OpenAI, the artificial intelligence research laboratory, is facing another obstacle in its mission to operate in the European Union. Germany has become the latest European nation to launch an inquiry into OpenAI’s compliance with GDPR, following Italy’s decision to ban the company’s products and Spain’s announcement of a preliminary investigation.
Why are EU regulators asking questions
According to Agence France-Presse, German regulators are seeking clarification on OpenAI’s capability and intentions to comply with GDPR. Marit Hansen, the data protection commissioner for the northern German state of Schleswig-Holstein, informed reporters that German regulators “want to know if a data protection impact assessment has been carried out and if the data protection risks are under control.”
The inquiry comes after watchdog groups in Germany recommended further investigation. Though the news is not a surprise, it adds to the mounting complexity of the situation for OpenAI. The company recently released its GPT-4 model, which has led to increased scrutiny from regulators globally, particularly those in Europe. Meanwhile, Spain’s data protection authority, the AEPD, has also initiated a preliminary investigation into OpenAI over possible non-compliance with GDPR.
Although ChatGPT remains accessible via a Spanish IP address, Italy’s DPA has ordered OpenAI to stop processing locals’ data over a range of suspected breaches of the GDPR, leading to the geoblocking of the service in Italy. The specific concerns of the Spanish regulator have not been provided, and Italy’s DPA has issued a list of measures OpenAI must implement if it wants the local suspension order lifted.
OpenAI’s response
The company has not yet commented on the situation or how it intends to respond to the inquiry. However, German regulators have given OpenAI until June 11 to reply.
What is at stake?
The core concerns raised by regulators in Europe relate to the training data used to develop the GPT artificial intelligence models. Presently, users cannot opt out of having their data included, nor can they modify the models if they make a mistake. Under GDPR, individuals have the right to modify their data to reflect accuracy or be removed from systems altogether. As a result, the situation has created concerns among regulators about OpenAI’s privacy practices and GDPR compliance.
The inquiry by German regulators shows that OpenAI will face more obstacles as it tries to establish itself in the European market. With GDPR being one of the strictest data protection laws in the world, companies need to comply with the regulations to operate in the European Union. The concerns about OpenAI’s AI models demonstrate that regulatory authorities are actively scrutinizing technology companies’ privacy policies and practices.