6. The Rigidity of Rectification: An Oversight in User Data
Management
Risk: Fines for Infringement of Data Subject Rights,
Including Access and
Rectification
One area where ChatGPT falls short in GDPR compliance is in facilitating
users’ right to rectify their data. Article 16 of the GDPR unequivocally
states that individuals have the right to correct any inaccurate
personal data about themselves.
Article 16 EU GDPR: The data subject shall have the
right to obtain from the controller without undue delay the
rectification of inaccurate personal data concerning him or her. Taking
into account the purposes of the processing, the data subject shall have
the right to have incomplete personal data completed, including by means
of providing a supplementary statement.[2]
In the ChatGPT system, your email is tethered to a unique token that
identifies your activity on the platform. Currently, if you change your
email — which is often linked to your phone number — the platform
offers no straightforward way to update this information.
Best Practices: Enable Email Address
Flexibility
Users should be able to effortlessly update their associated email
addresses. Streamlining this process not only enhances user experience
but also brings the platform into compliance with GDPR’s Article 16,
concerning the right to data rectification.
UI Note for Compliance:
“To change the email linked to your account, simply follow this link:
[Link to Change Email]. The procedure is reversible and designed for
utmost simplicity, aligning with Article 16 of the GDPR.”