Poland's Personal Data Protection Office (UODO) is investigating how OpenAI's ChatGPT tool processes personal data and is trying to determine if the large language model is GDPR-compliant.
GDPR compliance is critical in the European Union, and companies need to ensure that users' data is handled according to the law. Deviations from the GDPR can bring hefty fines, which all companies try to avoid.
So when any European agency tasked with verifying GDPR compliance takes a closer look at a company, it's usually with good reason. The latest agency to investigate OpenAI and its ChatGPT tool is UODO in Poland, and it's not the first. In fact, several investigations are ongoing in Europe, and they're all checking for the same thing.
"The task of the European personal data protection authorities is to protect European Union citizens against the negative effects of information processing technologies," said Jakub Groszkowski, Deputy President of the Personal Data Protection Office.
He adds that the allegations raised in the complaint raise doubts about OpenAI's systemic approach to European personal data protection rules.
“The Office will therefore clarify these doubts, in particular against the background of the fundamental principle of privacy by design contained in the GDPR," the office says.
The Polish agency looked at ChatGPT after a complaint about the tool generating false information. OpenAI didn't correct the information, although administrators should have done so. Moreover, OpenAI didn't inform the complainant about the source of the data on him used in response to the query.
The investigation will take some time to determine if the tool is GDPR-compliant in Poland. Also, the European Data Protection Board has established a special working group on OpenAI, so it's not the only current investigation into this matter.