Lawfulness of the mass processing of publicly accessible online data to train large language models

Introduction

In early 2020, the New York Times reported that ‘a little-known start-up helps law enforcement match photos of unknown people to their online images’.¹ It was revealed that this start-up, Clearview AI, was operating a facial recognition app that could find the public photos of individuals when a picture of them is uploaded on it, thanks to its database consisting of more than 3 billion images scraped from all over the Internet.² Users of this app were reported to be various, ranging from law enforcement authorities to private companies.³ After this revelation, the company received major criticism and was later scrutinized by judicial and administrative authorities worldwide.⁴ Most notably, data protection authorities (DPA) of France, Greece, Italy, and the UK issued Clearview AI with hefty fines of up to €20M.⁵

In these cases, Clearview AI repeatedly relied on the claim that the scraped images were publicly available so that no privacy interest of the individuals concerned could be claimed.⁶ However, such an argument did not save them from being severely fined in these proceedings as, to the best of our knowledge, only the UK data protection watchdog’s decision was overturned but for jurisdictional reasons.⁷ Unsurprisingly, after the revelation of Clearview AI, the debate on the processing of publicly accessible online data became a hot topic in the data protection context, especially given the controversial cases and emerging business models built on processing these data.⁸ And with the unstoppable rise of large language models (LLMs), it has already become the next big thing.

Since its launch in late 2022, OpenAI’s ChatGPT has been ‘the thing’ that everyone talks about, proven by the fact that it became the fastest-growing consumer application in history by reaching 100 million monthly active users two months after its launch.⁹ Simply put, LLMs like ChatGPT are trained on billions of words available in various (scraped) sources, such as news articles, books, personal blogs, or derived from user interaction, and tasked with recognizing text and generating human-like responses to queries as they are enabled to predict the following words through their learning progress. Accordingly, they are being used for various purposes. Furthermore, some of these models, especially ChatGPT, started offering their users additional functions, such as image processing and generation, thanks to their integrated tools.¹⁰ Like any other technological advancement, however, LLMs, specifically ChatGPT, are not free from controversy. For example, whether these models could replace some professions, how teachers could detect student essays written by these models, how to prevent these models from producing misleading or defamatory answers, how to mitigate the risk of bias and adverse impact on the environment, and whether and to what extent private parties should be allowed to capitalize on the information that Internet users have commonly created are some of the questions that are posed to underline the risks attached to these models.¹¹

The most pressing legal concerns, however, are attached to the fact that a vast amount of (online) data is used for training these models, especially ChatGPT. Although OpenAI is secretive about the training datasets of ChatGPT,¹² there are several clues about what kind of data and sources have been used for its training. For example, OpenAI states that its ‘language models are trained on a broad corpus of text that includes publicly available content, licensed content, and content generated by human reviewers’ and ‘(…) some of our training data includes personal information that is available on the public internet’.¹³ Combining these statements with the existence of the GPTBot,¹⁴ OpenAI’s web crawler, it can be inferred that ChatGPT is trained on, among others, data scraped from various publicly accessible websites. In other words, OpenAI processes massive amounts of online data that is publicly accessible to train ChatGPT. It has been reported that several other developers have also followed the same approach to train their LLMs.¹⁵ Furthermore, it was recently announced that ChatGPT can now browse the Internet to provide its answers.¹⁶ Accordingly, it is claimed that ‘If you’ve posted anything even remotely personal in English on the internet, chances are your data might be part of some of the world’s most popular LLMs.’¹⁷

Unsurprisingly, these practices did not take long to be legally challenged. In the USA, several lawsuits were filed against OpenAI in which the plaintiffs claimed, among others, that ChatGPT was trained on their copyrighted work without permission.¹⁸ As a result of this tension, it is observed that more and more websites, especially publishers, are blocking ChatGPT’s web crawler today.¹⁹ On the other side of the Atlantic, like in the Clearview AI case, DPAs are taking the lead in scrutinizing these practices. For example, the Italian DPA made its way to the international headlines in early 2023 when it blocked OpenAI from processing Italian users’ data due to several violations of the General Data Protection Regulation (GDPR),²⁰ including the lack of ‘legal basis underpinning the massive collection and processing of personal data in order to “train” the algorithms on which the platform relies’.²¹ Although OpenAI has complied with the Italian DPA’s requests to lift this ban and become operational again, this saga appears to have restarted as the Italian DPA recently announced that it has notified several breaches of the GDPR to OpenAI and launched an investigation into its new text-to-video tool, Sora, in which they asked OpenAI to clarify, among others, the legal basis for processing (sensitive) personal data to train its models.²² In the meantime, while several other DPAs have announced their investigations of ChatGPT, the European Data Protection Board (EDPB) has also created a special task force on ChatGPT to foster cooperation and exchange information on possible enforcement actions conducted to that end.²³

