OpenAI faces privacy complaints over ChatGPT’s inability to correct personal data.
OpenAI’s highly popular chatbot ChatGPT has fueled the conversational AI boom of late 2022. However, its widespread use has also highlighted some pressing privacy issues that European regulators are now scrutinizing.
NOYB Files Complaint with Austrian Data Protection Authority
Advocacy group NOYB (None of Your Business) recently filed a complaint with Austria’s data protection authority targeting OpenAI’s handling of personal data through ChatGPT. The complaint centers around an incident where a public figure, the complainant in this case, asked ChatGPT about their birthday. Instead of being told the chatbot does not have the data, incorrect information was provided.
When the complainant requested OpenAI to rectify or erase the incorrect data, the company refused, stating it was impossible to correct data generated by its large language models. OpenAI also failed to disclose any details about the personal data processed by ChatGPT, its sources, or who the recipients may be – a violation of EU privacy rules according to NOYB.
Is ChatGPT Compliant with GDPR?
This latest privacy complaint raises severe questions regarding ChatGPT’s compliance with Europe’s stringent data protection laws. Under the EU’s GDPR, individuals have rights over their data, including correcting inaccurate information.
However, as NOYB points out, OpenAI claims it is technically impossible to correct errors made by ChatGPT regarding personal details. Suppose the system cannot ensure the accuracy and transparency of results involving individuals. In that case, it should not be used to generate such data in the first place, according to Maartje de Graaf, the NOYB lawyer handling the case.
OpenAI has acknowledged ChatGPT’s propensity to provide “plausible-sounding but incorrect or nonsensical answers” in the past, which it considers a problematic issue to resolve fully. However, EU privacy laws do not exempt technical challenges, and companies must demonstrate full compliance regardless.
Read also: Artificial Intelligence Tickets
History of Privacy Issues
ChatGPT’s first run was against European data protection rules. In early 2023, Italy’s data protection authority temporarily blocked access to the chatbot in the country after finding OpenAI violated GDPR transparency and consent requirements.
The regulator is still investigating the matter and issued a draft decision last January noting multiple likely infringements. Meanwhile, Poland’s data watchdog also opened a probe in September 2022 following a similar complaint that ChatGPT failed to rectify wrong personal information as required by law.
With the latest action from NOYB, OpenAI now faces privacy scrutiny from authorities in multiple EU nations. The company seems to be betting on Ireland’s leniency as its lead regulator due to a regional office opening in Dublin last fall. However, cooperating watchdogs can still take coordinated enforcement action under the GDPR.
Moving Forward with Generative AI and Privacy
ChatGPT has understandably pushed technical and policy boundaries as the first widely available generative AI system. However, OpenAI must now contend with the reality that EU privacy laws apply regardless of challenges. The company must implement strict safeguards for handling personal details to avoid sanctions like hefty fines that could reach 4% of global revenue.
More broadly, this complaint highlights the pressing need for technology developers and regulators to work together to define responsible, privacy-centric guidelines for applications of generative AI, especially those handling personal user data. Systems must demonstrate an ability to comply fully with regulations like the GDPR before entering the European market.
With the global adoption of strict privacy laws like GDPR, AI companies must now integrate privacy and security features into their products from the start. Only then can conversational AI and other generative technologies reach their full beneficial potential while properly respecting individual rights over personal information.
In the case of ChatGPT, OpenAI now faces a privacy complaint in Austria seeking to investigate whether the company has adequately addressed issues of personal data rectification and transparency. Depending on the outcome, more changes may be needed to align the popular AI assistant with Europe’s strict privacy standards to avoid disruptions or sanctions across the lucrative EU market.
