The complaint could lead to a fine for OpenAI, with GDPR's fine framework allowing for a penalty of up to four percent of an organization's total global turnover of the preceding fiscal year, depending on the severity of the breach. This is not the first time AI models have faced issues with privacy laws, with a 2023 paper highlighting the problem and Italy imposing a temporary restriction on the use of ChatGPT over data privacy concerns earlier in the same year.
Key takeaways:
- Privacy activist group noyb has filed a complaint against OpenAI, alleging that its ChatGPT service violates GDPR rules as it cannot correct inaccurate information.
- The complaint was filed with the Austrian data protection authority and alleges that ChatGPT provided an incorrect date of birth for a public figure and there was no way to correct this.
- According to GDPR, personal data must be accurate and individuals have the right to have it changed if it is inaccurate. Noyb argues that if a system like ChatGPT cannot produce accurate and transparent results, it should not be used to generate data about individuals.
- The complaint was filed in Austria, but noyb expects it to be forwarded to the Irish authority since OpenAI is located there. A fine is also a possibility, with penalties under GDPR potentially reaching up to four percent of an organization's total global turnover of the preceding fiscal year.