Questionnaire to OpenAI
On the 24th, the regulatory authority of the German state of Schleswig-Holstein asked OpenAI, the developer of the AI language model “ChatGPT”, to answer regarding compliance with the General Data Protection Regulation (GDPR) of the EU (European Union). Reported by French AFP.
“When the personal data of European citizens are processed, it is necessary to comply with European data protection laws,” said Marit Hansen, the state’s data protection commissioner. “I would like to know if data protection impact assessments have been conducted and data protection risks managed,” she said.
German authorities want to verify whether OpenAI has sufficiently informed European citizens of their rights to access, rectify or delete their personal data when it is used by ChatGPT. It says. He added that it would also be necessary to clarify how such rights can be exercised. In particular, they appear to be concerned about data processing relating to minors.
Authorities have asked OpenAI to respond to GDPR inquiries by June 11.
EU General Data Protection Regulation (GDPR)
“Personal Data Protection Law” in the EU. It imposes stringent requirements on companies, and non-compliance can result in fines of up to 4% of annual global turnover. The basic principles that companies and organizations should adhere to in order to be GDPR compliant are:
Transparency, data subject rights, data minimization, legal basis, security, data protection principles, data breach notification, international data transfers, representation within the EU, privacy impact assessment.
On March 31st, Italy’s data protection authority temporarily banned ChatGPT products for the first time in Europe, citing OpenAI’s data collection as being in violation of GDPR. The lack of an age verification function for using the service was also seen as a problem.
Under GDPR, tech companies must obtain user consent before using personal data to train their products. In addition, companies operating in Europe must give European residents the option to opt out of data collection and sharing.
Italian authorities require OpenAI to comply with the country’s and GDPR’s privacy regulations by April 30.
Spain’s data protection authority also announced today that it will launch a preliminary investigation into OpenAI over potential privacy violations by ChatGPT.
connection:Italian authorities temporarily restrict ChatGPT, start investigation on suspicion of data protection breach and lack of measures
at European level
The European Data Protection Board (EDPB) announced on the 13th that it has decided to set up a dedicated task force to monitor ChatGPT, following Italy’s enforcement of compulsory measures against OpenAI and the start of a preliminary investigation by Spain.
The task force aims to “facilitate cooperation and exchange of information on enforcement measures that may be taken by data protection authorities” within the EU.
Meanwhile, the European Commission (EC), the EU’s executive body, is working on a regulatory framework for the use of artificial intelligence (AI).
In an interview with the Nikkei Shimbun, EC Senior Vice-Chairman Vestager said he hopes to reach an agreement by the end of the year on a new bill regulating generative AI such as ChatGPT across the EU.
The EU has been preparing a bill on the use of AI, but it is said that it plans to revise the bill in response to the emergence and expanded use of advanced generative AI such as ChatGPT. The bill divides the risks of AI into four stages, and creates a mechanism for evaluating high-risk AI before it is released to the public. The GDPR framework will also be used comprehensively to regulate generative AI.
Article provided by: THE BLOCK
To be the “first and last word” in Crypto.
The Block delivers the highest quality, most important signals in Crypto. Every day, we reach the most influential people in our industry through our website, newsletter, podcasts and events.