1. Website Planet
  2. >
  3. News
  4. >
  5. OpenAI Changes EU Terms and Privacy Policy
OpenAI Changes EU Terms and Privacy Policy

OpenAI Changes EU Terms and Privacy Policy

Ivana Shteriova January 23, 2024
January 23, 2024
ChatGPT creator OpenAI has updated its EU terms of use and privacy policy to reduce regulatory risk in the European Union.

For users residing in the European Economic Area (EEA) (excluding the UK) or Switzerland where the General Data Protection Regulation (GDPR) is in force, Dublin-based OpenAI Ireland Limited will act as a controller and responsible entity for the processing of their Personal Data as defined in ChatGPT’s EU privacy policy. The new terms of use will take effect on February 15.

If the Irish Data Protection Commission (DPC) becomes OpenAI’s main supervisor, it would have the power to slow down any GDPR enforcement on rapid AI development, among other things.

On the other hand, the DPC has raised concerns over how it handles its GDPR oversight of tech companies. Critics accuse it of advocating for lower penalties compared to similar regulatory bodies, taking too long to investigate complaints, and making unorthodox choices like steering away from the main issues of the complaints or refusing to investigate them.

OpenAI obtaining main establishment status under the GDPR with the Irish DPC as its primary oversight controller won’t cease any ongoing GDPR probes of ChatGPT, including those by Italian and Polish regulators. The magnitude of their impact on shaping the EU regulation of OpenAI’s chatbot is still unknown.

OpenAI’s updated EU terms and privacy policy include more details on the legal reasons for collecting people’s data, describing them as “necessary for our legitimate interests and those of third parties and broader society,” including for the training and improvements of its AI models.

OpenAI may attempt to present its consentless mass personal data collection as something it does for the benefit of the general public rather than solely for profit. But GDPR strictly defines a set of only six valid legal bases for processing personal data, including consent, performance of a contract, and public interest.

GDPR employs a one-stop-shop (OSS) approach for companies that handle European data, offering privacy oversight under one supervisory lead in an EU Member State. Privacy watchdogs outside the bloc don’t typically have the power to unilaterally act on concerns related to companies that are GDPR compliant.

Instead, they need to direct their complaints to the main controller. If urgent risks arise, some GDPR regulators can intervene locally, but only in exceptional instances. This is the main reason Big Tech finds the GDPR status so appealing.

Rate this Article
4.7 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
View %s replies
View %s reply
More news
Show more
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1