Category Archives: Internet

4 Things Businesses Should Know About ChatGPT

Workers in your business are probably trying out ChatGPT. Here are 4 things you should know.

#1 – You don’t own what it writes. ChatGPT output is not copyrightable. The Copyright Office explains: “When an AI technology determines the expressive elements of its output, the generated material is not the product of human authorship. As a result, that material is not protected by copyright.” So, if your competitor copies your ChatGPT generated content, there won’t be much you can do about it. ChatGPT may even help them do it. From OpenAI: “[d]ue to the nature of machine learning, Output may not be unique across users and the Services may generate the same or similar output for OpenAI or a third party.”

#2 – You may need another’s permission to use what it writes. ChatGPT “learns” by ingesting material that it can reproduce, at least in part, in response to user prompts. As claimed in the mounting number of lawsuits targeting generative AI, the material ingested can include copyrighted material. Therefore, the output could include that copyrighted material, and your use of it could be copyright infringement. OpenAI grants users rights in the content generated by ChatGPT, but that won’t prevent a copyright owner from suing you.

#3 – It can’t keep a secret. Whatever information you input is not confidential. ChatGPT is ingesting and storing all the information it receives, and using it to improve its answers to prompts. So, its very purpose is to use your information to inform others. From the opening screens: “Conversations may be reviewed by our AI trainers to improve our systems…Please don’t share any sensitive information in your conversations.” There is an option to prohibit use of your data to train the AI, but exercise of that option requires trust in both your employees to use it and OpenAI systems to actually honor it.

#4 – It makes stuff up. You need to fact-check ChatGPT output. This right from opening screens: “the system may occasionally generate incorrect or misleading information….” From the Your Rights Section of the OpenAI Privacy Policy: “you should not rely on the factual accuracy of output from our models.” Lawyers will know the story of the attorney who used ChatGPT to write a brief that included citations to cases that did not exist. Don’t be that guy.

Connecticut Personal Data Privacy Law – What to Know

Connecticut passed a personal data privacy law this year. Here’s what businesses should know.

  • The law includes industry-specific and data-specific requirements, so business-specific analysis is required.
  • The law takes effect July 1, 2023, so there is time to prepare.
  • The law applies only to businesses possessing data of 100,000 or more CT consumers (if the business earns more than 25% of revenue from the sale of consumer data the number is 25,000). Non-profits, institutions of higher education and certain financial businesses subject to other regulations are exempt. HIPAA and other medical information, credit information, and certain other categories of information are exempt.
  • Businesses must disclose: the categories of personal data they process and the purpose of the processing; whether the business shares or sells personal data; and how consumers can access, modify, delete, or opt-out of use of their data.
  • Businesses must allow consumers to access their data, request copies, correct inaccuracies, and delete their personal data, and must comply with requests within a reasonable time, presumptively 45 days.
  • Businesses must employ “reasonable” security practices to protect consumer data and document those measures with respect to data that could be especially harmful to consumers if disclosed. That includes data used for targeted advertising or profiling.
  • Use of consumer data to improve functionality is permitted.
  • More strict requirements apply to child data.
  • There is no private right of action for violation of the law. Only the Connecticut Attorney General can enforce it. That means businesses will not be flooded with class action and contingent fee lawsuits on day one, and until 2025 the AG is required to give 60-day notice of any violation and an opportunity for the business to cure it before bringing suit.
  • Violation of the law is a violation of CUTPA, the Connecticut Unfair Trade Practices Act, for which remedies include punitive damages and attorneys’ fees.
  • Connecticut joins California, Nevada, Maine (limited to ISPs), Colorado, Utah and Virginia in enacting specific data privacy laws. The California, Nevada and Maine laws already are in effect. The rest take effect beginning 2023. Many of the laws are similar, but not identical, so if you have customers in all those states, you should know all those laws.

You can read the Connecticut law here.

Clickwraps and Browsewraps: What’s the Difference?

Clickwrap and browsewrap agreements are documents typically used by website owners to mandate the terms on which users may access their websites. The difference between the two is the manner in which the user agrees to the terms. Clickwrap agreements require an overt act of consent by the user. Typically, the user must click a button to signify acceptance. Browsewrap agreements do not require any overt consent. Rather, the website owner posts the terms of use on the site and asks that users not access the site unless they agree to those terms.

Courts treat the two differently because of the difference in the manner in which the user accepts the terms. Clickwrap agreements are generally enforceable because the user’s click is an affirmative act indicating acceptance. The enforceability of browsewrap agreements depends on the prominence of the browsewrap terms. The more prominently the terms are displayed, the more likely a court will rule that users are bound because they must have seen the terms (or deliberately ignored them) and therefore a user’s continued use of the site demonstrates consent to the terms.