In this article I explain how to use ChatGPT as a weapon (weaponize) to create a response and request your ARCO rights. For a few months I have been receiving unwanted emails from two companies in Mexico. A participant from that country registered in both companies and gave mine as a contact email. It is an email from Gmail, from Google, and I do not know the reason, but it has already happened to me several times. It is probably because a Gmail address does not distinguish points, that is, if you write to email@example.com it is the same as writing to firstname.lastname@example.org or email@example.com. The individual is likely to have made a mistake when putting his address (we share name and first surname) or simply had to give an email and gave anyone, which exists and belongs to me.
What I find hard to believe is that it is possible to create an account, associate an email from someone else, not verify that email (I never verified that the account of those two companies was mine) and then not respond adequately to my request to remove my information from their databases.
In the age of the internet, we all have a digital self, and it is necessary that we control our data because it belongs to us. The so-called ARCO rights are those that a person has to exercise control over their own personal data. In particular, these are the rights of access, rectification, elevation, or position. All companies in Spain and Mexico must have the possibility for an individual to claim them and according to the law, if a person requests the cancellation of an account they have to do so.
In Spain it is included in Organic Law 3/2018, of December 5, on ‘Protection of Personal Data and guarantee of digital rights‘. In the case of Mexico, the ‘Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)‘, approved on April 27, 2010, is currently in force, which aims to regulate the right that an individual has over their data. Its provisions are applicable to all natural or legal persons, from the public and private sector, both at the federal and state level, who carry out the processing of personal data in the exercise of their activities, therefore, companies such as banks, insurers, hospitals, schools, telecommunications companies, religious associations, and professionals such as lawyers, doctors, Among others, they are obliged to comply with the provisions of this law.
A Crusade in Mexico
Since I received a spam email from one of the companies, I contacted them to delete my mail from their databases. To this day, more than a year later, I continue to receive spam emails from that company. Their response has been to send me a form of several fields, one of them Customer Code and since I do not know the customer code, since I am NOT a customer, they tell me that the form is incomplete.
In view of the fact that nothing has been resolved, and spam continues to reach me, I contacted the Data Protection Agency of Mexico, called there the National Institute of Transparency, Access to Information and Protection of Personal Data (https://home.inai.org.mx/). At this moment a trade is open, and I hope that they resolve soon and force the company to delete my personal and non-transferable email from their databases.
The same thing has happened with the other company, I also receive unwanted emails, but more spaced in time. I have also complained to the data protection agency, but the funny thing is that the company that registered without my permission or verification my email is the state energy agency, that is, it belongs to the government of Mexico, it is not a private company. If you ask me if it is easier to request my ARCO rights from a state company my answer is no, it is the same wheel, go around the same thing and follow my mail in their databases in Mexico after demanding its elimination several times.
One way to reply to these types of messages is to use ChatGPT (https://openai.com/blog/chatgpt/), an optimized dialogue model created using artificial intelligence that creates conversations based on a comment you make. It is a model trained to interact conversationally. The dialog format makes it possible for ChatGPT to answer follow-up questions, admit its mistakes, question incorrect premises, and reject inappropriate requests.
Well, I used ChatGPT to respond to a spam email from one of those companies. I have put this as a starting comment:
I received a spam email from Ban****** with this subject “Do not let any more time pass use your Bank Credit Card this month******”. Can you, please, make a response to request my ARCO rights and to delete my email from their databases, referring to the data protection law of Mexico? Thank you.
Here is a sample letter that you can use as a reference:
Sure! I’d be happy to help you draft a response to request your ARCO rights and to have your email removed from Bancoppel’s database, referencing the Mexican data protection law. Here’s a template you can use:
The purpose of this letter is to request the exercise of my ARCO rights (Access, Rectification, Cancellation and Opposition) established in the Federal Law on Protection of Personal Data Held by Private Parties.
Today, on [date of email received], I received an unsolicited email from your company with the subject line “No dejes pasar más tiempo utiliza este mes tu Tarjeta de Crédito BanCoppel”, which causes me discomfort and dissatisfaction, as I did not authorize receiving promotional emails from your institution.
Therefore, I respectfully request that my personal and contact data, including my email address, be canceled immediately from your customer database, as I do not wish to receive any further communications from you.
I remind you that according to the Federal Law on Protection of Personal Data Held by Private Parties, in Article 16, you have a maximum period of 20 business days to respond to my request and to effect the cancellation of my personal data.
Thank you in advance for your attention to this request. I look forward to your prompt response.
[Your full name and electronic signature]
I hope this helps! Remember that you have the right to protect your personal data and to request its cancellation at any time if you do not wish to continue receiving communications from Bancoppel or other companies. Good luck!
There is no doubt that personal data is very important to people who use the internet. There is a digital self that has to be protected. The email addresses have to be verified and if someone registers on a web page it is essential that it is confirmed by email that that person is really who they are.
Bureaucracy is sometimes absurd. To request ARCO rights it should only be necessary for a person to send an email from the email address from which the cancellation or opposition is requested. It is ridiculous that they request more information, such as, for example, documents that prove who I am, since I really do not want to have anything with that company, I am not a client, and it is not acceptable that they ask me for documentation so that they have more information about me.
In any case, the mere request by an individual to delete their data from databases of companies of which you are not a customer should be taken more seriously, and act proactively on the part of that company to eliminate that digital trace.