OpenAI, the parent company of AI chatbot ChatGPT, is once again in the hot seat. The Polish Office for Personal Data Protection (UODO) has confirmed it’s conducting an investigation into the company, following a complaint filed by privacy and security researcher Lukasz Olejnik. The complaint accuses OpenAI of numerous violations of the EU’s General Data Protection Regulation (GDPR). Quite notably, this isn’t the first time the AI giant has faced such scrutiny.
The complaint was sparked when OpenAI failed to correct incorrect personal data in a biography ChatGPT generated about Olejnik. Despite a request from Olejnik to correct the data, OpenAI claimed it couldn’t do so. An ensuing subject access request was also allegedly mishandled, leading Olejnik to accuse OpenAI of providing evasive, misleading, and contradictory responses. The complaint also raises concerns about how ChatGPT has been trained on masses of natural language data, including information about living people, without their knowledge or consent.
The UODO expects the investigation to be challenging, given that OpenAI is based outside the EU and uses groundbreaking generative AI chatbot technology. This case could be significant in shaping how generative AI develops, as it tests OpenAI’s GDPR compliance across a number of areas. These regulations require a lawful basis for data collection and processing, transparency and fairness in handling data, and respect for data access rights.
This isn’t the only regulatory issue OpenAI is facing in the EU. Italy’s Data Protection Authority (DPA) has already intervened this year, resulting in a temporary suspension of ChatGPT in the country. Meanwhile, Spain’s DPA has opened a probe, and a taskforce via the European Data Protection Board is considering how to respond to AI chatbot technology. All eyes are now on OpenAI to see how it will address these growing concerns.