The technology has to be compliant with the GDPR
The Personal Data Protection Office is handling a complaint on ChatGPT, in which the complainant accuses the tool's creator, OpenAI, of, among other things, processing data in an unlawful, unreliable manner and that the rules on which this is done are not transparent.
The proceedings will certainly be one of the difficult ones, it concerns a company located outside the European Union, and ChatGPT itself is a new and in fact still undiscovered - also for new technology researchers - tool using generative artificial intelligence.
– “The case involves the breach of a number of data protection provisions, so we will ask Open AI to answer a number of questions in order to be able to thoroughly conduct administrative proceedings” – says Jan Nowak, President of the Polish supervisory authority. He assures that the Office is taking the matter very seriously. And he adds that these are not the first doubts as to ChatGPT's compliance with European data protection and privacy rules. – “The European Data Protection Board has set up a special working group on OpenAI” – Jan Nowak points out.
In the complaint sent to the Polish supervisory authority, we also read that the company did not fulfil its information obligation towards the complainant. It acquired this person's data in 2021. And according to the complainant, the information obligation should have already been fulfilled at the stage of processing of data acquired for the training of artificial intelligence language models. The company also failed to inform the complainant of the source of the data on him or of the recipients or categories of recipients of those data.
The complainant requests that the Personal Data Protection Office not only oblige OpenAI to properly exercise its rights under the GDPR, but also examine the compliance of OpenAI's ChatGPT personal data processing model with data protection regulations.
Jakub Groszkowski, Deputy President of the Personal Data Protection Office, points out that artificial intelligence technology, in this case the so-called large model language (LLM), has entered the commercial stage and into widespread use. In his opinion, there is no doubt that this is a breakthrough technology and a watershed moment. – “The development of new technologies has to respect the rights of individuals under, inter alia, the GDPR. It is the task of the European data protection authorities to protect EU citizens from the negative effects of information processing technologies”, notes Jakub Groszkowski.
He adds that the allegations in the complaint raise doubts about OpenAI's systemic approach to european data protection principles. The Office will therefore clarify these doubts, in particular against the background of the fundamental principle of privacy by design contained in the GDPR.