At the climax of the legal battles on the mass processing of publicly accessible online data for training LLMs, this article focuses on the most fundamental question in the European Union (EU) data protection context by taking ChatGPT as a case study²⁴: whether a valid legal basis could be found for these processing practices. To that end, it first explains that OpenAI’s mass processing of publicly accessible online data to train ChatGPT falls under the scope of the EU data protection framework and, therefore, there needs to be a valid legal basis for these processing activities. Accordingly, it examines the current discussion on OpenAI’s reliance on legitimate interest, enshrined in Article 6(1)(f) GDPR, as the legal basis for these processing activities. It then demonstrates why Article 9 GDPR should be evaluated to find the proper legal basis for these processing activities instead of Article 6 GDPR in light of the recent case law of the Court of Justice of the European Union (CJEU) since OpenAI processes sensitive and non-sensitive data en bloc when training ChatGPT with publicly accessible online data. The article then examines which exceptions enshrined in Article 9(2) GDPR OpenAI could rely on for training ChatGPT with this method. It first explains why it is practically impossible for OpenAI to obtain and demonstrate the explicit consent of data subjects whose personal data is scraped from the Internet by OpenAI to train ChatGPT. As a second option, the article explores the ‘manifestly made public by the data subject’ exception; however, it reaches the conclusion that the pool of personal data that are manifestly made public by data subjects and, therefore, could be used for training LLMs appears limited. Given that there has been no explicit reference made by OpenAI or any other developer that only this limited amount of personal data is being used for training their LLMs, the article calls for clarification on this matter to provide clarity for all stakeholders. Lastly, the article speculates on a possible way forward and concludes by underlining the responsibilities of all stakeholders involved to ensure that LLMs are developed without undermining the right to data protection of individuals concerned even when, if it exists, a valid legal basis is found.

Personal data processing by OpenAI when training ChatGPT with publicly accessible online data

OpenAI states that ‘OpenAI’s large language models, including the models that power ChatGPT, are developed using three primary sources of information: (1) information that is publicly available on the internet, (2) information that we license from third parties, and (3) information that our users or our human trainers provide.’²⁵ The relevance of this statement for the EU data protection framework is that all these sources contain personal data, and processing them triggers the application of the GDPR. However, since the focus of this article is the first source mentioned by OpenAI, namely the ‘information that is publicly available on the internet’, personal data processing activities conducted by OpenAI are demonstrated from this perspective.

Personal data is defined as ‘any information relating to an identified or identifiable natural person’ in the GDPR.²⁶ Accordingly, various kinds of information may fall under the scope of this definition, such as names, e-mail addresses, license plates, usernames, IP addresses, and so on. Furthermore, in its jurisprudence, the CJEU has provided an expansive interpretation of the definition of personal data, causing a significant expansion in the GDPR’s material scope.²⁷ Based on this case law, for example, dynamic IP addresses and an examiner’s comments on an individual’s answers may constitute personal data.²⁸

When training ChatGPT with the ‘information that is publicly available on the internet’, OpenAI inevitably processes data that is considered personal data as per Article 4(1) GDPR.²⁹ OpenAI itself confirms this by stating, ‘A large amount of data on the internet relates to people, so our training information does incidentally include personal information.’³⁰ In fact, when researchers managed to expose some of ChatGPT’s training data, they revealed, among others, phone and fax numbers, e-mail and physical addresses, social media handles, names, birthdays, and even some explicit content coming from different corners of the Internet.³¹ Regarding the personal data contained in the training datasets of ChatGPT, OpenAI states that

“Web pages crawled with the GPTBot user agent (…) are filtered to remove sources that (…) are known to primarily aggregate personally identifiable information (PII)”.³²

However, it is also acknowledged that “(…) some of our training data includes personal information that is available on the public internet (…) So we work to remove personal information from the training dataset where feasible, fine-tune models to reject requests for personal information of private individuals, and respond to requests from individuals to delete their personal information from our systems. These steps minimize the possibility that our models might generate responses that include the personal information of private individuals.”³³

The phrases in this statement such as ‘where feasible’ and ‘minimize the possibility’ only support the conclusion that ChatGPT is being trained on and could generate personal data. Furthermore, OpenAI mentions that ‘Our models may learn from personal information to (…) learn about famous people and public figures. This makes our models better at providing relevant responses’,³⁴ which only enhances this conclusion. Therefore, it is safe to say that OpenAI processes personal data when training ChatGPT with ‘information that is publicly available on the internet’.³⁵

Regarding the training phase, OpenAI states that

ChatGPT does not copy or store training information in a database. Instead, it learns about associations between words, and those learnings help the model update its numbers/weights. The model then uses those weights to predict and generate new words in response to a user request. It does not ‘copy and paste’ training information—much like a person who has read a book and sets it down, our models do not have access to training information after they have learned from it.³⁶

Even though OpenAI claims with this statement that it does not copy or store the data used for training purposes, this does not change the fact that their operations conducted on ‘information that is publicly available on the internet’ to train ChatGPT still count as processing as defined in the GDPR. This is because Article 4(2) GDPR defines processing as

any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

As can be inferred from the use of ‘any operation’ and ‘such as’ in this provision, the European legislator provides a broad definition of this concept.³⁷ Given this broad definition, it is safe to conclude that operations carried out by OpenAI to make ChatGPT learn about associations between words constitute processing as per Article 4(2) GDPR, even though the training data are not copied or stored in a database. At this point, it should be mentioned that the CJEU has already stated that the collection of personal data from documents in the public domain as well as the activities of a search engine in exploring the Internet automatically, constantly, and systematically in search of the information published therein constitute processing.³⁸ The similarities of the operations conducted by OpenAI on the ‘information that is publicly available on the internet’ to train ChatGPT with the activities considered as processing by the CJEU in these cases only enhance this conclusion.

Can OpenAI rely on Article 6(1)(f) GDPR to process publicly accessible online data to train ChatGPT?

