Main menu


ChatGPT and data protection in world and society (Europe)


ChatGPT and data protection in world and society (Europe)

To operate in Europe, digital companies must have a transparent privacy policy with consent at its core. However, there are concerns about whether OpenAI, the owner of ChatGPT, is compliant with regulations and whether users are aware of how their data is being used.

ChatGPT has rapidly gained popularity as an artificial intelligence tool capable of generating text, images, and music from existing data. However, questions have arisen about its development speed, intellectual property, potential for misinformation, cybersecurity, and data protection policy.

Italy was the first country to raise the alarm about ChatGPT's potential lack of privacy. On March 31, Italy blocked the use of ChatGPT for allegedly not respecting consumer data protection laws and opened an investigation into OpenAI. The European Data Protection Committee has also created a working group to investigate data protection concerns in member countries, Iceland, Liechtenstein, and Norway.

Spain's AEPD has also expressed concerns about potential breaches of regulations by OpenAI. On April 13, the agency began preliminary investigation proceedings against the American company.

The AEPD's probe against OpenAI is an uncommon action, according to Sergio de Juan-Creix, a lawyer at Croma Legal and a professor at the Universitat Oberta de Catalunya, because the organization infrequently conducts investigations like this. The General Data Protection Regulation (GDPR) is applicable across the board in the European Union, but individual member states still have sovereign rights in this area.

De Juan-Creix explained that the AEPD is requesting information from OpenAI to assess whether the company's data processing practices comply with European and Spanish standards. The agency will investigate whether OpenAI transfers user data to the United States, which is considered unsafe because it does not have equivalent data protection measures to those demanded by the EU.

With the rise of ChatGPT and similar AI tools, individuals are sharing a lot of data, not just their own but also that of others. It is important to know what data is being collected, how it is being used, and whether it is being transferred to third parties or other countries.

Borja Adsuara, another expert in digital law, emphasized the importance of informing users of data processing practices, citing the example of law firms that use AI to write and enter client data but may not know where that data goes or how it is used.

The European regulation applies to any entity that processes the data of European citizens, regardless of where they are located. It obliges companies to appoint a representative in European territory and failure to do so can result in strong sanctions.

Adsuara predicted that OpenAI would eventually open a delegation in Europe to comply with regulations and retain its presence in the European market.