which is a great goal!), it more than likely misses most of what the business actually does with personal data to fulfill the services. And, that’s just not the level of transparency lawyers should strive for delivering to individuals.
I takes me 1 second to copy and paste one from "the internet". Its as good as this one.
Theyll review it to see it actually does what client wants, just like right now lawyers fill in & review decades old templates. You could argue that lawyering is already so routinised it's already practically non intelligent ie AI...
Doesnt look like a GDPR compliant privacy notice to me Omer so lawyers should be fine for the foreseeable future.
Wow. Do you know how to drive a snowplow? I hear there are lots of openings in the Snow Removal industry. 🙄
I'm not a lawyer. No-one needs a lawyer to write a privacy notice. In fact, the (few) good privacy notices are those which have not been lawyered into incomprehensibility. This privacy notice fails to meet GDPR requirements in a number of ways. For a start, it's not actually explaining the specific details of a specific organisation's processing of personal data. So it's fiction, and bad fiction at that. It equates 'use of the services' with 'agreement to the policy' which places all of the processing either on the basis of (invalid) consent or on the (invalid for some of the processing) basis of contract. It does not specify which processing of which data is carried out for which purposes and under which lawful bases - essential information for data subjects to be able to exercise their rights. It says "your privacy is important to us", and everyone knows that's always a lie Sigh. This is as vErY cLeVEr as getting an algorithm to write your business plans for you based on scrapings of Wikipedia articles about tech CEOs would be.
Firstly, this is not GDPR compliant. Secondly, ChatGPT does not remain updated on changing legal developments especially in the privacy world - right now, it has knowledge of only till 2021. So much has happened after 2021 in the privacy legal space and still happening. Thirdly, ChatGPT cannot interpret laws - it cannot read court decisions, guidances from regulatory authorities and legal texts all together to reach conclusions. So, lawyers would still remain valuable.
A classical "We don't care about your rights" kind of policy. Quite disturbing actually - if that is how OpenAI view the area
AI, Data & Digital Policy Counsel, LL.M., CIPP/E | I help organisations navigate Digital Policy and operationalise AI and Data governance
1yLawyers will know to ask the app developer first about how the data are actually used. And only on that factual basis will they draft the policy. Doing it the other way around is a recipe for non-compliance and legal sanctions, not to mention the disregard of actual privacy. Creating this policy is neither the first nor the most valuable thing lawyers will spend their time on. Smart lawyers may use ChatGPT for first drafts, but will review all outputs and will be aware of the tool's limitations. This sample is not compliant with GDPR for example, as it doesn't disclose the data controller's identity first, breaching WP29 Transparency guidelines, and uses the American term "sell", which is not a thing we can do to data in Europe. A non-lawyer has no way of knowing about these limitations. Further, you may not be aware of that, but ChatGPT is known for embedding hidden falsehoods into its outputs, so no one should ever (!) take them at face value. My colleagues and I tinkered with ChatGPT, discussed our experience and looked at what other people are saying, and we all share this view. Here's more on this topic: https://www.linkedin.com/pulse/high-time-take-chatgpt-offline-aleksandr-tiulkanov/