Canadian Privacy Regulators Find ChatGPT Violated Privacy Laws on Training Data, Consent, and Retention

Summary

Four Canadian privacy regulators — the federal Office of the Privacy Commissioner and the provincial regulators of Quebec, British Columbia, and Alberta — published joint findings on May 6 concluding that OpenAI's ChatGPT (specifically GPT-3.5 and GPT-4 era models) violated Canada's federal Personal Information Protection and Electronic Documents Act and three provincial privacy statutes. The report identified violations across seven discrete legal issues: large-scale scraping of personal data w