OpenAI finds itself in the crosshairs of European privacy watchdogs once again as its AI chatbot, ChatGPT, becomes the subject of another GDPR complaint. This time, a privacy rights nonprofit, noyb, has filed a complaint on behalf of an individual complainant, alleging that ChatGPT fails to correct misinformation it generates about individuals, violating GDPR regulations.
The complaint, filed by noyb with the Austrian data protection authority, targets OpenAI's inability to rectify inaccurate information produced by ChatGPT. The AI chatbot generated an incorrect birth date for an unnamed public figure, prompting the complaint.
Under GDPR, individuals in the EU have the right to request the correction of erroneous data about them. However, OpenAI allegedly refused the complainant's request, claiming it was technically impossible to correct the misinformation.
OpenAI's privacy policy allows users to submit correction requests for "factually inaccurate information." However, the company warns that due to the technical complexity of its models, it may not be able to correct inaccuracies in every instance. Alternatively, users can request the removal of their personal information from ChatGPT's output.
The complaint also raises transparency concerns, as OpenAI reportedly failed to disclose the sources of the data it generates on individuals or what data the chatbot stores about people.
Commenting on the complaint, Maartje de Graaf, a data protection lawyer at noyb, emphasized the importance of accuracy and transparency in AI-generated data. She stated, "If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals. The technology has to follow the legal requirements, not the other way around."
OpenAI faces similar complaints in Poland and Italy, with local data protection authorities investigating ChatGPT's compliance with GDPR. In January, the Italian authority issued a draft decision, alleging several GDPR violations by OpenAI, including the chatbot's tendency to produce misinformation.
With another GDPR complaint filed against ChatGPT, OpenAI faces increased regulatory scrutiny and the risk of enforcement actions across multiple EU member states.
OpenAI's ChatGPT faces mounting GDPR complaints over its handling of user data and misinformation. As European privacy watchdogs intensify their scrutiny, the AI giant must address these regulatory concerns to ensure compliance with GDPR regulations.