BUSINESS

OpenAI shifts EU data processing to its Dublin office

3 Jan 2024

A computer screen with the OpenAI logo on a website, which is being focused on by a magnifying glass. There is a purple background behind the screen.

Image: © IB Photography/Stock.adobe.com

The company behind ChatGPT has made its Irish entity the data controller for customers that live in the EEA and Switzerland, after announcing its Dublin office last year.

OpenAI has given its Dublin office more data responsibility in Europe, as it moves to comply with EU data privacy regulations.

The company behind ChatGPT has listed its Irish entity as the data controller for customers that live in the European Economic Area (EEA) and Switzerland. This means that the processing of personal data from customers in this region will be handled by OpenAI’s Dublin office, according to its Europe privacy policy.

An email seen by TechCrunch was sent out to users at the end of 2023 informing them of the change, while OpenAI’s Europe terms of use have also been updated to reflect the change.

Users in the UK will continue to have their personal data processed by OpenAI’s head office in San Francisco, according to the Europe privacy policy.

OpenAI opened an office in Dublin in September 2023 as a way to expand its presence in Ireland and the European market. At the time, CEO Sam Altman said the company chose Ireland because it “blends a talented workforce with support for innovation and responsible business growth”.

But the move also followed a period of regulatory scrutiny for OpenAI, as it faced issues in the European market around data regulation. In April 2023, Italy issued a temporary ban on the company’s flagship product – ChatGPT – due to concerns that it had breached GDPR.

Later that month, the EU formed a dedicated task force to monitor ChatGPT and multiple countries in the EU hinted at plans to either ban or investigate the AI model.

By shifting its European data processing to Ireland, OpenAI is on track to join multiple Big Tech companies that are monitored by Ireland’s Data Protection Commission (DPC) for GDPR enforcement.

The DPC has been responsible for issuing various fines and investigations, but has also been criticised over the years, with accusations of having “torturous” procedures and being a “bottleneck of GDPR investigation and enforcement”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com