“People and small businesses are using a lot of AI tools. My family members use ChatGPT for medical consultations, uploading all their health information. This is dangerous in the context of AI,” said Nguyen Quang Dong, director of the Institute for Policy Studies and Media Development (IPS). 

He spoke at a workshop on “Compliance with the personal data protection law – challenges, risks and technological solutions”, held on March 20.

This warning highlights an alarming reality about users’ “naivete.” In the era of widespread AI adoption, the line between convenience and privacy risk is becoming thinner than ever.

Chatbot “doctors”

Dong said many users now treat ChatGPT as an “all-purpose” tool while forgetting how machine learning works. Uploading personal health data to AI for diagnosis is essentially exposing highly sensitive private information. These platforms not only store the data but may also use it to train models, creating risks of data leakage in various forms.

The vulnerability does not come only from AI but also from familiar mobile applications. He pointed out a common “trick”: ride-hailing apps such as Be often default to requesting access to “all photos.” 

“Does a transportation service really need access to our entire personal photo library? Clearly not. It goes beyond the scope of reasonable data collection,” he said.

In reality, businesses often set "allow all" as the default mode. Users, seeking to use the service quickly, frequently skip checking privacy options, unintentionally opening the door to their private lives for corporations.

Nguyen Hung Son, Vice Chair of FSI, added that most users lack "de-identification" skills, i.e., the process of removing personal or corporate attributes before inputting data into chatbots. Proper de-identification allows users to leverage AI's power without personal risk.

Human factors were also highlighted in discussions regarding recent serious data breaches in Vietnam. Luu Xuan Vinh, Managing Lawyer at Asia Legal, said human-related factors account for 32.6 percent of the causes of data leaks and losses. 

"For Vietnamese people, especially the younger generation, posting personal information publicly on social media is a daily habit. They feel restless if they don't share for a day," he remarked. This information inadvertently becomes a lucrative target for criminals.

Dong recommended that security solution providers offer "affordable service packages" so that small businesses can access data protection technology, thereby ensuring "digital trust" in the market.

According to Son, while Data Loss Prevention (DLP) solutions previously cost billions of VND, basic packages for SMEs have now fallen to around VND100 million. This technology helps mitigate risks from internal personnel, such as system administrators taking customer data when they resign, a persistent issue not only in Vietnam.

Du Lam