OpenAI has a European establishment,³⁹ provides services to data subjects in the EU,⁴⁰ and does not fall under the scope of any exemptions provided for the material scope of the GDPR. Therefore, when processing personal data, it must comply with several requirements outlined in the GDPR. One of the most important obligations in that regard is complying with the lawfulness principle enshrined in Article 5(1)(a) GDPR, which requires processing activities to rely on a valid legal basis. Accordingly, OpenAI should rely on one of the six legal bases listed in Article 6(1) GDPR for training ChatGPT with the ‘information that is publicly available on the internet’.⁴¹

Whether OpenAI complies with this obligation has already been subject to legal scrutiny. As mentioned above, the Italian DPA blocked OpenAI in early 2023 from processing the personal data of people in Italy due to, among others, the lack of a valid legal basis for processing personal data for training ChatGPT.⁴² While doing so, the Italian DPA required OpenAI to change the legal basis for processing personal data for training purposes by removing any reference to the contract, corresponding to the legal basis enshrined in Article 6(1)(b) GDPR that allows personal data to be processed where it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, and relying on consent or legitimate interest instead.⁴³ OpenAI complied with this request and adjusted its privacy policy, which stated, when addressing users from the European Economic Area, Switzerland, and the UK, that ‘Our legal bases for processing your Personal Information include: (…) Our legitimate interests in (…) developing, improving, or promoting our Services, including when we train our models.’⁴⁴ Although it is observed that OpenAI updated this privacy policy on 15 December 2023, which became effective as of 15 February 2024, the updated version similarly refers to the legitimate interests of OpenAI, third parties, and broader society as the legal basis for processing several types of personal data including the ‘Data [OpenAI] Receive From Other Sources’, which contain ‘information that is publicly available on the internet’, to train OpenAI’s models.⁴⁵

However, these statements only clarify the legal basis for processing the personal data of ChatGPT users. Given that OpenAI processes ‘information that is publicly available on the internet’, it is clear that the personal data of individuals who are not ChatGPT users are also subjected to this processing. Therefore, OpenAI should also have a valid legal basis for processing the personal data of these individuals. An article published on OpenAI’s website sheds light on this issue by stating,

(…) We use training information lawfully. (…) and the primary sources of this training information are already publicly available. For these reasons, we base our collection and use of personal information that is included in training information on legitimate interests under privacy laws like the GDPR.⁴⁶

This demonstrates that OpenAI relies again on Article 6(1)(f) GDPR as the legal basis for processing the personal data of these individuals.⁴⁷

Enshrined in Article 6(1)(f) GDPR, this legal basis allows personal data to be processed when the processing is necessary for a legitimate interest of the data controller or a third party unless the interest or fundamental rights and freedoms of the data subjects concerned override such an interest. As can be inferred from this definition, it is not enough for data controllers to claim to have a legitimate interest to rely on this legal basis; they need to pass a so-called three-step test in which they need to cumulatively demonstrate that (i) the purpose of their processing is legitimate, (ii) the processing is necessary for that purpose, and (iii) the interests and the fundamental rights and freedoms of the data subjects concerned are not overriding their interests claimed to be legitimate.⁴⁸ Accordingly, data controllers relying on this legal basis, including OpenAI, should demonstrate that they pass this three-step test to be able to process personal data in compliance with the lawfulness principle enshrined in Article 5(1)(a) GDPR.

While the reliance on this legal basis for processing publicly accessible online data, including for the purposes of training AI models, has already been discussed in case law,⁴⁹ DPA guidelines,⁵⁰ and literature,⁵¹ whether OpenAI could rely on Article 6(1)(f) GDPR to train ChatGPT with ‘information that is publicly available on the internet’ has also started to be questioned.⁵² In order to answer this question, the three-step test should be applied to OpenAI’s processing activities conducted on these data to train ChatGPT, and the CJEU’s landmark Meta v Bundeskartellamt⁵³ judgment should be used as guidance in such an effort.

Regarding the first step, it should be underlined that the CJEU has already acknowledged in its case law that, in principle, a wide range of interests are entitled to be considered legitimate,⁵⁴ while it should also be noted that there is currently a pending case before it inquiring whether any interest, especially purely commercial interests, could be considered as such.⁵⁵ Nevertheless, in the Meta v Bundeskartellamt case, the CJEU examined, among others, whether ‘product improvement’ could constitute a legitimate interest for a data controller. It acknowledged that a data controller’s interest in improving its product or service to make it more efficient and, therefore, attracting consumers could be considered a legitimate interest in processing personal data.⁵⁶ Accordingly, OpenAI could claim that it has a legitimate interest in processing the publicly accessible online data to train and further develop ChatGPT, which would allow it to pass the first step. Besides, it is also possible for OpenAI to pass this first step by relying on a third party’s legitimate interest, such as society’s interest in accessing the information, as its updated privacy policy also implies.⁵⁷

Regarding the second step, the CJEU requires an assessment of whether the legitimate interest pursued cannot be reasonably achieved as effectively by other means that interfere less with the fundamental rights and freedoms of data subjects, which should be done by specifically checking whether the data minimization principle, enshrined in Article 5(1)(c) GDPR, is respected.⁵⁸ In the Meta v Bundeskartellamt case, the processing activities in question were conducted by Meta to improve their products and services by, in a nutshell, creating profiles of data subjects through processing their personal data, including those available in third-party websites and apps.⁵⁹ Here, the CJEU underlined the massive scale of this processing activity and its significant impacts on data subjects; hence, it questioned whether such processing could be considered necessary for ‘product improvement’ purposes.⁶⁰ This consideration, however, has serious implications for OpenAI. It is self-evident that OpenAI’s mass processing of publicly accessible online data to train ChatGPT cannot be considered compliant with the data minimization principle, which requires the personal data to be adequate, relevant, and limited to what is necessary for the purposes of the processing activity in question, given the massive scale and indiscriminate nature, regarding the type of (personal) data that being processed, of this processing.

