Poland Probes OpenAI’s ChatGPT for Data Processing

The Office for Personal Data Protection in Poland has opened an investigation into a complaint against OpenAI’s ChatGPT, which accuses the company of “illegal and unreliable” data processing.

Jan Nowak, president of the data protection office, stated in a statement released on September 20 that this is not the first time ChatGPT’s compliance with Europe’s data protection and privacy principles has been questioned.

The complaint alleges that OpenAI processes data in an unlawful and unreliable manner and that the rules governing its data collection and processing are opaque.

OpenAI did not comply with the applicant’s requests to exercise his rights under the European General Data Protection Regulation (GDPR).

According to the applicant, ChatGPT generated fraudulent information about him, and OpenAI did not honor his requests to exercise his rights under the GDPR.

Nowak conceded, however, that the proposed proceedings against OpenAI could be challenging due to the company’s location outside the European Union.

“The case involves the violation of numerous provisions on the protection of personal data, so we will ask Open AI to respond to several questions to conduct administrative proceedings thoroughly,” explained Nowak.

In the meantime, Jakub Groszkowski, vice president of the Polish office, stated that the allegations in the complaint cast doubt on OpenAI’s adherence to Europe’s data protection principles.

Consequently, the Office will elucidate these uncertainties, particularly in light of the GDPR’s fundamental principle of privacy by design, he added. This is not the first time OpenAI has violated European GDPR compliance.

In March, the Italian data protection authorities announced they were temporarily barring the artificial intelligence chatbot ChatGPT and opening an investigation into possible violations of data privacy regulations.

Additionally, the Italian data authority stated that there is a lack of information for users regarding OpenAI’s data collection.

German regulators reportedly demanded answers in April regarding the company’s intentions and ability to comply with the GDPR’s stringent data privacy laws.

The European Data Protection Board established an OpenAI-specific working group in the same month.