ChatGPT’s Misinformation Woes Continue with Fresh GDPR Complaint
OpenAI is facing yet another privacy complaint in the European Union, this time over its AI chatbot ChatGPT’s inability to correct incorrect information about individuals. The complaint, filed by privacy rights nonprofit noyb on behalf of an individual complainant, highlights ChatGPT’s tendency to generate factually inaccurate information, putting it on a collision course with the EU’s strict General Data Protection Regulation (GDPR).
GDPR Compliance Issues
Under GDPR, individuals in the EU have the right to have erroneous personal data corrected. However, noyb contends that OpenAI is failing to comply with this obligation in respect of ChatGPT’s output. The company allegedly refused the complainant’s request to rectify the incorrect birth date, responding that it was technically impossible for it to do so.
In addition, noyb raises concerns about OpenAI’s transparency practices. The complaint alleges that OpenAI is unable to say where the data it generates on individuals comes from, nor what data the chatbot stores about people. This is significant because GDPR gives individuals the right to request such information through subject access requests (SARs).
Regulatory Action Across Europe
The complaint in Austria follows similar actions in Italy and Poland. The Italian data protection authority has an open investigation into ChatGPT, with a draft decision suggesting that OpenAI has violated the GDPR in several ways, including its handling of misinformation. The Polish data protection authority is also investigating ChatGPT following a complaint by a privacy and security researcher who was unable to have incorrect information about him corrected.
Enforcement Risk Escalates
With the latest GDPR complaint against ChatGPT, the risk of OpenAI facing a string of GDPR enforcements across different Member States has increased. Last fall, the company opened a regional office in Dublin to manage regulatory risk, but the recent complaints indicate that it may not be sufficient to shield it from enforcement actions.
Conclusion
The growing regulatory scrutiny of generative AI tools like ChatGPT highlights the need for companies to ensure that these technologies comply with applicable privacy laws. OpenAI will need to address the concerns raised in the GDPR complaints to avoid potential penalties and ensure that ChatGPT operates in compliance with EU regulations.
