The Office for Personal Data Protection in Poland has initiated an investigation into OpenAI’s ChatGPT following a complaint that accuses the company of engaging in “illegal and unreliable” data processing. The complaint concerns OpenAI’s compliance with Europe’s data protection and privacy principles. Jan Nowak, the president of the data protection office, released a statement on September 20, acknowledging that this is not the first time ChatGPT’s data handling practices have come under scrutiny.
The complaint alleges that OpenAI’s data processing methods are unlawful and unreliable, and its data collection and processing rules are opaque. Furthermore, OpenAI is accused of failing to comply with requests made by the complainant to exercise their rights under the European General Data Protection Regulation (GDPR).
Allegations of fraudulent information
One of the central allegations in the complaint is that ChatGPT generated fraudulent information about the complainant. This raises concerns about the accuracy and integrity of the data processing conducted by OpenAI. It is claimed that OpenAI did not honor the complainant’s requests to exercise their rights under the GDPR, further fueling the controversy.
International jurisdiction challenges
A significant challenge that arises in this case is the international jurisdiction of OpenAI. The company is headquartered outside the European Union, which could complicate the legal proceedings. President Jan Nowak acknowledges this challenge and emphasizes the need for a thorough administrative investigation due to the potential violation of numerous provisions on protecting personal data.
Nowak stated, ‘The case involves the violation of numerous provisions on the protection of personal data, so we will ask Open AI to respond to several questions to conduct administrative proceedings thoroughly.'”
Doubts on OpenAI’s data protection principles
Jakub Groszkowski, vice president of the Polish office, expressed concerns about OpenAI’s adherence to Europe’s data protection principles. The allegations in the complaint have cast doubt on whether the company complies with the fundamental principle of privacy by design, a key element of the GDPR.
Groszkowski commented, “The allegations in the complaint cast doubt on OpenAI’s adherence to Europe’s data protection principles. Consequently, the Office will elucidate these uncertainties, particularly in light of the GDPR’s fundamental principle of privacy by design.”
Previous GDPR violations
This is not the first time OpenAI has faced scrutiny over its compliance with European GDPR. In March, Italian data protection authorities temporarily barred the artificial intelligence chatbot ChatGPT and opened an investigation into potential violations of data privacy regulations. The Italian authorities also noted a lack of information provided to users regarding OpenAI’s data collection practices.
In April, German regulators demanded answers from OpenAI regarding the company’s intentions and its ability to comply with the stringent data privacy laws mandated by the GDPR.
OpenAI’s ChatGPT is again under investigation, this time in Poland, following allegations of illegal and unreliable data processing. The complaint not only accuses OpenAI of generating fraudulent information but also highlights concerns about transparency and compliance with European data protection principles. The international jurisdiction of the company poses a challenge to the proceedings, but the Polish data protection office is committed to conducting a thorough investigation. This case serves as a reminder of the ongoing challenges that AI companies face in ensuring compliance with strict data privacy regulations, such as the GDPR, within the European Union.
