OpenAI, the organization behind the popular AI chatbot ChatGPT, has found itself in hot water once again, this time facing a serious privacy complaint in Norway. The issue stems from the chatbot producing false and defamatory claims about a Norwegian citizen, raising overarching concerns about the reliability and accuracy of AI-generated content.
Imagine for a moment discovering that an AI chatbot had fabricated a story about you, claiming you were convicted of heinous crimes, like murdering your own children. That’s the terrifying reality for one Norwegian man who was hit with alarming and completely untrue allegations that he killed two of his children and tried to kill a third. Just think about the emotional turmoil that would cause; it’s enough to make anyone feel horrified and helpless. These unfounded claims not only threaten to damage his reputation but have also generated immense emotional distress.
In a bid to seek justice, privacy advocacy organization NOYB (None of Your Business) is standing by him, stepping in to file a complaint with Norway’s data protection authority, Datatilsynet. They allege that OpenAI, through its chatbot ChatGPT, has breached the General Data Protection Regulation (GDPR) by disseminating false personal information. Joakim Söderberg, a data protection lawyer at NOYB, emphasized the seriousness of this issue, stating, “The GDPR is clear. Personal data has to be accurate. If it’s not, users have the right to have it changed to reflect the truth.” It’s a straightforward entreaty for accountability in a digital age where misinformation can spread far and wide.
Under the GDPR, organizations have a legal obligation to ensure that the personal data they manage is accurate. Individuals have the right to correct anything that might misrepresent them. In this case, the blatant inaccuracies generated by ChatGPT about the complainant open the door for a potential violation of these regulations. It’s important to note that confirmed breaches of GDPR can lead to severe penalties, including fines upwards of 4% of a company’s total global revenue. For a tech giant like OpenAI, that could amount to a significant financial hit.
Unfortunately, this incident isn’t a stand-alone case by any means. ChatGPT has faced mounting scrutiny for its inaccuracies, often referred to as “hallucinations” in AI lingo. These aren’t innocent mistakes—some have even led to serious legal troubles. For instance, in 2023, an Australian mayor found himself contemplating legal action after ChatGPT erroneously reported that he had served time for bribery. In 2024, Italy’s data protection authority slapped OpenAI with a hefty €15 million penalty for mishandling personal data. Not to mention, in the U.S., a defamation suit was filed after ChatGPT invented damaging, fictitious legal claims against a media personality. These examples serve as stark reminders of the very real consequences of AI-generated misinformation.
OpenAI has been forthcoming about the fact that ChatGPT sometimes delivers incorrect information and has implemented disclaimers urging users to verify the chatbot’s outputs. Still, some critics argue these disclaimers don’t do enough to protect individuals from the fallout of erroneous claims. If Norway’s data protection authority determines that OpenAI has indeed violated GDPR regulations, the company could face hefty fines and be compelled to take serious measures to prevent future inaccuracies.
What’s unfolding in Norway is just one chapter in an ongoing story of how AI systems like ChatGPT are being scrutinized in relation to data protection standards. As AI leaps forward, ensuring the accuracy and reliability of what these advanced systems produce isn’t just a concern for developers, but a crucial issue that regulatory bodies must address. As users and consumers of AI technology, we deserve to know that the digital tools we interact with daily uphold the highest standards of truthfulness and accountability.
