CANADA RULES OPENAI BUILT CHATGPT BY BREAKING PRIVACY LAW FROM THE VERY FIRST DAY
Canada’s Privacy Commissioner, working alongside provincial counterparts in Quebec, British Columbia, and Alberta, issued formal findings on May 6 concluding that OpenAI violated Canadian privacy law in training ChatGPT. The investigation took three years to complete, was triggered by a 2023 complaint, and arrived at the conclusion that the violations were not edge cases or technicalities. They were foundational. OpenAI scraped personal data from the internet at massive scale without consent, without transparency, and without any proportionality assessment. Health records, political views, and children’s data were all swept up in the collection.
OpenAI committed to remediation steps and the federal commissioner conditionally resolved the complaint. That resolution did not satisfy everyone. Provincial regulators in British Columbia and Alberta refused to accept the resolution and are continuing their own enforcement proceedings. Their position is that consent for data already scraped cannot simply be obtained retroactively, which is the only remedy OpenAI could realistically offer.
This is the first major national privacy authority to issue findings treating AI training data collection as a systemic privacy violation requiring remediation orders. It will not be the last. The UK’s ICO, Germany’s data protection authority, and France’s CNIL are each running parallel investigations using the same framework. OpenAI’s standard argument that public web data is fair game for training is now legally contested in every major jurisdiction that has comprehensive privacy law.
Keywords: Canada OpenAI ChatGPT privacy, PIPEDA ChatGPT violation, AI training data privacy law, OpenAI privacy ruling