Nonprofit–NOYB–has filed a complaint with the Austrian Data Protection Authority (DPA) against OpenAI, on behalf of a ‘public figure’, claiming ChatGPT gave him incorrect information.
When OpenAI was asked to correct or remove this misinformation, they said it was ‘technically impossible’ and also failed, when asked, to disclose information about how the data was processed, instead offering to simply filter or block data on certain prompts, related to the complainant.
Under GDPR law, people in the EU have rights about their personal information, including a right to have incorrect data, corrected. So, OpenAI’s refusal to remove or rectify the complainant's information seems to be a direct breach of GDPR law.
This follows a similar case in Poland, where the Polish DPA launched an investigation into ChatGPT, after OpenAI also refused to correct personal misinformation following a complaint by a privacy and security researcher.
Italy’s DPA also temporarily shut down ChatGPT after it found OpenAI had violated GDPR laws in numerous easy, including producing misinformation about people and how it processes personal data. This investigation is still ongoing, and a decision is pending.
If OpenAI is found guilty, the penalty for failure to comply with GDPR laws can reach up to 4% of its global annual turnover, and data protection regulators can also order them to change how information is processed, which could reshape how it operates in Europe.