Austrian NGO files privacy complaint over ChatGPT

Austrian NGO files privacy complaint over ChatGPT

Austrian privacy advocates filed a complaint today (29 April) against US-based software developer OpenAI over its popular chatbot ChatGPT. The group has asked Austria’s privacy watchdog to investigate, claiming the tech start-up is breaching EU data protection rules by being unable to correct false information generated by its artificial intelligence tool.

The General Data Protection Regulation (GDPR) stipulates that information about individuals must be accurate and that citizens should have full access to any personal data that a company might be holding. But OpenAI cannot say what information ChatGPT stores about individuals or even where the data used by the programme comes from, NOYB claims.

“Making up false information is quite problematic in itself. But when it comes to false information about individuals, there can be serious consequences. It’s clear that companies are currently unable to make chatbots like ChatGPT comply with EU law, when processing data about individuals, “ said Maartje de Graaf, a data protection lawyer at with the group, in a statement.

“If a system cannot produce accurate and transparent results, it cannot be used to generate data about individuals,” de Graaf added.

The NGO also alleged that the company was failing to respond to data access requests, although the GDPR obliges companies to provide on request details of all personal data it is holding.


The launch of ChatGPT in November 2022, since when it has amassed over 180m users worldwide, has sparked an intense debate over the uses and dangers of artificial intelligence. The rapid impact of the product and competing machine learning systems has also raised concerns over the lack of legislation to prevent malicious uses such as copyright infringement or creating deepfake audio and video footage.

The action by Austrian privacy advocates is not the first such move against OpenAI. The firm is already the subject of a data protection investigation in Italy, whose national privacy watchdog launched a probe in March, citing concerns over data breaches and the exposure of user conversations and payment information.

In addition, the European Data Protection Board (EDPB) – a body comprising the national data protection authorities of EU members – this month set up a task force on ChatGPT to help coordinate enforcement actions.

The European Commission announced in January that it planned to examine whether Microsoft's investment in OpenAI falls foul of EU competition rules. The US software behemoth wanted to invest $13 billion (€11.8 billion) into the thriving start-up behind ChatGPT.