OpenAI Faces GDPR Complaint Over False Murder Accusation by ChatGPT

Brussels – OpenAI is under scrutiny after a European privacy watchdog filed a complaint against the company, alleging its AI chatbot, ChatGPT, generated false and damaging information about a Norwegian man.

The privacy advocacy group Noyb submitted the complaint to Norway’s Data Protection Authority, citing violations of the General Data Protection Regulation (GDPR). The issue arose when a Norwegian citizen, Arve Hjalmar Holmen, asked ChatGPT about himself. The chatbot falsely claimed he had been convicted of murdering two of his sons and attempting to kill a third, receiving a 21-year prison sentence.

Although the conviction was fabricated, some real personal details, including his hometown and the number and gender of his children, were correct. The false claims could seriously harm an individual’s reputation, raising concerns about AI reliability and misinformation risks.

Legal Implications and GDPR Violations

Noyb argues that OpenAI failed to comply with GDPR Article 5(1)(d), which requires companies to ensure the accuracy of personal data. The complaint urges Norway’s Datatilsynet to take the following actions:

• Order OpenAI to delete the false information permanently.
• Fine OpenAI to prevent future privacy violations.
• Improve ChatGPT’s data accuracy to stop the spread of misinformation.

Hjalmar Holmen expressed his distress, stating, “The idea that someone could read this and believe it is true is terrifying.”

AI Hallucinations and OpenAI’s Response

AI-generated misinformation, known as “hallucinations,” remains a significant issue in large language models. In response to this case, OpenAI has updated ChatGPT to avoid fabricating details about individuals. However, privacy advocates warn that without stricter safeguards, AI-generated falsehoods could continue to cause serious reputational damage.

This case highlights the growing need for AI regulation, ensuring that AI companies prioritize accuracy, transparency, and compliance with data protection laws. The outcome of this complaint could set a major precedent for AI governance in Europe.