noyb today filed a complaint against the ChatGPT maker OpenAI with the Austrian DPA
noyb.eu
NOYB at first glance appears to basically be a European version of the EFF, focused specifically on GDPR application. Not sure what will come of this, but that is something that hadn't even crossed my mind before - it's basically impossible wiht the current implementation to meet GDPR criteria.
With their "Train on the internet" model and no tracking on that, and AFAIK no way to "un-learn" something without basically going to a previous snapshot of sorts and re-training minus the problematic source(which is a fair impossibility at this point for almost everything that has already been fed into it) there's basically is no way for it to be GDPR compliant. They could maybe re-train it on specific things, but the incorrect associations are basically there forever; even if it's a tiny miniscule chance of those tokens being associated, it's still never going to be zero if they were associated at least once. You could maybe "program" it further with a prompt to avoid that specific association, but if you ahve to keep adding those on top of the base model for every person in the EU who requests a correction, it's going to get unweildly pretty fast IMO. On top of that it's still there if anyone were to acquire a copy of the model without those prompts added.
Then we also come to the fact OpenAI even admits it's entirely just word prediction, not a factual database, so given the previous stipulations, effectively using it as a database may be straight up illegal in EU land due to the requirement for correctness in the GDPR, since that can't be guaranteed.