New OpenAI Business Terms and what it means for GDPR

Community
1

Hey everyone,

so I’ve just read through the new privacy update that OpenAI has released. It states that for Customers in the EU, OpenAI Ireland will be the business partner starting on 15. february.
Does that mean data from the API will only be processed in the EU?

Below you can see the relevant exerpt:

Who We Are

We have changed the OpenAI entity that provides our services like ChatGPT to EEA and Swiss residents to our Irish entity, OpenAI Ireland Limited.

There are no changes for residents of the UK. OpenAI, L.L.C. will continue to be the service provider for UK users.

1 Like
2

I would also like to know more about this. It’s really important for countries in Europe that the data doesnt go to USA. I know Azure guarantees that. Could Open ai come with a similair guarantee?

3

This is one source to start wondering if OpenAI may or may not process personal data of EU customers in the States. And is it including non-personal data, with ability to connect data streams to identifying real persons from sources that aren’t personal data per se :smirk:

4

Indeed, the lawyers say it does matter a lot - if the data goes outside of the EU.

Any info on this?

5

Unfortunatelly just registering a Irish Entity is NOT GOOD ENOUGH.

to be compliant with GDPR openAI needs to have it US Entity comply with this:
EU-US data privacy framework

They are currently not on the DPF List.
So they cannot be used in Europe.

6

The best advice this community can offer is to contact OpenAI directly with any questions regarding your specific situation.
This is the developer community for building with OpenAI tools and while we love to help, some issues are outside the boundaries of building new apps.

Please refer to the privacy policy for the contact addresses.

** 11. How to contact us**
Please contact support if you have any questions or concerns not already addressed in this Privacy Policy. Alternatively, you can write to us at privacy@openai.com or the address above under Section 1 (Data Controller).

You can contact our Data Protection Officer at dpo@openai.com in matters related to Personal Data processing.

If you are reading these documents to deepen your understanding of how OpenAI is compliant with the local data privacy laws, make sure that you are referencing the privacy policy for your region.

Here is the privacy policy for the EU/EEA, Switzerland and UK

Also take into account the additional information and options provided by the Data processing addendum

I hope this helps!