Following Italy, German data protection authorities are now also dealing with ChatGPT. The federal state data protection commissioners have jointly initiated an administrative procedure.
“If personal data is used, including as training data for AI, there must be a legal basis,” Dieter Kugelmann, head of the German AI task force, told Tagesspiegel. “We have to know where the data comes from.”
Without such a legal basis, it would not be possible to operate as before, Kugelmann said. In that case, he said, OpenAI’s ChatGPT would face a ban. Kugelmann and his colleagues from the German federal states have therefore initiated administrative proceedings against OpenAI, the Tagesspiegel reports. In Germany, the independent data protection commissioners of the individual federal states are responsible for private companies like OpenAI and their products.
OpenAI will receive letters from German data protection authorities this week
“We have drafted a joint sample letter with questions for Open AI, which most of the federal state data protection commissioners will send to the company this week,” said Kugelmann, who is also a member of the European Data Protection Board’s recently convened ChatGPT Task Strength. The regulators will then be waiting for OpenAI’s response.
In Italy, ChatGPT was already banned at the end of March and ended up to 20 million euros. Kugelmann considers this to be “risky and on shaky ground from a purely legal point of view” and sees the “widespread rolling out of AI in a blind flight – without a legal basis” as the main problem instead.
“In principle, we see great potential in the use of generative AI,” said Volker Wissing (FDP), Minister of Digital Affairs and Transport, thus speaking out against a ban on ChatGPT. However, he said, there is a need for an appropriate and solid regulatory framework in which values such as democracy and transparency serve as guardrails for the development of AI systems. “The goal must be to conclude negotiations on AI regulation at the EU level this year.”
The GDPR is a major challenge for OpenAI
In addition to Italy and now Germany, authorities in France, Ireland, and Canada are also investigating how OpenAI collects and uses data. The European General Data Protection Regulation (GDPR) is one of the most stringent data protection regulations in the world and gives European citizens rights as “data subjects”.
These include the right to be informed about how their own data is collected and used, and the right to have that data deleted – even if it is publicly available. In short, European data protection poses major challenges for OpenAI and ChatGPT.