Poland probing OpenAI, ChatGPT following GDPR complaint


Poland’s Office for Personal Data Protection has opened an investigation into a complaint against OpenAI’s ChatGPT, with an unnamed applicant accusing the firm of processing data in an “unlawful, unreliable manner.”

In a statement on Sept. 20, Jan Nowak, president of the data protection office said this was not the first time doubts have been cast on ChatGPT’s compliance with Europe’s principles of data protection and privacy. 

The complaint accuses OpenAI of processing data in an unlawful and unreliable manner, and that the rules on which it gathers and processes data are not transparent.

The applicant said in his case, ChatGPT generated false information about him, and his demands for the exercise of rights under the European General Data Protection Regulation (GDPR) were not met by OpenAI. 

Nowak however conceded that the proposed proceedings against OpenAI could be diffcult, as it concerns a company located outside the European Union. 

“The case concerns the violation of many provisions on the protection of personal data, which is why we will ask Open AI to answer a number of questions in order to be able to thoroughly conduct administrative proceedings,” said Nowak.

Meanwhile, Jakub Groszkowski, deputy president of the Polish office said the allegations in the complaint raise doubts as to OpenAI’s approach to Europe’s principles on personal data protection.

The Office will therefore clarify these doubts, in particular against the background of the fundamental principle of privacy by design contained in the GDPR, he added. 

Related: German regulators launch inquiry into ChatGPT GDPR compliance

This is not the first time OpenAI has seemingly run afoul of European GDPR compliance. 

In March, Italian authorities in charge of data protection announced that it is temporarily blocking the artificial intelligence chatbot, ChatGPT, and opening an investigation over suspected breaches of data privacy rules.

The Italian data watchdog also said there is a lack of information for users regarding data collected by OpenAI.

In April, regulators in Germany reportedly demanded answers concerning the company’s intentions and ability to comply with the strict data privacy laws enshrined in the EU’s GDPR.

The same month saw the European Data Protection Board set up a special working group concerning OpenAI.

Cointelegraph reached out to OpenAI but did not receive an immediate response. 

AI Eye: Real uses for AI in crypto, Google’s GPT-4 rival, AI edge for bad employees