Artificial intelligence
Data protection officer: Complaint against OpenAI and ChatGPT
ChatGPT developer OpenAI is accused of denying people in Europe their rights under the GDPR. photo
© Matt Rourke/AP/dpa
It is well known that ChatGPT not only provides consistent facts. However, if the computer-based dialogue system spits out false information about people, it could violate European law.
The European data protection organization Noyb, together with an affected European citizen, has filed a data protection complaint against the ChatGPT provider OpenAI filed for violating the European General Data Protection Regulation (GDPR).
The organization, co-founded by data protection activist Max Schrems, accused OpenAI, among other things, of providing false information about personal data in the case of an unnamed “public figure” without granting the legally required possibility of correction or deletion.
Schrems had previously brought fear to the Facebook group Meta in two lawsuits and twice overturned important data agreements between the USA and Europe before the European Court of Justice.
Violation of the GDPR?
In the dispute with ChatGPT developer OpenAI, Noyb accuses the US company of denying people in Europe their rights under the GDPR. In the specific case, which also involved an incorrect date of birth, OpenAI argued that it was not possible to correct the data. You can block data for certain requests, such as the name of the celebrity. However, you cannot prevent ChatGPT from filtering all information about the complainant.
Noyb further accused OpenAI of not responding appropriately to the complainant’s request for information. Although the GDPR gives users the right to request a copy of all personal data, OpenAI failed to disclose the data processed, its sources or recipients.
Maartje de Graaf, data protection lawyer at Noyb, said the obligation to comply with a request for information applies to all companies. “It is of course possible to log the training data used to at least get an idea of the sources of information. It seems that with each ‘innovation’ another group of companies feels that their products do not have to comply with the law.”
Noyb and the person concerned have now called on the Austrian Data Protection Authority (DSB) to investigate OpenAI’s data processing practices. Of particular interest is the question of what measures the start-up has taken to ensure the accuracy of personal data. A fine must be imposed on OpenAI to ensure future compliance with the regulations.