Privacy complaint filed against OpenAI’s ChatGPT over alleged EU data breach

Microsoft-backed startup OpenAI on Monday found itself the target of a privacy complaint by advocacy group NOYB for allegedly not fixing incorrect information provided by its generative AI chatbot ChatGPT that may breach EU privacy rules.

ChatGPT, which kickstarted the GenAI boom in late 2022, can mimic human conversation and perform tasks such as creating summaries of long text, writing poems and even generating ideas for a theme party.

NOYB said the complainant in its case, who is also a public figure, asked ChatGPT about his birthday and was repeatedly provided incorrect information instead of the chatbot telling users that it does not have the necessary data.

The group said OpenAI refused the complainant’s request to rectify or erase the data, saying that it was not possible to correct data and that it also failed to disclose any information about the data processed, its sources or recipients.

NOYB said it had filed a complaint with the Austrian data protection authority asking it to investigate OpenAI’s data processing and the measures taken to ensure the accuracy of personal data processed by the company’s large language models.

“It’s clear that companies are currently unable to make chatbots like ChatGPT comply with EU law, when processing data about individuals,” Maartje de Graaf, NOYB data protection lawyer, said in a statement.

“If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals. The technology has to follow the legal requirements, not the other way around,” she said.

In the past, OpenAI has acknowledged the tool’s tendency to respond with “plausible-sounding but incorrect or nonsensical answers,” an issue it considers challenging to fix. Reuters