OpenAI's ChatGPT faces criticism from the European Data Protection Board for insufficient compliance with GDPR. Discover the latest updates on the AI model's regulatory challenges in Europe.

The European Data Protection Board (EDPB) has released a progress report from its "GPT taskforce," and the findings spell trouble for OpenAI’s flagship AI model, ChatGPT. Despite efforts to align with European Union (EU) data privacy laws, including the stringent General Data Protection Regulation (GDPR), OpenAI’s measures have been deemed inadequate by the EDPB.


Incomplete Compliance with Transparency Principles

The EDPB's report highlights that while OpenAI has taken steps to improve transparency to avoid misinterpretation of ChatGPT’s outputs, these measures fall short of full compliance with GDPR requirements. The board’s critical stance underscores the ongoing challenges that AI developers face in adhering to complex data privacy laws.


Recurring Data Privacy Issues

Throughout 2024, OpenAI has faced multiple temporary stop orders from various European member states. This follows a significant setback in January, when Italy's data protection agency determined that ChatGPT continued to violate Italian and EU data privacy regulations. Despite previous warnings and a ban in March 2023, OpenAI has not sufficiently addressed these legal concerns.


Concerns Over Inaccurate Outputs

One of the primary issues identified by the EDPB is ChatGPT's tendency to produce inaccurate information. The probabilistic nature of AI models like ChatGPT can lead to biased or fabricated outputs, which poses a significant problem under GDPR’s accuracy requirements. The report emphasizes the risk that end users might accept ChatGPT’s outputs as factually accurate, regardless of their actual veracity.


Technical Challenges and Regulatory Expectations

The EDPB’s report points out a substantial challenge for OpenAI: ensuring the accuracy of ChatGPT's vast dataset, which includes billions of data points and around a trillion parameters. The scale of the dataset makes it practically impossible for human verification to meet GDPR standards. Nevertheless, the EDPB explicitly states that "technical impossibility cannot be invoked to justify non-compliance with these requirements," leaving OpenAI in a difficult position regarding regulatory compliance.


Uncertain Path Forward

As it stands, it remains unclear how OpenAI can fully align ChatGPT with GDPR requirements. The complexity and scale of the GPT-4 model complicate efforts to ensure data accuracy and transparency to the levels demanded by EU regulators. Moving forward, OpenAI will need to explore innovative solutions and possibly enhance its AI model governance to meet these stringent standards.


The EDPB’s critical report on OpenAI’s ChatGPT underscores the broader regulatory challenges facing AI technologies within the EU. As AI models continue to evolve and integrate deeper into various sectors, adherence to data privacy laws remains a critical and complex issue. OpenAI’s ongoing struggle to comply with GDPR highlights the need for robust frameworks and innovative approaches to manage and mitigate the risks associated with AI outputs.


(TRISTAN GREENE, COINTELEGRAPH, 2024)