“ChatGPT is amazing, and not even OpenAI can stop it” : Noyb, an association for the protection of private life, announced on April 29 that it had filed a complaint against OpenAI with the Austrian data protection authority (DSB). The cause is the start-up's inaction on correcting certain personal information provided by its ChatGPT service.
Inaccurate personal data, without possible rectification
Noyb asked ChatGPT about the birthdate of the association's founder, Max Schrems. The chatbot then repeatedly gave him incorrect information rather than indicating that it did not have the necessary data. “OpenAI refused his request to rectify or delete the data, explaining that it was not possible to correct the data (…), adds Noyb. OpenAI has not communicated any information about the data processed, their sources or their recipients.”
Advertisement
For the association, leaving inaccurate personal data online violates three articles of the GDPR. Article 5 states that “personal data must be accurate and, if necessary, kept up to date”. Article 16 states that individuals have a right to rectification and deletion of false information in the event of inaccuracy of personal data. Finally, Article 15 provides that companies must be able to show the data held by individuals, and the sources used.
Noyb wants the Austrian CNIL to fine OpenAI
“Inventing false information is in itself quite problematiccriticizes Maartje de Graaf, lawyer specializing in data protection, in the press release. But when it comes to false information about individuals, the consequences can be serious. Companies are currently unable to ensure that chatbots like ChatGPT comply with EU law when processing data about individuals.”
The association is calling on the DSB to investigate both OpenAI's data processing and the measures taken to ensure the accuracy of personal data. She also hopes that the start-up complies with the complainant's access request and complies with the GDPR, and that it imposes a fine to ensure compliance with these obligations.
ChatGPT had already been banned in Italy for a month
In recent months, Noyb (none of your business) has increased complaints against tech giants. In December, she filed a complaint against the social network X (formerly Twitter) for having used the sensitive data of its users to broadcast an advertising campaign led by the European Commission. A month later, the association denounced, for the second time, Meta's practices on its subscription allowing users to browse Facebook without advertising.
Advertisement
Noyb was also behind Meta's fine of 1.2 billion euros last year. The Irish data protection authority criticized the firm for having transferred the personal data of its European customers to the United States.
In March 2023, the Italian data protection authority announced the suspension of ChatGPT in the country for violating the GDPR. Above all, she accused the Californian start-up of not giving enough information to users on how the data was collected, and observed a “lack of legal basis justifying the massive collection and storage of personal data”. The conversational agent was authorized again a month later, after certain modifications by OpenAI.
Do you want to keep up to date with the latest news in the artificial intelligence sector? Register for free to the IA Insider newsletter.
Selected for you