ChatGPT provides false information about people, and OpenAI can’t correct it

🌈 Abstract

The article discusses the issues surrounding the inaccuracy and lack of transparency of ChatGPT, OpenAI's large language model, in relation to the EU's GDPR (General Data Protection Regulation) requirements.

🙋 Q&A

[01] The GDPR and ChatGPT's Inaccuracy

1. What are the GDPR requirements regarding information about individuals?

• The GDPR requires that information about individuals is accurate and that they have full access to the information stored, as well as information about the source.

2. What is the issue with ChatGPT's accuracy?

• OpenAI openly admits that it is unable to correct incorrect information generated by ChatGPT.
• OpenAI cannot say where the data used by ChatGPT comes from or what data ChatGPT stores about individual people.
• ChatGPT is known to "hallucinate" and make up answers, which can lead to inaccurate information about individuals.

3. What are the legal implications of ChatGPT's inaccuracy?

• Under the GDPR, personal data must be accurate, and individuals have the right to rectification and deletion of false information.
• Companies must be able to show which data they hold on individuals and what the sources are, as per the GDPR's "right to access" provision.
• Generating false information about individuals is problematic and can have serious consequences.

[02] Complaint Against OpenAI

1. What actions have been taken against OpenAI?

• The privacy group noyb has filed a complaint against OpenAI with the Austrian data protection authority (DSB).
• The complaint requests the DSB to investigate OpenAI's data processing and the measures taken to ensure the accuracy of personal data, as well as to order OpenAI to comply with the complainant's access request and bring its processing in line with the GDPR.
• The complaint also requests the DSB to impose a fine to ensure future compliance.

2. How has OpenAI responded to the complainant's requests?

• OpenAI refused the complainant's request to rectify or erase the incorrect data about his birthday, arguing that it was not possible to correct the data.
• OpenAI also failed to adequately respond to the complainant's access request, not disclosing any information about the data processed, its sources, or recipients.

3. What is the status of regulatory efforts regarding ChatGPT?

• European privacy watchdogs, such as the Italian DPA and the European Data Protection Board (EDPB), have started scrutinizing the inaccuracy of ChatGPT and other generative AI tools.
• However, it remains to be seen where these efforts will lead, as OpenAI seems to not even pretend that it can comply with the EU's GDPR.