ChatGPT Faces Privacy Complaint in Austria Over Alleged GDPR Violations

OpenAI, the company behind the wildly popular AI chatbot ChatGPT, is facing a privacy complaint in Austria over alleged violations of the European Union's General Data Protection Regulation (GDPR).

The complaint was filed on April 29th by NOYB, a non-profit privacy advocacy group, which has asked Austria's data protection authority to investigate OpenAI's practices.

NOYB claims that OpenAI is breaching GDPR requirements by being unable to correct false personal information generated by ChatGPT about individuals. Under GDPR, citizens have the right to access personal data companies hold about them and to have inaccurate information corrected.

However, according to NOYB, OpenAI cannot specify what personal data ChatGPT stores or even the sources of the data used to train the AI model.

"Making up false information is quite problematic in itself. But when it comes to false information about individuals, there can be serious consequences," said Maartje de Graaf, a data protection lawyer at NOYB. "If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals."

The privacy group also alleges that OpenAI has failed to respond to data access requests, another GDPR violation requiring companies to provide details on what personal data they hold upon request.

The complaint represents another challenge for OpenAI as concerns grow over the potential risks posed by generative AI systems like ChatGPT amid a lack of clear regulations.

Since its launch in November 2022, ChatGPT has amassed over 180 million users worldwide, sparking intense debate over AI's uses and dangers, from copyright infringement to creating deepfakes.

OpenAI is already under investigation by Italian privacy authorities over data breach concerns. The EU's data protection authorities have also formed a task force to coordinate enforcement actions related to ChatGPT.

The company's $10 billion investment deal with Microsoft is also being scrutinized by the European Commission over potential antitrust issues.

As AI capabilities rapidly advance, the NOYB complaint underscores growing calls for stronger legal guardrails to uphold privacy rights and ensure accountability for potential harms caused by the technology.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.