Poland’s data protection watchdog, the Personal Data Protection Office (UODO), has launched an investigation into OpenAI’s ChatGPT following accusations of GDPR breaches. The case was initiated after an unnamed complainant alleged that ChatGPT generated false information about them and failed to correct it upon request.
Poland Investigates ChatGPT for Alleged Data Privacy Breach
Complainant’s Allegations
The complainant raised several concerns, including:
- ChatGPT generated false information about them.
- OpenAI did not proceed with the required correction following a formal request.
- The complainant was unable to find which of their personal data was processed by the company.
- They received “evasive, misleading, and internally contradictory” answers to their questions.
Previous Issues with ChatGPT
This is not the first time OpenAI’s ChatGPT has faced scrutiny over data privacy concerns. In March 2023, Italy became the first Western country to impose a temporary ban on ChatGPT after its data protection agency accused the company of “unlawful” collection of personal data and the absence of an age verification system for minors. In the same month, the European Consumer Organisation (BEUC) called for EU and national authorities to investigate OpenAI’s system.
Potential Consequences
If the UODO finds OpenAI in violation of GDPR regulations, the company could face significant fines and penalties. GDPR non-compliance can result in fines of up to €20 million or 4% of a company’s annual global turnover, whichever is higher.
OpenAI’s Response
OpenAI has not yet released an official statement regarding the investigation. However, the company will likely need to address the allegations and demonstrate its compliance with GDPR regulations to avoid potential penalties.
Implications for AI and Data Privacy
The investigation into ChatGPT highlights the growing concerns surrounding AI and data privacy. As AI systems become more advanced and integrated into various aspects of daily life, ensuring compliance with data protection regulations will be crucial for companies developing and deploying these technologies. The outcome of this case could set a precedent for future investigations and regulatory actions involving AI systems and data privacy.
