OpenAI CEO Sam Altman Photo: Justin Sullivan (Getty Images)
OpenAI is under scrutiny in the European Union again — this time over ChatGPT’s hallucinations about people.
A privacy rights nonprofit group called noyb filed a complaint Monday with the Austrian Data Protection Authority (DPA) against the artificial intelligence company on behalf of an individual over its inability to correct information generated by ChatGPT about people.
Even though hallucinations, or the tendency of large language models (LLMs) like ChatGPT to make up fake or nonsensical information, are common, noyb’s complaint focuses on the E.U.’s General Data Protection Regulation (GDPR). The GDPR regulates how the personal data of people in the bloc is collected and stored.
Despite the GDPR’s requirements, “OpenAI openly admits that it is unable to correct incorrect information on ChatGPT,” noyb said in a statement, adding that the company also “cannot say where the data comes from or what data ChatGPT stores about individual people,” and that it is “well aware of this problem, but doesn’t seem to care.”
Under the GDPR, individuals in the E.U. have a right for incorrect information about them to be corrected, therefore rendering OpenAI noncompliant with the rule due to its inability to correct the data, noyb said in its complaint.
While hallucinations “may be tolerable” for homework assignments, noyb said it’s “unacceptable” when it comes to generating information about people. The complainant in noyb’s case against OpenAI is a public individual who asked ChatGPT about his birthday, but was “repeatedly provided incorrect information,” according to noyb. OpenAI then allegedly “refused his request to rectify or erase the data, arguing that it wasn’t possible to correct data.” Instead, OpenAI allegedly told the complainant it could filter or block the data on certain prompts, like the complainants name.
The
group
is
asking
the
DPA
to
investigate
how
OpenAI
processes
data,
and
how
the
company
ensures
accurate
personal
data
in
training
its
LLMs.
noyb
is
also
asking
the
DPA
to
order
OpenAI
to
comply
with
the
request
by
the
complainant
to
access
the
data
—
a
right
under
the
GDPR
that
requires
companies
to
show
individuals
what
data
they
have
on
them
and
what
the
sources
for
the
data
are.
OpenAI did not immediately respond to a request for comment.
“The
obligation
to
comply
with
access
requests
applies
to
all
companies,”
Maartje
de
Graaf,
a
data
protection
lawyer
at
noyb,
said
in
a
statement.
“It
is
clearly
possible
to
keep
records
of
training
data
that
was
used
at
least
have
an
idea
about
the
sources
of
information.
It
seems
that
with
each
‘innovation’,
another
group
of
companies
thinks
that
its
products
don’t
have
to
comply
with
the
law.”
Failing to comply with GDPR rules can lead to penalties of up to 20 million euros or 4% of global annual turnover — whichever value is higher — and even more damages if individuals choose to seek them. OpenAI is already facing similar data protection cases in EU member states Italy and Poland.
This article originally appeared on Quartz.
Comments