Nevertheless, it is also observed that, for example, the Information Commissioner’s Office (ICO), the UK’s data protection watchdog, stated that

currently, most generative AI training is only possible using the volume of data obtained through large-scale scraping. Even though future technological developments may provide novel solutions and alternatives, currently there is little evidence that generative AI could be developed with smaller, proprietary databases.⁶¹

Such an acknowledgement could lead OpenAI to pass the second step. However, it should be underlined here that although the developers of these models similarly claimed that it is impossible to build these models without using copyrighted material, such an argument has already started to be challenged.⁶² Accordingly, whether LLMs could be developed by processing less or minimal publicly accessible online data is still an open question. Furthermore, it is an open secret that developers of these models are looking for more data sources rather than making their LLMs more efficient with less (personal) data processing. In fact, it has even started to be speculated that they may run out of (high-quality) training data in the upcoming years, which already led these developers to look for alternatives to find data to train their models.⁶³ Given these considerations, it is very unlikely that OpenAI could pass the second step.

Lastly, regarding the third step, the CJEU underlined in the Meta v Bundeskartellamt case that the processing activities conducted by Meta had significant impacts on data subjects and, more importantly, highlighted that data subjects could not have reasonably expected their data to be processed by Meta.⁶⁴ When these considerations are applied to OpenAI’s processing activities, it should be said that individuals whose personal data are scraped from publicly accessible online sources were unaware and could not have reasonably expected that their personal data would be used for training ChatGPT, especially considering the novelty of LLMs and the business models and products that are being developed on the mass processing of publicly accessible online data in general. Besides, there have been cases already reported where ChatGPT produced false information about individuals, which was sometimes defamatory.⁶⁵ This proves that OpenAI’s processing activities conducted on ‘information that is publicly available on the internet’ could have significant adverse impacts on individuals. Furthermore, it should be noted that the CJEU highlighted in the Meta v Bundeskartellamt case that the scale of Meta’s processing activities was so massive that it was liable to cause certain chilling effects, such as data subjects feeling as if their private lives were being continuously monitored.⁶⁶ Similar concerns exist also in the context at hand. The race to mass processing of publicly accessible online data to train LLMs, and AI models in general, could lead to certain chilling effects on individuals, as they may tend to express themselves online less to prevent these models from inferring particularly detailed pictures of their private lives.⁶⁷ This is even more true for those in creative professions, as they may restrict the online disclosure of their work to prevent the developers from using them for training LLMs and gaining (financial) benefits without their permission. In fact, the lawsuits and complaints filed against these developers claiming several copyright and data protection infringements could only prove these concerns. Therefore, the fundamental rights and freedoms of data subjects, especially those in creative professions, could override the legitimate interest of OpenAI and/or other third parties when OpenAI processes the ‘information that is publicly available on the internet’ to train ChatGPT in the absence of effective (technical) measures to mitigate the risks posed on them.⁶⁸

As it appears, OpenAI could pass the first step of the so-called three-step test of Article 6(1)(f) GDPR but may fail to do so regarding its second and third steps. Therefore, it is very unlikely that OpenAI could rely on Article 6(1)(f) GDPR for training ChatGPT with publicly accessible online data unless it alters its processing activities conducted on these data to adhere to the data protection principles, such as data minimization, and implement (technical) measures to mitigate the risks posed on the fundamental rights and freedoms of the data subjects concerned, especially those in creative professions. If the same line of reasoning is followed, the DPAs examining the lawfulness of these processing activities might also reach this conclusion as opposed to their Italian colleagues, who lifted the ban on ChatGPT after OpenAI switched the legal basis to Article 6(1)(f) GDPR for training purposes. However, even such a conclusion might be incorrect since the mass processing of publicly accessible online data to train LLMs falls under the scope of Article 9 GDPR, as it involves sensitive data processing.

Sensitive personal data processing by OpenAI when training ChatGPT with publicly accessible online data

In the EU data protection framework, certain types of personal data, such as those that reveal political opinions or concern the health or sexual orientation of data subjects, are considered sensitive, as their processing poses significant risks to data subjects’ fundamental rights and freedoms.⁶⁹ Accordingly, their processing is prohibited as per Article 9(1) GDPR,⁷⁰ unless it relies on one of the exceptions listed in Article 9(2) GDPR. While processing publicly accessible online data, OpenAI inevitably processes several types of sensitive data given the diverse nature of the information accessible on the Internet, such as data related to the political opinions or health status of individuals.⁷¹ Therefore, at first glance, it should be inferred that the stricter protection regime provided by Article 9 GDPR instead of Article 6 GDPR should apply to the personal data processing conducted by OpenAI, at least for personal data relating to the categories listed in Article 9(1) GDPR.

However, this might also be an incorrect inference at this point. First, although the list provided in Article 9(1) GDPR is exhaustive, the CJEU has recently opened the door for a broad interpretation of what constitutes sensitive data. In the OT⁷² judgment, the CJEU interpreted whether personal data that is liable to indirectly disclose the sexual orientation of a natural person constitutes sensitive data. By applying teleological interpretation, the CJEU provided a positive answer to this question and, therefore, included personal data, such as the name of the spouse, cohabitee, or partner of the data subject, that might (indirectly) reveal his or her sexual orientation within the scope of the protection regime of Article 9 GDPR.⁷³ While reaching this conclusion, it especially highlighted that when such information is published online, combining it with other information enables a particularly detailed picture of the private lives of data subjects to be drawn, increasing the seriousness of the interference with their fundamental rights and freedoms.⁷⁴

This interpretation appears essential in determining to what extent personal data processed by OpenAI is subject to Article 9 GDPR regime. This is because personal data that is initially not considered sensitive could be combined with other (sensitive) personal data by ChatGPT to produce sensitive data about individuals as output while generating answers.⁷⁵ At this point, it should be mentioned that although OpenAI claims that it does not use data for building profiles of people,⁷⁶ it also expresses that ‘Our models may learn from personal information to (…) learn about famous people and public figures. This makes our models better at providing relevant responses.’⁷⁷ Such a statement could be understood as ChatGPT may use its training data to draw particularly detailed pictures of the private lives of individuals, at least for those belonging to certain groups, which may reveal sensitive information about them. Therefore, not only the personal data classified as sensitive by their nature but also those initially not considered sensitive could fall under the scope of Article 9 GDPR when training ChatGPT with publicly accessible online data. However, given the vast amount of personal data processed by OpenAI with this method, it would be practically impossible to discriminate between non-sensitive and (potentially) sensitive data at the time of their processing to determine which of those fall under the scope of Article 9 GDPR.

At this point, the Meta v Bundeskartellamt judgment should be revisited. In this case, the CJEU stated that when the processing in question contains both sensitive and non-sensitive data and such personal data is collected en bloc without the controller being able to separate them at the time of the collection, these processing activities should be subjected to Article 9 GDPR.⁷⁸ This interpretation has serious implications for OpenAI. First, since OpenAI processes vast amounts of data scraped from the Internet to train its models, the training dataset of ChatGPT contains sensitive and non-sensitive personal data en bloc. Secondly, considering OpenAI states that it removes personal data from its training datasets ‘where feasible’, it appears that OpenAI cannot discriminate between (potentially) sensitive and non-sensitive personal data at the time of their collection. Therefore, all personal data that are publicly accessible online and processed by OpenAI to train ChatGPT falls under the scope of Article 9 GDPR.

In Meta v Bundeskartellamt judgment, the CJEU further stated that Article 9 GDPR applies irrespective of the fact that sensitive data in question relates to individuals other than the users of the controller, whether such information is correct, or the controller intended to obtain information that constitutes sensitive data.⁷⁹ Such conclusions, again, have serious implications for OpenAI. First, it is understood that the personal data of individuals other than ChatGPT users, whose personal data are scraped from publicly accessible sources online, are also subject to Article 9 GDPR. Secondly, data used for training ChatGPT that are inaccurate or even ChatGPT’s hallucinations, which correspond to the answers provided by ChatGPT that are inaccurate yet convincing,⁸⁰ could trigger the application of Article 9 GDPR regime. And thirdly, as long as sensitive data are processed, Article 9 GDPR applies regardless of OpenAI’s intention to teach its models ‘about the world, not private individuals’.⁸¹ All these indicate that personal data processing done by OpenAI to train its models by using publicly accessible online data should be evaluated through Article 9 GDPR.⁸²

This conclusion would lead processing activities by OpenAI to train ChatGPT with publicly accessible online data to be prohibited unless it relies on one of the exceptions provided in Article 9(2) GDPR. Among the exceptions provided therein, only two appear suitable for such purposes. The first is obtaining explicit consent from data subjects,⁸³ and the second is processing personal data that are manifestly made public by data subjects.⁸⁴ Since there is no hierarchy between these legal bases,⁸⁵ OpenAI could rely on either of them.

Can OpenAI rely on Article 9(2)(a) GDPR?

According to Article 9(2)(a) GDPR, sensitive personal data could be processed based on the explicit consent of the data subject. While the GDPR defines consent in Article 4(11) GDPR, which requires consent to be freely given, specific, informed, and unambiguous, it falls short of defining what constitutes ‘explicit’ consent. Nevertheless, explicit consent is interpreted as the type of consent that fulfils the cumulative requirements enshrined in Article 4(11) GDPR and is accompanied by an express statement of the data subject.⁸⁶

Freely given consent corresponds to data subjects’ genuine and free choice when providing consent and the ability to refuse or withdraw consent without detriment.⁸⁷ It also requires data subjects to be free from any inappropriate pressure or influence and considers whether there is a power imbalance between the data subject and the controller that might compromise the data subject’s free choice.⁸⁸ Specific consent corresponds to consent that is provided separately for different processing purposes.⁸⁹ Informed consent requires data subjects to receive information about the processing in an intelligible and easily accessible form with clear and plain language so they can make an informed decision.⁹⁰ Lastly, unambiguous consent requires the data subject’s clear and affirmative action.⁹¹ Specifically, Recital 32 GDPR states that while ticking a box when visiting a website or another statement or conduct that clearly indicates the data subject’s acceptance satisfies this condition, silence, pre-ticked boxes, or inactivity would fall short of doing so. Given these requirements, this condition is also considered closely related to the explicitness requirement,⁹² which refers to the way the consent is expressed.⁹³ To that end, the EDPB mentions that the explicitness in online settings could be ensured by filling in an electronic form, sending an e-mail, uploading a scanned document with the signature, using an electronic signature, or ticking boxes on an explicit consent screen presented when visiting a website.⁹⁴

As can be inferred from these explanations, explicit consent has strict requirements to be fulfilled. Therefore, it can be argued that relying on the explicit consent of data subjects as the legal basis for training ChatGPT by processing their publicly accessible online data does not appear feasible for OpenAI due to its practical and legal implications.⁹⁵ This is because, given that potentially millions of data subjects are subjected to these processing activities, it would be a very challenging, in fact impossible, task for OpenAI to obtain and demonstrate their explicit consent. For example, in order to comply with the informed consent condition, OpenAI needs to, among others, provide information about its processing activities to these individuals before processing their personal data to train ChatGPT. It would be practically impossible for OpenAI to do so given that it has no contact with these individuals to begin with, as their personal data are scraped from all different corners of the Internet.⁹⁶ Besides, even in such a case where OpenAI miraculously overcomes such practical hardships and manages to obtain and demonstrate the explicit consent of all these individuals, it would have to deal with further challenges as a result of relying on explicit consent as the legal basis for these processing activities. For instance, data subjects are entitled to withdraw their (explicit) consent at any time without that withdrawal retroactively affecting the lawfulness of the processing in question.⁹⁷ However, it is yet to be known whether and to what extent OpenAI could comply with such withdrawals to ensure that the personal data in question is no longer fed into the training datasets of ChatGPT.

Given such concerns about relying on Article 9(2)(a) GDPR as the legal basis for training ChatGPT with publicly accessible online data, OpenAI might seek the legal basis for these processing activities under another exception provided in Article 9(2) GDPR. At this point, it should also be remembered that although the Italian DPA asked OpenAI to switch its legal basis to consent or legitimate interest for training purposes, OpenAI decided to go for legitimate interest instead of consent. Perhaps such a decision was made to circumvent legal and practical hardships in obtaining the consent of these individuals. Accordingly, the same hesitance could be expected when obtaining their explicit consent is in question.

Can OpenAI rely on Article 9(2)(e) GDPR?

As it appears that OpenAI cannot rely on Article 9(2)(a) GDPR for processing publicly accessible online data to train ChatGPT, the ‘manifestly made public by the data subject’ exception should be evaluated further to determine whether it could serve as the legal basis for such purposes. In fact, it would also be in line with the continuous claims of OpenAI that it processes information that is publicly accessible. At this point, it should also be recalled that the CJEU also hinted at such a direction in the GC and Others v CNIL⁹⁸ case by stating that this exception applies to search engine operators who also process publicly accessible online data en masse.⁹⁹ Nevertheless, the CJEU underlined that compliance with other obligations, specifically the principles set out in Article 5 GDPR, should be upheld even in such cases.¹⁰⁰ Accordingly, evaluating whether this exception could provide a valid legal basis for OpenAI needs to be interpreted through this perspective by examining the relevant case law, official guidelines, and literature.

Enshrined in Article 9(2)(e) GDPR and Article 10(c) of the Law Enforcement Directive¹⁰¹ in the EU data protection framework, the ‘manifestly made public by the data subject’ legal basis appears as one of the most neglected legal bases given the lack of legislative and judicial interpretation on it. Besides, very limited guidance has been provided by the EDPB and DPAs on this legal basis. And the very scarce literature dedicated to explaining what are the conditions of this legal basis mainly stated that the data subject’s intentional, voluntary, and positive act should be demonstrated to be able to rely on the ‘manifestly made public by the data subject’ exception when processing sensitive personal data.¹⁰² Nevertheless, finally, in the Meta v Bundeskartellamt case, the CJEU clarified how this exception should be interpreted.

In this case, the CJEU first stated that this exception should be interpreted strictly, and personal data can be considered manifestly made public when data subjects have intended to make their personal data accessible to the general public explicitly and by clear affirmative action.¹⁰³ In this line, it was first acknowledged that a mere visit to a website or app where sensitive data are processed cannot be considered as manifestly making personal data public.¹⁰⁴ Then, the CJEU evaluated the situation in which data subjects enter information or, in other ways, interact with websites and apps that process sensitive data and underlined that whether that interaction is public should depend on the individual settings chosen by the data subject.¹⁰⁵ Therefore, if data subjects have an actual choice to do so and explicitly accepted to make their interactions, such as entering information on a website or app, accessible to the general public, instead of a more or less limited number of selected persons with full knowledge of the facts, their personal data could be considered manifestly made public by them.¹⁰⁶ On the other hand, if no such individual settings are available on the websites or apps with which the data subject interacts, such an evaluation should be made by inquiring whether data subjects have explicitly consented to their data being accessible by any person having access to that website or app, based on the express information provided to them.¹⁰⁷

Currently, OpenAI mentions that: ‘Web pages crawled with the GPTBot user agent may potentially be used to improve future models and are filtered to remove sources that require paywall access, are known to primarily aggregate personally identifiable information (PII), or have text that violates our policies.’¹⁰⁸ Since no separation is mentioned between the websites that provide their users with such privacy settings and those that do not, whether OpenAI could rely on Article 9(2)(e) GDPR when training ChatGPT with publicly accessible online data should be evaluated regarding both cases.

In cases where data subjects are presented with privacy settings to make their personal data publicly accessible

First, whether OpenAI could rely on Article 9(2)(e) GDPR for processing the personal data of data subjects who made their personal data publicly accessible through individual privacy settings should be evaluated. In such cases, the CJEU asks whether data subjects have clearly made their personal data publicly accessible with clear affirmative action and full knowledge of the facts.¹⁰⁹ Accordingly, three conditions that form this exception, namely, ‘manifestly made’, ‘public’, and ‘by the data subject’, should be evaluated through this perspective.

‘Manifestly made’

For personal data to be considered ‘manifestly made’ public, the CJEU requires an explicit, affirmative, and in advance choice of data subjects made with full knowledge of the facts.¹¹⁰ An explicit and affirmative choice could be ensured with, for example, an opt-in mechanism embedded in the privacy settings, through which data subjects can choose to make their personal data accessible by (selected groups of) users of that website or the general public. This approach also aligns with the data protection by design and by default principle enshrined in Article 25 GDPR, as it specifically requires that ‘(…) by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.’¹¹¹ It is observed that the EDPB also favoured this approach, as it listed the default settings of a platform among the conditions to be considered for relying on Article 9(2)(e) GDPR to process the personal data available on social media platforms.¹¹² Specifically, the EDPB mentioned that the default settings of a service that makes the personal data in question publicly accessible cannot lead this personal data to be classified as ‘manifestly made’ public.¹¹³ Furthermore, the European Data Protection Supervisor (EDPS) also took into account whether a social media platform offers its users private and public options regarding the visibility of their accounts when deciding whether personal data processed from that platform is ‘manifestly made’ public.¹¹⁴

Based on these interpretations, it should be concluded that the personal data of users of the websites operating an opt-out policy, making personal data available on them automatically publicly accessible unless the data subject opposes this disclosure, cannot be considered as ‘manifestly made’ public. In other words, for this criterion to be met, OpenAI should demonstrate that data subjects whose personal data have been scraped from publicly accessible online sources have opted in to disclose their personal data through their privacy settings. However, the proportion of publicly accessible online data that complies with this requirement is quite debatable, given the vast number of websites that do not comply with this obligation. In fact, it should be noted that even Meta has been slapped on the wrist not once but twice for infringing this obligation by the Irish DPA in cases related to Instagram and Facebook, while the latter case even had a scraping element regarding the publicly exposed personal data.¹¹⁵ Thus, it becomes very questionable to what extent the publicly accessible online data that OpenAI processes to train ChatGPT comply with this criterion.

Furthermore, even in cases where data subjects choose to make their personal data publicly accessible, the CJEU requires such a decision to be made with full knowledge of the facts. Although the Meta v Bundeskartellamt judgment fails to explain further what should be understood from the ‘facts’, by applying teleological interpretation, it can be argued that it corresponds to the potential consequences of disclosing the personal data in question to the public.¹¹⁶ In practice, data subjects learn about these ‘facts’ and decide whether to opt-in to make their personal data accessible to the public by reading documents provided to them by the websites they are interacting with, such as terms of services and privacy policies. However, these documents have long been criticized for, among others, their length, unintelligible language, and take-it-or-leave-it approach.¹¹⁷ Furthermore, they contain vague statements due to their heavy reliance on modal verbs, for example can, could, may, and might, creating uncertainty regarding the purposes and possible further uses of personal data.¹¹⁸ Likewise, these documents may nudge data subjects towards certain options even though data subjects should maintain the highest degree of autonomy possible regarding their choices.¹¹⁹ Stemming from these concerns, the EDPB mentioned that the visibility of the information where the data subjects are informed about the ‘facts’ constitutes a condition in determining whether the personal data in question has been ‘manifestly made’ public.¹²⁰ Accordingly, if the ‘facts’ are, for example, hidden in a lengthy privacy policy that nudges data subjects to disclose their personal data to the public, there can be no ‘manifestly made’ choice of the data subject.

Even where data subjects have been properly informed about the ‘facts’ and autonomously opt to disclose their personal data to the public, certain practices may still compromise their ‘manifestly made’ choices. For example, it is well-known that the documents informing data subjects about the ‘facts’ are subject to frequent changes that are not adequately communicated to data subjects. These silent changes, however, may compromise the data subjects’ ‘in advance’ choices. This is because, due to such changes, for instance, the categories of personal data disclosed to the public may be extended beyond those initially agreed by the data subjects. In fact, the US Federal Trade Commission very recently warned companies, especially AI companies, not to quietly change their terms of services to allow the sharing of their consumers’ data with third parties or using that data for training AI models.¹²¹ Besides, even when data subjects have the full knowledge of the ‘facts’, they may still be willing to disclose their personal data for reasons such as the network effect or to be able to use a service for free, which would, again, compromise their ‘manifestly made’ choices as their autonomy would be infringed in such cases.¹²²

Overall, certain practices may prevent data subjects from having full knowledge of the facts or compromise their ‘manifestly made’ decisions to disclose their personal data to the public. Therefore, whether and how OpenAI filters and processes only the personal data of data subjects who have ‘manifestly made’ their personal data public requires further explanation. In fact, even in such cases, OpenAI may not be able to rely on Article 9(2)(e) GDPR to process these data to train ChatGPT. This is because, as rightly put by the EDPB, ‘The word ‘manifestly’ implies that there must be a high threshold for relying on this exemption.’¹²³ To that end, I argue that the reasonable expectations of data subjects should also be taken into account when determining whether they ‘manifestly made’ their personal data public.

Indeed, the reasonable expectation of the data subject is an important point of reference regarding the assessment of the lawfulness of a processing activity, proven by the fact that the European legislator explicitly referred to it in Recitals 47 and 50 GDPR in this context. Accordingly, it is observed that, for example, the DPAs scrutinizing Clearview AI specifically emphasized that data subjects could not have reasonably expected their images to be processed to create a facial recognition app while determining that Clearview AI’s processing activities were unlawful.¹²⁴ Furthermore, even though the EDPS stated that the European Center for Disease Prevention and Control (ECDC) could rely on the ‘manifestly made public by the data subject’ legal basis to process the personal data of Twitter users with a public account for epidemic intelligence purposes, it nevertheless noted that: ‘(…) it is debateable whether such a Twitter user would reasonably expect that its public post containing special category data would subsequently be further processed by the ECDC via epitweetr for purposes of detecting and preventing potential outbreaks of communicable diseases.’¹²⁵ Moreover, very recently, Advocate General (AG) Rantos also, indirectly, underlined the reasonable expectations of data subjects regarding processing their sensitive personal data based on Article 9(2)(e) GDPR. In his opinion on the Maximilian Schrems v Meta Platforms Ireland Limited¹²⁶ case, where, among others, whether a statement made by an individual regarding his sexual orientation in a panel discussion could enable the processing of such data for personalized advertising purposes is discussed, the AG first stated that by making statements about his sexual orientation in a panel discussion that attracted public interest, was open for the press, and broadcasted live, the data subject manifestly made his data relating to his sexual orientation public as per Article 9(2)(e) GDPR.¹²⁷ However, the AG opined that such a disclosure does not, in itself, enable the processing of these data for personalized advertising purposes by underlining the purpose limitation principle, which is enshrined in Article 5(1)(b) GDPR and requires data controllers to process personal data for specified, explicit, and legitimate purposes.¹²⁸

