OpenAI Accused of Data Protection Breaches in GDPR Complaint

August 31, 2023: OpenAI, the company that created the large language model ChatGPT, has been accused of data protection breaches in a complaint filed with the Polish Data Protection Authority (UODO) by privacy researcher Lukasz Olejnik.

The complaint alleges that OpenAI violated the General Data Protection Regulation (GDPR) by collecting and storing personal data without users’ consent, failing to provide adequate information about how their data was being used, and not allowing users to access or delete it.

Olejnik also alleges that OpenAI created a “systemic risk” to users’ privacy by allowing third-party developers to access and use their data without their knowledge or consent.

OpenAI has denied the allegations, saying it complies with all applicable data protection laws. The company has said that it will cooperate with the UODO’s investigation.

Actionable Takeaways:

• Users of OpenAI’s products and services should be aware of the allegations of data protection breaches and take steps to protect their privacy.
• Users should review OpenAI’s privacy policy and understand how their data is collected and used.
• Users should also be careful about what information they share with OpenAI’s products and services.

Practical Takeaways for Businesses:

• Businesses that use OpenAI’s products and services should review their data protection practices to ensure they comply with the GDPR.
• Businesses should also be aware of the risks associated with using AI and other emerging technologies and take steps to mitigate those risks.
• The allegations against OpenAI are a reminder of the importance of data protection. Businesses that collect and use personal data should take steps to comply with the GDPR and other applicable laws.