ChatGPT faces a privacy complaint due to misleading hallucinations
A privacy complaint hits ChatGPT for misinformation, demanding correction under GDPR.
OpenAI's ChatGPT is subject to a new privacy complaint in Europe, as the chatbot fabricated a shocking story about a Norwegian individual, Arve Hjalmar Holmen, falsely claiming he was convicted of murdering his children. This case, supported by the privacy advocacy group 'None of Your Business' (Noyb), raises significant concerns over the chatbot's potential to produce egregiously false information, especially when it comes to personal data. The General Data Protection Regulation (GDPR) in Europe demands that personal data be accurate and offers users the right to correct any inaccuracies, a standard that ChatGPT's erroneous outputs challenge. Previous instances, such as inaccurate birth dates or biographical errors, already highlighted flaws in OpenAI's system; however, this case, which deeply affected Holmen and others falsely implicated in severe crimes, pushes the argument further.
Ever since Italy's temporary block on ChatGPT in spring 2023, resulting in a €15 million fine for OpenAI by its Data Protection Authority, European regulators have cautiously maneuvered around Generative AI's regulatory enforcement. Despite past hesitancy, including Ireland's slow progress with a pertinent complaint filed in Austria regarding OpenAI's data practices, the Norwegian authority is urged to investigate this current grievance. Noyb posits that merely displaying disclaimers that ChatGPT 'can make mistakes' doesn't fulfill OpenAI's obligations under GDPR to prevent dissemination of false data.
Additional instances amplify Noyb's complaint, such as a falsely implicated Australian major in a scandal and a German journalist named erroneously in a child abuse case, illustrating a recurring issue with ChatGPT. After an update to its AI model, the bot no longer produced harmful representations of Holmen, linking this change to an improvement in ChatGPT's ability to search for accurate public information online rather than rely on incomplete databases prone to hallucinations. This evolution in functionality promises a step towards minimizing these inaccuracies but raises ongoing concerns about potential residual defamatory information within the AI's model.
Joakim Söderberg, a data protection lawyer at Noyb, stressed that GDPR asserts the clarity of data accuracy, and AI companies cannot simply evade accountability by showing disclaimers. Kleanthi Sardeli, another lawyer at Noyb, emphasized the detrimental reputational effects hallucinations can have, insisting that organizations like OpenAI need actionable measures in place to halt such risks. The open complaints, sustained slow responses from data protection watchdogs, and the unreasonable speed of misleading information dissemination underline the urgency and complexity of addressing these technological and legal discrepancies.
In essence, the challenge outlined in the case not only exposes regulatory gaps in oversight of AI tools like ChatGPT but also underscores the broader ethical implications these technologies uphold. Comprehensive AI regulation and vigilant enforcement mechanisms are paramount to ensure individuals’ rights aren’t compromised. With this complaint, Noyb expects a more vigilant stance from the Norwegian authorities, pressing to settle these breach concerns, rectifying false narratives and potentially reshaping enforcement approaches across Europe.
Sources: TechCrunch, None of Your Business (Noyb), European Union’s General Data Protection Regulation (GDPR), Italian Data Protection Authority, Ireland’s Data Protection Commission (DPC)