Data protection authorities demand OpenAI to share more about how its AI-powered large-language model chatbot ChatGPT works and, more specifically, what happens to the questions users submit.
ChatGPT has taken the world by storm ever since its launch a few months ago, and while most people were mesmerized by its capabilities, few understood how it handles user input, and even fewer know what destinations their queries reach or how OpenAI ultimately uses the data it collects.
Thus, data protection authorities worldwide are now playing catch-up, asking the American artificial intelligence lab to lift the lid of their product and allow regulatory scrutiny to shed light inside.
OpenAI’s Data Practices Questioned
The most recent request of this type submitted to OpenAI comes from the Dutch Data Protection Authority, that wants to learn about how the company uses data to train its language model, whether the questions submitted by people are stored in the system, for how long, and for what purpose.
“The AP wants to know, among other things, how OpenAI handles personal data when training the underlying system. The AP wants to know from OpenAI whether people’s questions are used to train the algorithm, and if so, in what way. The AP also has questions about the way in which OpenAI collects and uses personal data from the internet.”– autoriteitpersoonsgegevens
Apart from that, the Dutch are concerned with the lack of accuracy in the information conveyed to users by ChatGPT-generated answers and ask OpenAI about what measures it plans to take to rectify the problems of delivering inaccurate, outdated, inappropriate, or straight-out offensive responses.
A few days back, it was the turn of the Japanese privacy watchdog to raise similar concerns about OpenAI’s product, underlying that the opaqueness in ChatGPT’s functions leaves open the possibility that it collects sensitive data from user inputs.
Last March, the Italian Data Protection Authority launched an inquiry against OpenAI for potentially multiple GDPR violations, requesting more information on how user data is handled by the platform, following a very exposing data breach incident.
The subsequent talks between the two parties resulted in OpenAI agreeing to add age verification checks for Italian users and an option to block the platform from using any of the user-provided information for model training.
Regulatory Pressure on ChatGPT
Last month, OpenAI’s CEO appeared before Congress and admitted the need to regulate AI models. However, the road to developing and implementing an effective regulatory legal context is still long for the U.S.
On the other hand, Europe announced a comprehensive law today, named the ‘AI act,’ which determines what constitutes AI risk, the levels of risk, and how the industry and the authorities should deal with them.
In what concerns ChatGPT in particular, the AI act proposes compliance with several transparency requirements, including the disclosure of AI-generated content, implementation of measures that prevent the model from generating illegal content, and the regular disclosure of which copyrighted data is used by OpenAI for the training of its models.