Vienna, Austria – An individual complainant has filed a privacy complaint against OpenAI, a leading artificial intelligence company, in the European Union. The complaint, lodged by privacy rights nonprofit noyb, specifically targets the AI chatbot ChatGPT for its inability to correct misinformation it generates about individuals.
The issue of AI tools producing inaccurate information has been well-documented, setting the technology on a collision course with the bloc’s General Data Protection Regulation (GDPR), which dictates how personal data of regional users can be processed.
Non-compliance with the GDPR can result in penalties of up to 4% of global annual turnover, with data protection regulators having the authority to mandate changes in information processing. This enforcement could potentially reshape how generative AI tools operate within the EU.
OpenAI had previously faced regulatory action after Italy’s data protection authority intervened, leading to a temporary shutdown of ChatGPT in the country. Now, noyb is taking legal action against ChatGPT with the Austrian data protection authority on behalf of a complainant who received incorrect information from the AI chatbot.
Under GDPR regulations, individuals in the EU have the right to have erroneous data corrected. noyb argues that OpenAI has failed to comply with this obligation by refusing to rectify inaccurate information generated by ChatGPT. Instead, OpenAI offered to filter or block specific data on request, indicating technical limitations in correcting inaccuracies.
The company’s privacy policy allows users to request corrections for factually inaccurate information generated by the AI chatbot. However, OpenAI acknowledges the technical complexities involved and notes that not all inaccuracies can be corrected.
noyb’s complaint also highlights transparency concerns, accusing OpenAI of lacking clarity on the sources and processing of data generated by ChatGPT. The organization asserts that OpenAI did not adequately respond to the complainant’s request for information on data processing.
In response to the complaint, OpenAI stated that it is working to resolve the issue with the Austrian DPA and aims to ensure future compliance. However, the company acknowledges the likelihood of the case being addressed through EU cooperation.
With similar complaints against OpenAI in other EU Member States, the company faces the risk of multiple GDPR enforcement actions. Italy and Poland are among the countries where OpenAI’s data processing practices are under investigation, with pending decisions on potential violations of the GDPR.
The ongoing challenges with compliance highlight the complexities in managing AI technologies within regulatory frameworks. As OpenAI navigates these legal hurdles, the company’s operations and future developments will likely be influenced by EU data protection regulations.
