Site icon

GDPR, Privacy, and OpenAI

Generative AI is in the news, as usual. However, one of the big pushes we’re seeing lately is how the practices used by AI providers like OpenAI may violate user privacy. 

This, of course, is a big no-no for jurisdictions like the EU. 

Here, we’re dipping into the world of AI to talk about the latest complaint against OpenAI and how this speaks to privacy and GDPR compliance issues. 

 

The Tense History of ChatGPT in the EU

One of the big unknowns for users of ChatGPT (and non-users who might work with platforms in partnership with OpenAI) is how training data is collected and used to power the large language models (LLMs).

Some concerns over these unknowns have repeatedly arisen in the EU, where GDPR is the law of the land. IN 2023, Garante (the Italian data protection watchdog) filed a GDPR complaint against OpenAI, claiming that the company unlawfully used consumer data to power the service. The Italian authorities briefly shut down the service in that country until OpenAI provided more control for users to opt out of training models and better control access to the tool based on age.

Now, privacy advocacy group noyb is filing a GDPR complaint against OpenAI, claiming that the ChatGPT service provides provably false information through “AI hallucinations” and that the organization cannot explain where this information comes from. Their complaint insists that this presents a violation of GDPR in that it denies data privacy rights to EU citizens. 

Why Is AI a Threat to Data Privacy?

It’s not entirely clear how AI threatens data privacy outside the company’s (OpenAI) actions and their relationship with consumers. But generative AI presents several significant challenges that can undermine an individual’s privacy:

AI poses several threats to data privacy, primarily due to its capacity to collect, analyze, and generate insights from vast amounts of data. Here are some of the key concerns:

 

Why Are OpenAI and ChatGPT an Issue for GDPR?

OpenAI, like any organization operating in or servicing clients in the European Union, must comply with GDPR. 

Here are some potential areas where AI technologies, including those developed by companies like OpenAI, might face challenges with GDPR compliance:

 

Does GDPR Compliance Rule Out Using AI?

The short answer is no. 

The longer answer is that generative AI in GDPR jurisdiction will require businesses to follow privacy and processing rules, as in any other situation. Closed-system and vetted AI models that support privacy are still viable technologies under GDPR. 

More importantly, it’s still up to the organization to ensure that consumers have the right to address their data, see it, and have it changed or deleted as needed. 

 

Lazarus Alliance and A.ITAM: AI for Compliance

We’re moving forward with an innovative, secure, proprietary AI system that streamlines compliance and technical writing through our cloud platform, Continuum GRC. To learn more, contact us

[wpforms id=”137574″]

Exit mobile version