Eplly is Your Ultimate Source for the Latest News, Science, Health, Fashion, Education, Family, Music and Movies.
—— 《 Eplly • Com 》
OpenAI violated EU privacy and transparency law, complaint alleges
Views: 3454
2023-09-01 03:23
OpenAI allegedly violated European privacy laws in a bunch of different ways according to a

OpenAI allegedly violated European privacy laws in a bunch of different ways according to a complaint filed in Poland.

On Tuesday, cybersecurity and privacy researcher Lukasz Olejnik filed a complaint with the Polish Data Protection Authorities, for breach of the European Union's sweeping General Data Protection Regulation (GDPR). Olejnik, who is represented by Warsaw-based law firm GP Partners, alleges OpenAI violated several of the GDPR's provisions regarding lawful basis, transparency, fairness, data access rights, and privacy by design, according to TechCrunch which reviewed the 17-page complaint.

This complaint is one of several legal issues OpenAI is now confronted with, both abroad and in the U.S., where it's based. In June, OpenAI was hit with a class-action lawsuit by a California law firm for allegedly training ChatGPT with "stolen" data. A few months earlier, Italy banned ChatGPT until it could comply with the EU's strict data privacy laws.

SEE ALSO: The FTC is investigating OpenAI for potential consumer harms

This particular complaint all started in March of 2023 when Olejnik was using ChatGPT to generate a biography of himself and noticed several errors. Olejnik contacted OpenAI and requested to rectify the errors. He also asked for information about how his personal information was processed and used for training the model. Per GDPR law, Olejnik is entitled to receive information about both of these requests, but after some email back-and-forth, OpenAI told him they couldn't correct the inaccuracies and didn't send him all the information he requested.

Since the GDPR requires use of personal data to be fair and transparent in addition to a lawful, OpenAI's vague and convoluted data policy may be a violation in itself. "From the facts of the case, it appears that OpenAI systemically ignores the provisions of the GDPR regarding the processing of data for the purposes of training models within ChatGPT, a result of which, among other things, was that Mr. Lukasz Olejnik was not properly informed about the processing of his personal data," said the complaint.

So what might actually happen with this complaint? It could take six months to two years for the Polish authorities to investigate the violation and if they decide in Olejnik's favor, OpenAI will be ordered to follow through on his requests. But Ojejnik's lawyer Maciej Gawronski hopes his client's complaint will spur the authorities to probe deeper into OpenAI's alleged violations, which he believes are systemic.