Prof. Dr. Dieter Kugelmann, the State Commissioner for Data Protection and Freedom of Information for Rhineland-Palatinate, has assumed a pivotal role in leading a specialized task force dedicated to artificial intelligence (AI). In a recent development, Kugelmann orchestrated the creation of an extensive questionnaire specifically addressing ChatGPT, an AI language model developed by OpenAI. This comprehensive set of 79 queries serves as a follow-up to a previous information request directed at OpenAI by German data protection supervisory authorities. Although OpenAI’s initial response to the inquiry displayed cooperation and thoroughness, subsequent analysis revealed the necessity for more detailed examination.
As a guardian of citizens’ right to informational self-determination, Kugelmann is determined to ensure that ChatGPT’s data processing aligns with the provisions of the General Data Protection Regulation (GDPR). A key element in this pursuit is unraveling the intricacies of ChatGPT’s operations to comprehend its compliance with societal norms and values. The task force, under Kugelmann’s leadership, is committed to investing substantial effort in scrutinizing ChatGPT, advocating for heightened transparency in the AI’s functionality.
The current series of questions crafted by the task force aims to delve into the legality of ChatGPT’s processing of personal data, with a specific focus on special data categories outlined in Article 9 of the GDPR. This includes data with special protection, such as information related to religion, health, or sexual orientation. Additionally, the task force is critically examining the extent to which the rights of data subjects, including the right to information, correction, and deletion of personal data, are being safeguarded.
Despite OpenAI being a US-based company without a physical presence in the EU, all European data protection supervisory authorities bear the responsibility of ensuring GDPR compliance. Even if OpenAI were to establish an office in Ireland, the review process led by LfDI (State Commissioner for Data Protection and Freedom of Information) would persist, encompassing both present and past statuses. German supervisory authorities will maintain their jurisdiction over future statuses if ChatGPT is offered in Germany, collaborating with the EU headquarters’ supervisory authority, potentially the Irish Data Protection Commission.
DELTA Data Protection & Compliance Academy & Consulting – info@delta-compliance.com
