After more than a year of deliberation, a task force dedicated to data protection within the European Union (EU) has presented its initial findings on how its data protection rules apply to OpenAI's popular chatbot, ChatGPT.
This illustration photograph taken on October 30, 2023, shows the logo of ChatGPT, a language model-based chatbot developed by OpenAI, on a smartphone in Mulhouse, eastern France. (Photo : SEBASTIEN BOZON/AFP via Getty Images)
EU Task Force Deliberates Compliance of OpenAI
The task force report's key takeaway is that crucial legal matters, such as the fairness and lawfulness of OpenAI's data processing, are still under consideration, leaving decisions pending.
Addressing this matter is crucial because penalties for proven breaches of the bloc's privacy regulations could amount to as much as 4% of the company's global annual revenue.
According to TechCrunch, regulatory authorities also have the authority to halt any non-compliant data processing activities. Consequently, OpenAI potentially faces significant regulatory challenges within the region, especially since specific laws governing AI are still scarce, and even within the EU, full implementation is years away.
In the absence of clear guidance from EU data protection authorities regarding the application of existing data protection laws to ChatGPT, OpenAI is likely to maintain its regular operations with confidence.
Despite facing increasing complaints alleging violations of different aspects of the bloc's General Data Protection Regulation (GDPR), the company is poised to proceed as usual.
In a recent development, Poland's data protection authority (DPA) initiated an investigation based on a complaint regarding the chatbot's fabrication of information about an individual and its refusal to rectify the inaccuracies.
Similarly, Austria has also recently received a comparable complaint. ChatGPT's operations resumed in Italy after OpenAI implemented alterations to the information and user controls, as requested by the DPA.
However, the Italian inquiry into the chatbot, addressing critical matters such as the legal grounds asserted by OpenAI for data processing to train its AI models, remains ongoing. The tool remains entangled in legal uncertainty within the EU.
The Irish regulatory body has been recognized for its lenient stance toward enforcing the GDPR on major technology companies. It suggests that "Big AI" entities could potentially be the next beneficiaries of Dublin's favorable interpretation of the EU's data protection regulations.
The GDPR is applicable whenever personal data is gathered and handled, a task that large language models (LLMs) such as OpenAI's GPT, the AI architecture powering ChatGPT, undeniably perform on a massive scale.
They achieve this by extracting data from the public internet for model training, including extracting individuals' posts from social media platforms. Furthermore, the EU regulation grants DPAs the authority to compel the cessation of any processing that fails to comply.
Should GDPR enforcers decide to exercise this authority, it could serve as a potent tool in shaping the operational landscape of the AI powerhouse behind ChatGPT within the region.
