Is AI's use of personal information legal?

A woman with binary projected across her face
(Image credit: Cottonbro Studio (via Pexels))

TechRadar created this content as part of a paid partnership with Avast. The contents of this article are entirely independent and solely reflect the editorial opinion of TechRadar.

Artificial Intelligence (AI) programs, like ChatGPT, are the latest craze with dozens of fans sharing generated articles and images using just a little bit of information. Upload pictures of your favorite celebrity, or even yourself, and AI will create stunning caricatures. Give a few parameters and out pops impressive design ideas. Input a few sentences, and you get a story or a news article to share.

With all the information being put into teaching AI how to work or create content, one area that hasn’t been highlighted too well is the privacy and protection of personal information used. Add in the fact that anyone can use anyone's personal data, without permission, and the risk of identity theft, and cybersecurity issues in general, rises to a whole new level.

Once you have submitted personal information to an AI, there is a way to backtrack and delete it when you’re done. However, because of the nature of how artificial intelligence learns and operates, most of the information is still retained. Think of it like your brain learning something new. You can read a book about medical terminology, but even after it’s put away, what you’ve seen and learned will still be remembered.

Avast One antivirus 1 year: save 70% |$29.99 £23.99

Avast One antivirus 1 year: save 70% |$29.99| £23.99
Protect all your devices from malware, data leaks, and unauthorized webcam access, plus get 5GB of weekly access to a secure VPN. This is the best price you'll find online, and it's only available to our readers, for a limited time.

Cybersecurity in action.

(Image credit: iStock)

Across the United States and Europe, there are laws to protect digital privacy. For example, it’s hard to visit a website and not have a cookie warning pop up asking for your consent to collect data while you’re there. Other regulations are industry specific, such as the Health Insurance Portability and Accountability Act (HIPAA) which protects patient medical information. But what about AI?

In a recent blog about ChatGPT's use of personal data, global internet security leader, Avast, highlighted the General Data Protection Regulation (GDPR) that regulates personal data collection and online use, and how the fast-developing AI industry isn't able to comply with these laws.

"There is a legal basis for processing personal data for scientific and historical research, but the controller must comply with GDPR's principles and rights, such as the right to be informed, right of access, right to rectification, right to erasure, right to object and right to data portability. It would appear, then, that the language learning models don’t comply with GDPR, which could become a major barrier to growth in the future."

...language learning models don’t comply with GDPR, which could become a major barrier to growth in the future.


As Avast points out, because of how AI work, subjecting them to the current regulations of the GDPR, and other data collection laws could, in essence, stunt its growth. Artificial intelligence is a fascinating area with lots of benefits that need the right information to continue developing, and right now that tends to be personal information. Because of this, the AI industry needs to be regulated separately, and consistently to keep up with its fast evolution.

AI is definitely on the legislative radar, but there haven’t been many laws passed, yet, and nothing overarching that broadly impacts the industry. According to the International Comparative Legal Guides (ICLG), most of what has been happening on the federal, and even local levels, has been geared toward creating task forces to look at the AI industry and determine the best way to tackle personal privacy issues. While this is a good step, it also means we're a ways off from enacting any real, helpful protections for personal information use.

In the meantime, there are things consumers can do to help protect themselves and reduce the risk of compromising their physical and digital identities.

HideMyAss! Windows App with Sidebar

(Image credit: HideMyAss!)

How to protect your privacy

If you use antivirus software, check to see if it has system or browser scans, sometimes called smart scans. These look for cookies and other digital data collection devices on your computer or mobile phone and remove your usage history from them. This will cut down on information that’s available to swipe.

Another helpful tool is a virtual private network (VPN). VPNs hide your IP address and other identifying information while you’re online. They also scramble and encrypt any information you share online, so it's hard to decipher it if it is intercepted.

Once you're disconnected, your browser history isn’t logged, so there isn't a trail leading back to you. It’s also harder for adware and spyware and other programs to track your online movements, snatch your information, and use it.

While there isn't a fail-proof way to always guard your information, using an identity theft protection service is helpful in knowing when your personal information has been compromised and in reclaiming it. The best services will track both your online and physical identity in a plethora of areas, such as the dark web, medical records, and even criminal records, to see where it is being used. 

Avast One app showing a completed smart scan

(Image credit: Avast)

All-in-one Protection 

You can purchase a VPN and identity theft software separately, but there is great antivirus software that includes all of these tools. One of the best is Avast One. Avast has the system and browser scanners, plus a device cleaner, to remove anything information that is collected for tracking purposes. You can manually run these scans, or set times for them to run automatically.

Avast has also partnered with HideMyAss (HMA) VPN and gives you 5GB of weekly access. It will automatically connect if you set it to do so, and gives you access to servers worldwide, so your IP address is never the same when you go online. After you’re done, neither Avast nor HMA will keep a log of where you’re gone or what you’ve done, and all browser history is wiped away.

If you choose the Avast One Platinum subscription, you can take advantage of its identity theft monitoring. You'll get alerts when even your passwords are leaked, but it also keeps an eye on the dark web for any of your personal information being used or sold, including birthdates, banking information, and social security numbers. And it will help you recover your identity if it is stolen.

The best part of Avast One is all these tools are added to its already stellar antivirus software that has consistently proven to be effective at stopping malware. Independent test labs, like AV-Comparatives and AV-Test, have given Avast perfect scores for blocking malware, including new threats that haven’t been formally identified yet. And, it also receives high marks for performance, meaning it won’t create a noticeable slowdown on your computer while it’s installed or running. 

Nikki Johnston
Commissioned Editor

Nikki is a commissioned editor for Future Plc covering internet security including antivirus and VPN. With over 18 years of research and writing experience, and 11 years of testing and reviewing internet security solutions, Nikki knows how to dive deep to get the information consumers need to make better buying decisions. She is also a mom to 10 children, and personally uses many of the products she reviews to ensure the safety of her own family.