While the assessment remains ongoing, OpenAI appears to have made little in the way of progress since 2023...
The European Data Protection Board (EDPB) published the first progress report from its “GPT taskforce” and the news isn’t good for ChatGPT.
OpenAI’s efforts to bring its flagship AI model, ChatGPT, into line with European Union rules, including the comprehensive General Data Protection Regulation (GDPR), were noted by the EDPB but ultimately deemed insufficient.
Per the EDPB document:
“Although the measures taken in order to comply with the transparency principle are beneficial to avoid misinterpretation of the output of ChatGPT, they are not sufficient to comply.”
The findings come as OpenAI has spent much of 2024 dealing with temporary stop orders from several European member states.
As Cointelegraph reported back in January, Italy’s data protection agency found that ChatGPT and OpenAI were still afoul of Italian and EU data privacy laws despite having been warned and subsequently banned back in March 2023.
According to the EDPB’s report, OpenAI hasn’t done enough in the time since to bring ChatGPT in line with the EU’s laws.
The chief complaint appears to be that ChatGPT is prone to outputting inaccurate information.
“As a matter of fact,” writes the EDPB, “due to the probabilistic nature of the system, the current training approach leads to a model which may also produce biased or made up outputs.”
The report also expresses EDPB worries that “the outputs provided by ChatGPT are likely to be taken as factually accurate by end users,” whether they’re accurate or not.
It’s unclear at this time exactly how OpenAI could bring ChatGPT into compliance. The GPT-4 model, for example, contains billions of data points and around a trillion parameters.
It would be infeasible for humans to comb through the dataset to verify its accuracy to a degree that would allow it to be said to be reasonably accurate by GDPR standards.
Unfortunately for OpenAI, the EDPB explicitly wrote that “in particular, technical impossibility cannot be invoked to justify non-compliance with these requirements.”