top of page

Poland Files Complaint Against OpenAI for Data Handling and Transparency Citing GDPR Violations

Poland security watchdog argues OpenAI's ChatGPT is violating EU General Data Protection Regulation.

Poland security watchdog argues OpenAI's ChatGPT is violating GDPR.
Creator: Sean Gallup Credit: Getty Images. Copyright: 2010, Getty Images.

WARSAW, PL – Poland has taken a significant step by filing a complaint against OpenAI, a major player in the field of artificial intelligence. The complaint, lodged with Poland's Personal Data Protection Office, centers on OpenAI's widely used ChatGPT app.

The GDPR Complaint Against OpenAI

The complaint was initiated by an individual user who expressed concerns about OpenAI's handling of data, citing it as "unlawful and unreliable."

The user alleged that ChatGPT provided inaccurate information about them in response to a query and that OpenAI failed to rectify this error upon request. Additionally, the user claimed they were unable to ascertain which parts of their data were processed by ChatGPT and criticized OpenAI for providing "evasive, misleading, and internally contradictory answers."

Furthermore, the complainant accused OpenAI of not fulfilling its information obligations, particularly regarding the source of data collected in 2021 and the recipients of this data.

In response, the complainant has requested the Personal Data Protection Office to ensure OpenAI complies with GDPR and to scrutinize the company's data processing model within ChatGPT.

OpenAI's potential shortcomings in data handling and transparency are particularly concerning because they may violate the European Union's General Data Protection Regulation (GDPR), which safeguards data privacy.

GDPR Implications

This case presents unique challenges for the Personal Data Protection Office. Firstly, OpenAI is based outside the European Union, making regulatory oversight more complex. Secondly, the complaint revolves around relatively new AI technology, which adds a layer of complexity.

Jan Nowak, President of the Personal Data Protection Office, emphasized the seriousness with which the matter is being treated and highlighted that concerns regarding ChatGPT's compliance with European data protection principles are familiar. The European Data Protection Board has even established a special working group dedicated to OpenAI.

The complainant sought intervention from the Personal Data Protection Office after OpenAI failed to address their GDPR-related requests satisfactorily. Despite the user's request for corrections, ChatGPT continued to generate inaccurate information. OpenAI's response also raised concerns, as it was described as elusive and contradictory.

Deputy President Jakub Groszkowski stressed the need for the development of new technologies to respect GDPR and the rights of individuals. The complaint has raised doubts about OpenAI's approach to European personal data protection rules, prompting the office to investigate the matter thoroughly.


bottom of page