Poland Opens GDPR Investigation into ChatGPT and OpenAI amid Mounting Privacy Concerns - eviltoast

It’s not surprising that ChatGPT has been accused of breaching the EU’s main privacy law – PIA blog noted that ChatGPT was a privacy disaster waiting to happen back in February. As the first complaint to be taken up by an EU data protection agency, this case will be watched closely by other EU Member States, and around the world. The Polish inquiry is likely to investigate many of the key GDPR issues that arise for AI programs and be used as a benchmark in future legal cases.

  • Izzy@lemmy.ml
    link
    fedilink
    arrow-up
    6
    arrow-down
    14
    ·
    1 year ago

    What happens when countries start looking at Lemmy? This place doesn’t really do anything to adhere to GDPR laws.

      • 🔪Criminal Unicorn🦄@feddit.uk
        link
        fedilink
        arrow-up
        14
        arrow-down
        3
        ·
        1 year ago

        Your username would fall under GDPR as personally identifiable information - also if your instance asks for an email address, that is also personally identifiable information under GDPR.

        I think any posts that users can contribute to a social network, also fall under GDPR.

        This is a potential issue that many instance owners may not have realised.

        • Magnor@lemmy.magnor.ovh
          link
          fedilink
          arrow-up
          10
          arrow-down
          1
          ·
          1 year ago

          Even if it is, this data is not processed in a way that would violate the law, unless the hosting party is doing something shady. It would be an incredible stretch to consider that a website only asking for a username to attach to a user somehow violates GDPR.

          • Izzy@lemmy.ml
            link
            fedilink
            arrow-up
            12
            ·
            1 year ago

            Well for one thing a user is prevented from deleting their account when banned. I’m pretty sure this can be considered a violation of the law.

            • Magnor@lemmy.magnor.ovh
              link
              fedilink
              arrow-up
              6
              ·
              1 year ago

              Email works the same way. Once your data is received by the other party, you cannot delete it.

              Public mailing lists have a very similar behaviour to the fediverse’s. I am not aware of any credible GDPR cases against those, although it may happen down the line, we’ll see.

            • webghost0101@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              Thats a good point. An instance could comply if there remains a way to submit a remove my data form to the admins. But other instances may also have or retain data with Lemmy being a decentralized network, our data is all over the place, there is no easy way to really be forgotten on the fediverse and neither a way for law enforcement to fine every single instance.

        • Tau@sopuli.xyz
          link
          fedilink
          arrow-up
          3
          arrow-down
          3
          ·
          1 year ago

          But you are giving explicit consent to store that information by way of submitting it

  • sacbuntchris@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    14
    ·
    1 year ago

    All these laws seem inconsistently enforced and extremely vague. Imagine every website having to respond to a dozen investigations from countries around the world. Nothing would ever improve.

    • Izzy@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Things would only get worse for user privacy if nothing is done and we let tech companies do whatever they want whenever they want.