OpenAI’s ChatGPT accused of GDPR breaches

ChatGPT

OpenAI, the maker of ChatGPT, has been accused of a series of data protection breaches in a GDPR complaint filed by a privacy researcher. The complaint argues that OpenAI infringes EU privacy rules in areas such as lawful basis, transparency, fairness, data access rights, and privacy by design.

The Complaint

The complaint frames the new generative AI technology and its maker’s approach to developing and operating the viral tool as essentially a systematic breach of the pan-EU regime. It suggests that OpenAI has overlooked another requirement in the GDPR to undertake prior consultation with regulators (Article 36) — since, if it had conducted a proactive assessment that identified high risks to people’s rights unless mitigating measures were applied it should have given pause for thought.

Previous Concerns

This is not the first GDPR concern lobbed in ChatGPT’s direction. Italy’s privacy watchdog generated headlines after it ordered OpenAI to stop processing data locally — directing the US-based company to tackle a preliminary list of problems it identified in areas including lawful basis, information disclosures, user controls, and child safety.

Potential Consequences

If OpenAI’s alleged GDPR breach is confirmed, the company is looking at a fine of up to 4% annual turnover, or €20 million – whichever sum is greater. Neither OpenAI nor the Polish data watchdog have commented on

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: