OpenAI Faces GDPR Complaint Over Data Handling
OpenAI, the creator of ChatGPT, finds itself embroiled in a complaint regarding alleged data protection breaches in accordance with the European Union’s General Data Protection Regulation (GDPR). This complaint has been filed by a privacy researcher and has raised concerns about OpenAI’s adherence to GDPR regulations.
The complaint, directed against OpenAI, has been submitted to the Polish data protection authority, as reported by TechCrunch. It alleges that OpenAI has violated GDPR by infringing upon principles related to transparency, fairness, data access rights, and privacy.
Furthermore, the complaint accuses OpenAI of acting in an “untrustworthy, dishonest, and perhaps unconscientious manner” by failing to provide comprehensive details about how it processes individuals’ data.
This 17-page complaint was prepared by Lukasz Olejnik, a security and privacy researcher, who is being represented by the Warsaw-based law firm GP Partners. Olejnik’s concerns arose when he used ChatGPT to generate a biography of himself, which contained errors. He reached out to OpenAI to point out these inaccuracies and to request the correction of erroneous information. Additionally, he requested access to the data OpenAI had processed, as allowed by GDPR when data has been obtained from sources other than the individuals themselves.
Moreover, the complaint underscores what it perceives as a total violation of GDPR’s principle of data protection by design and default.
It’s worth noting that in April, OpenAI reinstated access to the ChatGPT service in Italy, following a ban imposed by the country’s data protection authority due to concerns related to user data.