Data protection activists accuse ChatGPT of GDPR breach

European privacy rights group noyb filed a complaint against OpenAI with the Austrian Data Protection Authority on Monday, accusing the company of breaching the European Union’s General Data Protection Regulation (GDPR).

The EU’s strict privacy rules require that companies allow individuals access to personal information held about them, as well as ensuring that such data is accurate. This requires a long audit trail to every piece of information stored about European citizens. When it comes to AI-generated content, such trails often go cold.

With regard to information generated by ChatGPT, noyb alleges there is no legal redress for so-called “hallucinations,” or wrong answers provided by artificial intelligence (AI) large language models, when it comes to personal information. In some cases, these errors can be dramatic, as when journalist Tony Polanco learned from ChatGPT that he was dead. (A year after Polanco’s discovery, ChatGPT is still repeating the error, and he is still filing stories.)