OpenAI, the company behind the AI chatbot ChatGPT, is currently facing a privacy complaint in the European Union. Privacy rights non-profit organization noyb has filed the complaint on behalf of an individual who claims that ChatGPT generates incorrect information about them and OpenAI has failed to correct it. This raises concerns about OpenAI’s compliance with the General Data Protection Regulation (GDPR), which regulates the processing of personal data of EU users.
The issue of AI tools generating inaccurate information has been well-documented, and it poses a potential collision course with GDPR regulations. Non-compliance with GDPR can result in penalties of up to 4% of global annual turnover for companies. Additionally, data protection regulators have the power to order changes to how information is processed, potentially impacting how generative AI tools operate in the EU.
OpenAI has already faced consequences due to GDPR non-compliance when Italy’s data protection authority intervened in 2023, temporarily shutting down ChatGPT. Now, noyb is submitting the latest GDPR complaint against ChatGPT to the Austrian data protection authority on behalf of an unnamed individual who found that the chatbot produced an incorrect birth date. According to noyb, OpenAI refused the individual’s request to correct the birth date, claiming it was technically impossible.
Under the GDPR, individuals in the EU have the right to have erroneous data corrected. noyb argues that OpenAI is failing to fulfill this obligation by not rectifying the incorrect information generated by its chatbot. OpenAI’s privacy policy does provide a means for users to submit a correction request, but it also acknowledges that due to the technical complexity of their models, not all inaccuracies can be corrected. In such cases, OpenAI suggests users request the removal of their personal information from ChatGPT’s output.
However, GDPR rights are not optional for companies like OpenAI. Individuals in Europe have the right to request both rectification and deletion of their data. noyb highlights that it is not OpenAI’s prerogative to determine which of these rights are available to users. The complaint also raises concerns about the transparency of data processing, as OpenAI allegedly cannot disclose the sources and recipients of the data it generates on individuals. GDPR grants individuals the right to request this information through a subject access request (SAR), which OpenAI supposedly failed to adequately respond to.
Maartje de Graaf, a data protection lawyer at noyb, emphasizes the significance of the complaint, stating that generating false information, especially about individuals, can have serious consequences. De Graaf asserts that chatbots like ChatGPT must comply with EU law and not vice versa. The technology must adhere to legal requirements, ensuring accurate and transparent results when processing data about individuals.
OpenAI is currently facing a similar complaint in Poland, where the local data protection authority is investigating ChatGPT’s compliance with GDPR. Last year, the Italian data protection authority initiated an investigation into ChatGPT due to GDPR violations, including the chatbot’s tendency to generate misinformation about people. OpenAI has until now responded to the findings, and the investigation remains ongoing.
With the latest GDPR complaint against ChatGPT, OpenAI faces an increased risk of encountering multiple GDPR enforcements across different EU Member States. To mitigate this risk, OpenAI recently opened a regional office in Dublin. This move aims to centralize oversight of cross-border complaints under the authority of Ireland’s Data Protection Commission, as per the GDPR’s mechanism.
In conclusion, OpenAI’s privacy complaint in the EU highlights the challenges that AI chatbots like ChatGPT face in complying with GDPR regulations. The issue of generating inaccurate information poses significant risks for individuals and raises questions about transparency and compliance. OpenAI will likely have to address these concerns and work towards ensuring that its AI models and chatbots align with the legal requirements of the EU.
Source link
