2

There is an article on El Reg where the author asks ChatGPT about themselves, and they get back some information. If this data acquisition and dissemination process was being performed specifically by a company it would clearly be a situation where the GDPR applies, and the company would have certain responsibilities. However it seems probable that the actual design and implementation of ChatGPT was a bit higher level than that.

Does the GDPR apply to ChatGPT and the other chatbots that are in development around the world that are trained by reading the internet?

Improve this question
2
  • Are you referring to asking ChatGPT questions, or training ChatGPT, which are two entirely separate things. The header mentions training, but the question seems to be about asking ChatGPT questions and what restrictions apply to its responses.
    – Stuart F
    Commented Mar 3, 2023 at 13:13
  • I am referring to training ChatGPT. I refer to the questions and answers to illustrate the data that has been captured, and I ask if the capture and processing of this data that was necessary to generate these answers falls under the scope of the GDPR. IE. if I find my data returned, can I make an SAR to OpenAI?
    – User65535
    Commented Mar 3, 2023 at 13:30

2 Answers 2

Reset to default
4

Yes

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

ChatGPT, or more precisely the owner of Chat GPT, certainly does all the things in bold and probably some of the others as well.

Improve this answer
-1

Yes.

Does the operating entity of the AI gather data about a person? That's processing.

Do they feed it into an algorithm? That's processing.

‘processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means...

Improve this answer
4
  • How is it gathering information about a person?
    – Stuart F
    Commented Mar 3, 2023 at 13:13
  • Exactly how it is doing it is a question, since when asked it returns non-existent web pages. However is ability to provide personal information appears to prove that it has been gathered.
    – User65535
    Commented Mar 3, 2023 at 14:02
  • @User65535 it does not matter how it is done, the fact that it is done is violating law.
    – Trish
    Commented Mar 4, 2023 at 15:02
  • @StuartF it does not matter, whoever feeds the information has to gather them first, so they process them.
    – Trish
    Commented Mar 4, 2023 at 15:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .