A non-profit privacy organization called noyb filed a complaint with the Austrian Data Protection Authority (DPA) against OpenAI on Monday, alleging that ChatGPT fails to correct the information it generates about individuals. While it is common for large language models like ChatGPT to fabricate false or absurd information, noyb's complaint focuses on the European Union's General Data Protection Regulation (GDPR). The GDPR sets out the rules for the collection and storage of personal data of individuals within the EU. Despite the GDPR requirement that "OpenAI openly admits that it cannot correct erroneous information on ChatGPT," noyb stated in a statement that the company also "cannot explain the source of the data or what personal data ChatGPT stores," and that it "seems unconcerned" about this issue. According to the GDPR, individuals within the EU have the right to request the correction of inaccurate information about them. Therefore, noyb argues in its complaint that OpenAI has violated this provision by being unable to correct the data. Noyb argues that it is "unacceptable" for falsehoods to be generated "when it comes to generating information about individuals." The complainant, a public figure, asked ChatGPT about his birthday but allegedly received incorrect information repeatedly. OpenAI reportedly refused his request to correct or delete the data, claiming that the data cannot be corrected. Instead, OpenAI allegedly told the complainant that it can filter or block certain prompts, such as the complainant's name. The organization has requested that the Austrian DPA investigate how OpenAI handles data and ensures the accuracy of personal data in its large language model training. Noyb also asks the DPA to order OpenAI to comply with the complainant's request for access to data, a right under the GDPR that requires companies to show individuals the data they possess and its source. OpenAI has not immediately responded to requests for comment. Maartje de Graaf, noyb's data protection lawyer, stated in a declaration, "The obligation to comply with access requests applies to all companies. It is evident that it is possible to keep records of the data used for training or at least to know the source of the information. It seems that with every 'innovation,' there is a group of companies that believe their products are exempt from legal compliance." Failure to comply with GDPR rules can result in fines of up to €20 million or 4% of the global annual turnover, whichever is higher. If individuals choose to seek compensation, they may face even greater losses. OpenAI is already facing similar data protection cases in EU member states Italy and Poland.