ChatGPT provided false personal information about privacy activist Max Schrems' birthday when queried, prompting a GDPR compliance complaint filed with Austrian data protection authorities.
Privacy group noyb, founded by activist Max Schrems, filed a complaint with the Austrian data protection authority against OpenAI's ChatGPT for violating EU GDPR privacy rules. The complaint was triggered when ChatGPT failed to provide Schrems' correct birthday, instead making incorrect guesses without indicating it lacked accurate data. When asked about Schrems' birthday, ChatGPT provided three different wrong answers: June 24, September 17, and October 17, while his actual birthday is October 1. Noyb claims this violates GDPR requirements for data accuracy and the right to correct inaccurate information. The organization also argues that OpenAI refused to correct or delete wrong answers and won't disclose information about data sources or processing. Previous reports indicate chatbots invent information 3-27% of the time. Noyb is requesting an investigation into OpenAI's data handling practices and asking for administrative fines. GDPR violations can result in penalties up to 4% of global revenue. The complaint may be handled through EU cooperation mechanisms, with Ireland potentially serving as the primary supervisor since OpenAI's EU base is located there.
Domain classification, causal taxonomy, severity scores, and national security assessments were LLM-classified and may contain errors.
AI systems that inadvertently generate or spread incorrect or deceptive information, which can lead to inaccurate beliefs in users and undermine their autonomy. Humans that make decisions based on false beliefs can experience physical, emotional or material harms
AI system
Due to a decision or action made by an AI system
Unintentional
Due to an unexpected outcome from pursuing a goal
Post-deployment
Occurring after the AI model has been trained and deployed