Privacy rights group Noyb files GDRP complaint against OpenAI, challenging ChatGPT’s data accuracy and transparency

OpenAI is once again under scrutiny in the European Union. The tech giant, known for its advanced AI chatbot ChatGPT, faces a fresh privacy complaint. Privacy rights organization Noyb, representing an individual, argues that ChatGPT fails to correct incorrect personal data, violating the General Data Protection Regulation (GDPR).

The complaint was lodged with Austria’s data protection authority. It centres on ChatGPT’s inability to correct misinformation, such as a wrong birth date. Under GDPR, individuals hold the right to correct false information, a standard OpenAI allegedly did not meet.

Noyb criticizes OpenAI for its response to the complainant’s request for correction, which OpenAI claimed was technically infeasible. Instead, OpenAI proposed blocking or filtering the data on specific prompts. This action, according to No, does not fulfil GDPR requirements.

OpenAI offers a mechanism for users to request corrections or deletions of inaccurate information through their privacy policies. However, the organization warns of the technical difficulties in achieving this in every instance, suggesting that in some cases, the removal of personal information might be the only feasible option.

This complaint is part of a broader issue of GDPR compliance, where Noyb has also raised concerns about transparency. They claim that OpenAI fails to disclose the sources of its data or the details of its data storage, directly contradicting GDPR’s mandate for clear data processing visibility.

Maartje de Graaf, a data protection lawyer at Noyb, emphasized the serious implications of generating incorrect data about individuals. She stated, “If a system cannot produce accurate and transparent results, it should not be used to generate data about individuals.” She advocates for technology to comply with legal standards, not the other way around.

The GDPR’s strict regulations on data privacy allow for heavy penalties, potentially reaching up to 4% of a company’s global annual turnover. With GDPR enforcement, European regulators could significantly alter how AI tools like ChatGPT operate within the EU.

This isn’t the first GDPR challenge OpenAI has faced. Similar issues have arisen in other EU countries, including a significant investigation in Poland and ongoing scrutiny by the Italian data protection authority, which previously forced a temporary shutdown of ChatGPT in Italy in 2023.

As the Austrian data protection authority takes up this latest case, the implications for OpenAI could extend across the EU, especially since OpenAI has sought to consolidate its EU regulatory dealings through its Dublin office, leveraging GDPR mechanisms for managing cross-border complaints