ChatGPT still not meeting EU data accuracy standards, says EDPB



The ChatGPT taskforce was set up in 2023 in response to serious concerns about the AI service led by Italy’s data protection authority.

A new report has revealed that the ChatGPT taskforce, which was set up by the European Data Protection Board (EDPB), has found that OpenAI’s efforts to address the risk of the AI producing factually false output are not enough to comply with EU data rules.

The EDPB said “the measures taken in order to comply with the transparency principle are beneficial to avoid misinterpretation of the output of ChatGPT”, but they are “not sufficient to comply with the data accuracy principle”. 

Accuracy is a core aspect of the EU’s data protection rules and in light of this the report noted “due to the probabilistic nature of the system, the current training approach leads to a model which may also produce biased or made up outputs”. Additionally, outputs are likely to be regarded as factually accurate by end users, regardless of actual accuracy. 

The report, which was published today (24 May), stated that parent company OpenAI “shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate measures” adhering to data protection policies and integrating the necessary safeguards to meet GDPR requirements and protect the rights of data subjects.

The report also noted the responsibility of “ensuring compliance with GDPR should not be transferred to data subjects” by simply placing a clause in the terms and conditions that states data subjects are responsible for their chat inputs.

According to the report, the taskforce was established to exchange information between supervisory authorities (SAs) on engagement with OpenAI and facilitate ongoing enforcement activities concerning ChatGPT, as well as to swiftly identify a list of issues on which a common approach is needed in the context of different enforcement actions concerning ChatGPT by SAs. 

Investigations are still ongoing, meaning a full report has not yet been made public, but the positions represented “reflect the common denominator” agreed by the SAs in their interpretation of the applicable provisions of GDPR “in relation to the matters that are within the scope of their investigations”. 

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top