OpenAI, the maker of ChatGPT, has been accused of a series of data protection breaches in a GDPR complaint filed by a privacy researcher. The complaint argues that OpenAI infringes EU privacy rules in areas such as lawful basis, transparency, fairness, data access rights, and privacy by design.
The Complaint
The complaint frames the new generative AI technology and its maker’s approach to developing and operating the viral tool as essentially a systematic breach of the pan-EU regime. It suggests that OpenAI has overlooked another requirement in the GDPR to undertake prior consultation with regulators (Article 36) — since, if it had conducted a proactive assessment that identified high risks to people’s rights unless mitigating measures were applied it should have given pause for thought.
Previous Concerns
This is not the first GDPR concern lobbed in ChatGPT’s direction. Italy’s privacy watchdog generated headlines after it ordered OpenAI to stop processing data locally — directing the US-based company to tackle a preliminary list of problems it identified in areas including lawful basis, information disclosures, user controls, and child safety.
Potential Consequences
If OpenAI’s alleged GDPR breach is confirmed, the company is looking at a fine of up to 4% annual turnover, or €20 million – whichever sum is greater. Neither OpenAI nor the Polish data watchdog have commented on
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: