The Gist

• Privacy breach allegations. OpenAI reportedly harvested massive amounts of personal data illicitly.
• Legal action escalates. OpenAI faces a series of lawsuits, alleging privacy and copyright infringement.
• Data leak incident. ChatGPT suffered a major personal data breach, compromising user information.

OpenAI, makers of Chatgpt, secretly harvested massive amounts of personal data from the internet including private information and private conversations, medical data and information about children without notice to the owners or users of such data and without permission, according to a class-action lawsuit filed this week in the US Northern District Court of California. Microsoft, which invested $10 billion into Openai earlier this year, was also named a defendant.

The lawsuit, filed by Clarkson Law Firm of San Francisco, claims that without this “unprecedented theft of private and copyrighted information belonging to real people,” OpenAI’s products would not be the multi-billion-dollar business they are today. OpenAI is valued at close to $30 billion. The company upended the artificial intelligence world landscape when it debuted in November ChatGPT, the generative AI chatbot that became the fastest-growing app of all-time.

Lawsuits Against OpenAI Become the Norm

This is just the latest in a series of lawsuits to come across the desks of OpenAI’s generative AI innovators. Some in the past six months include:

These lawsuits address issues such as copyright infringement, privacy violation, lack of transparency and defamation. It’s also worth noting that the OpenAI CEO Sam Altman acknowledged in a Senate hearing that the company had been sued many times, describing most of the lawsuits as “pretty frivolous.”

ChatGPT and OpenAI haven’t been perfect, admittedly. In March, OpenAI’s ChatGPT suffered its first major personal data breach. The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window, according to a blog post by OpenAI Friday, March 24.

Related Article: Effective Ways to Prevent ChatGPT Data Breaches

Lawsuit: OpenAI Tracked Children, Collected Data Without Consent

According to the class-action lawsuit filed in California this week, OpenAI intercepted communications of ChatGPT API users (US citizens who used other platforms, programs, or applications which integrated ChatGPT technology) on third-party websites, platforms, applications and programs that have integrated ChatGPT API. Those apps included, but were not limited to: Snapchat, user financial information through Stripe, musical tastes and preferences through Spotify, user patterns and private conversation analysis through Slack and Microsoft Teams and private health information obtained through the management of patient portals such as MyChart.

The lawsuit also claims OpenAI:

• Intercepted Microsoft users’ communications on Microsoft’s websites, platforms, applications and programs that have integrated ChatGPT.
• Violated the California Unfair Competition Law, the Illinois Biometric Information Privacy Act, the Illinois Consumer Fraud and Deceptive Business Practices Act, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. The lawsuit accuses OpenAI of conversion, unjust enrichment, failure to warn and violation of the New York General Business Law.
• Leveraged user data in a manner that far exceeds industry standards and its own representations.
• Deceptively tracked children without consent and designed ChatGPT to be inappropriate for children.
• Took individuals’ private information to train its AI and thereby violated plaintiffs’ property interests.
• Tracked, collected and shared private information without consent. 

“OpenAI used the stolen data to train and develop … products utilizing large language models (LLMs) and deep language algorithms to analyze and generate human-like language that can be used for a wide range of applications, including chatbots, language translation, text generation, and more,” the lawsuit contends. “… Once trained on stolen data, (OpenAI) saw the immediate profit potential and rushed … products to market without implementing proper safeguards or controls to ensure that they would not produce or support harmful or malicious content and conduct that could further violate the law, infringe rights and endanger lives. Without these safeguards, the products have already demonstrated their ability to harm humans, in real ways.”

Potential monetary damages will be argued in court, but the lawsuit says plaintiffs and class members seek all relief available under California Penal Code §637.2, including injunctive relief and statutory damages of $5,000 per violation.

Have a tip to share with our editorial team? Drop us a line: