Netherlands: Announced Data Protection Authority investigation into OpenAI’s ChatGPT data processing practices compliance with General Data Protection Regulation (GDPR)

On 7 June 2023, the Dutch Data Protection Authority (DPA) announced that it had requested information on OpenAI’s ChatGPT data processing practices and their compliance with General Data Protection Regulation (GDPR). In particular, the DPA requested information on the data used for training the OpenAI’s ChatGPT algorithm. First, OpenAI is required to submit information on whether it is using the data users include in their questions for algorithm training and how the questions posed by users are used in data training. The DPA noted that some users' questions could include sensitive information, including health data. Secondly, the DPA requested information on the OpenAI process for collecting and processing personal data from the Internet. Finally, OpenAI has to provide information on whether users can request the rectification or deletion of inaccurate, offensive or inappropriate data.