OpenAI Faces EU Privacy Complaint Over ChatGPT's Alleged GDPR Violations

OpenAI, the Microsoft-backed startup behind the popular AI chatbot ChatGPT, is facing a privacy complaint in the European Union filed by the privacy rights non-profit NOYB (None of Your Business). The complaint, submitted to the Austrian data protection authority (DSB), alleges that ChatGPT fails to rectify inaccurate personal information it generates, potentially violating EU data protection regulations (GDPR).

Under GDPR, individuals in the EU have the right to access and correct their personal data. However, OpenAI has admitted that it cannot rectify inaccurate information generated by ChatGPT. The complaint originates from a case where ChatGPT provided false information about people and OpenAI can't correct it, and OpenAI refused to rectify or erase the data, claiming it was technically impossible.

NOYB argues that companies are currently unable to make chatbots like ChatGPT comply with EU privacy laws when processing data about individuals. "If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals," stated NOYB in the complaint. The group emphasizes that technology must adhere to legal requirements, not the other way around.

The complaint also raises concerns about GDPR transparency, as OpenAI allegedly failed to adequately respond to requests for information about the data it processes and its sources. Similar complaints have been filed against OpenAI in Poland and Italy, where the data protection authority found potential GDPR violations related to ChatGPT's tendency to produce misinformation.

Why this matters: The outcome of this complaint could reshape how generative AI tools like ChatGPT operate in the EU. With the increasing popularity and widespread use of AI chatbots, ensuring compliance with data protection regulations is critical for protecting individuals' privacy rights. The case highlights the challenges of balancing technological advancements with legal requirements in the rapidly evolving AI landscape.

OpenAI has suggested that users remove their personal data from ChatGPT's output, but NOYB argues that this approach does not align with GDPR rights. The risk of OpenAI facing a complaint for uncorrectable errors in several EU member states has increased, prompting the company to open a regional office in Dublin, likely to centralize privacy complaints through the Irish Data Protection Commission. As the investigation progresses, the Austrian DSB will examine OpenAI's data processing practices and determine whether the company must comply with GDPR requirements.

Key Takeaways

• OpenAI's ChatGPT faces EU privacy complaint for inaccurate personal data
• GDPR requires rectifying inaccurate data, but OpenAI claims it's impossible
• Complaint argues ChatGPT violates EU privacy laws, technology must comply
• Similar complaints filed in Poland and Italy, potential GDPR violations
• Outcome could reshape generative AI tools' operations in the EU