The EU has received another privacy complaint against OpenAI, initiated by the privacy advocacy group noyb for an individual, alleging that OpenAI’s AI-generated chatbot ChatGPT disseminates false information about people without a mechanism to correct it.
Generative AI tools are increasingly noted for their potential to churn out incorrect data. This issue aligns the technology with a direct conflict against the European Union’s General Data Protection Regulation (GDPR) that mandates strict guidelines on the processing of personal data of EU residents.
Fines for not adhering to GDPR can be as high as 4% of a company’s worldwide annual revenue. More crucial for a tech titan like OpenAI, data protection authorities have the power to mandate alterations in data handling processes, meaning GDPR compliance could majorly influence the operation of AI tools in the EU.
Following an intervention from Italy’s data protection watchdog, leading to a swift halt of ChatGPT operations in Italy in 2023, OpenAI had to implement modifications to comply with GDPR.
Noyb has now lodged a new GDPR violation complaint with the Austrian data protection authority on behalf of a “public figure” who claims ChatGPT incorrectly listed their date of birth. This move challenges OpenAI’s adherence to GDPR’s mandates, particularly the right of EU citizens to correct false information about themselves. noyb argues that OpenAI refused a request to amend the inaccurate birthday, citing technical challenges.
OpenAI’s refusal was framed as a technical limitation, offering instead to limit or prevent the production of the data based on specific triggers, like the individual’s name.
According to OpenAI’s privacy policy, users can raise a “correction request” for any untrue information produced by its AI chatbot through their privacy portal or via email. Nevertheless, it also indicates that due to the complexity of AI models, not all inaccuracies can be corrected.
For issues beyond correction, OpenAI advises users to request the removal of their personal data entirely from ChatGPT’s responses through a specified web form. However, GDPR does not permit a selective application of rights, as noyb highlights, stressing that EU residents have unequivocal rights to both correction and deletion.
Further, the complaint delves into GDPR’s transparency prerequisites, with noyb questioning Openai’s clarity on data origins and storage specifics related to individuals. The regulation entitles individuals to access information about the data processed about them through a subject access request (SAR), a request noyb claims OpenAI didn’t satisfactorily fulfill.
Maartje de Graaf, a data protection lawyer with noyb, emphasized the dilemma of AI generating false data about individuals, stipulating that AI chatbots like ChatGPT must align with EU legal standards if they process individuals’ data. Non-compliance suggests that the technology cannot be used legally for data generation about individuals.
The organization is urging the Austrian DPA to not only investigate but also impose penalties on OpenAI for data processing violations, highlighting the anticipation of collaborative enforcement actions within the EU.
Simultaneously, OpenAI faces a comparably structured complaint in Poland for similar transparency and information correction failures. And in Italy, the data protection authority’s ongoing investigation into ChatGPT underscores potential GDPR breaches, including the issue of misinformation generation.
The conclusion of the Italian authority’s inquiry is impending, after which OpenAI was given a month to respond to the discovered GDPR violations. This accumulates the pressure from multiple GDPR complaints across the EU, notably after OpenAI established a regional headquarters in Dublin, possibly in an effort to mitigate regulatory risks by centralizing the addressal of privacy complaints through Ireland’s Data Protection Commission.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