Similarly, it can be argued that when disclosing their personal data to the public, data subjects could not have reasonably expected their data to be used for training LLMs. This conclusion stems not only from the novelty of the techniques developed to utilize the publicly accessible online data to train these models but also from their invisibility. For example, it has been reported that Google, rather quietly and discreetly, updated its privacy policy to mention that publicly accessible data scraped from the Internet may be used for, among others, training its LLMs.¹²⁹ In fact, it has been observed that more and more companies are updating their privacy policies to allow themselves to use their customers’ and/or publicly accessible online data to train AI models, including LLMs.¹³⁰ These invisible processing activities, however, are liable to lead data subjects to lose control over their personal data and their (subsequent) uses, which may infringe on their fundamental rights and freedoms.¹³¹ These concerns are even more relevant for data subjects who are in creative professions since their reasonable expectation was merely to increase the visibility of their work by disclosing them to the public and not for them to be used for training LLMs, as evidenced by the lawsuits and complaints the developers of these models face globally. Accordingly, OpenAI and other developers should also consider the reasonable expectations of data subjects when determining whether they have ‘manifestly made’ their personal data public. However, as it appears, they rather disregard these expectations, which could prevent them from relying on Article 9(2)(e) GDPR to process publicly accessible online data to train their models.

‘Public’

OpenAI could rely on Article 9(2)(e) GDPR to process publicly accessible online data as long as they are classified as ‘public’. In other words, the personal data in question should have been disclosed to the ‘public’ because of the data subject’s manifestly made decision. However, the GDPR falls short of defining what constitutes ‘public’. Only in Article 25(2) GDPR, it is mentioned that ‘(…) by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.’ This signifies that the term ‘indefinite number of natural persons’ can guide understanding of what ‘public’ means in online settings in the EU data protection framework. The CJEU jurisprudence also appears to be supporting this claim. This is because when the CJEU refers to the ‘public’ in online settings, it uses ‘unrestricted number of people’, ‘indefinite number of people’, ‘unlimited number of persons’, and ‘all Internet users’ interchangeably.¹³² Moreover, specifically in the contexts of data and copyright protection, it checks whether any restrictive measure has been applied to prevent everyone from accessing personal data or the work in question to determine its ‘public’ status. In fact, if no restrictive measures are applied to prevent everyone from accessing the personal data in question, the CJEU assigns ‘public’ status to it even when its dissemination is directed to a specific institution instead of the general public.¹³³ Consequently, it can be inferred that if no restrictive measures are applied and, therefore, the personal data in question is accessible by any Internet user instead of a more or less restricted number or category of users of the website it is posted on, such personal data should be classified as ‘public’.

The EDPB and the EDPS have also followed this line of reasoning, as both underlined that personal data should be accessible by everyone for it to be processed based on the ‘manifestly made public by the data subject’ legal basis.¹³⁴ Specifically, while the EDPB listed the accessibility of a webpage as one of the elements to consider when determining the ‘public’ status of the personal data in question, the EDPS assigned ‘public’ status to Tweets posted from public accounts.¹³⁵ Several DPAs have also issued decisions by following this approach.¹³⁶

This interpretation would allow OpenAI to process the personal data that are accessible by any Internet user based on Article 9(2)(e) GDPR, provided that other conditions of this provision are also met. However, such a clear-cut solution could lead to unfair outcomes as it fails to understand how private and public spheres are defined in online discourses today. For example, does this interpretation mean an Instagram post published on a closed account with 20 million followers is considered ‘private’, but a post published without any hashtags on an open account with only five followers is considered ‘public’? Hence, a contextual approach again appears necessary to determine the ‘public’ status of personal data.

In fact, this contextual approach has also been supported by the EDPB, EDPS, DPAs, and the literature. For example, on the processing of personal data of social media users, the EDPB underscored that the nature of the social media platform should be taken into account when relying on Article 9(2)(e) GDPR.¹³⁷ Specifically, it should be questioned whether the platform aims to connect the data subjects with their close friends and family and create intimate relations or allow them to interact with people beyond their (immediate) social cycles.¹³⁸ The ICO also used social media to describe this contextuality. It stated that it would be hard to consider personal data manifestly made ‘public’ if the post is directed to family and friends, even if it is accessible by the public due to the default privacy settings of that platform.¹³⁹ The EDPS illustrated this contextuality by stating, ‘Publishing personal data in a biography or an article in the press is not the same as posting a message on a social media page’.¹⁴⁰ Furthermore, the ICO mentioned that personal data should be realistically accessible by the public and underlined that ‘information is not necessarily public just because you have access to it.’¹⁴¹ Following a similar line of reasoning, the Norwegian DPA found that Grindr¹⁴² users did not manifestly make their personal data ‘public’ by using the app since their profiles were shown only to a limited number of other users based on their location.¹⁴³ Lastly, Dove and Chen mentioned that if access to data requires a disproportionate and/or resource-intensive effort, it cannot be considered ‘public’.¹⁴⁴

If these contextual considerations are taken into account, the pool of personal data that is in the ‘public’ domain and, therefore, could be processed by OpenAI to train ChatGPT, provided that other conditions of Article 9(2)(e) GDPR are also met, would be significantly limited. This is because it would oblige OpenAI to take into account, for example, whether the personal data in question are directed to close family and friends of the data subject and/or is realistically accessible while determining its ‘public’ status. However, the current understanding of the CJEU on what constitutes ‘public’ in online settings appears to allow OpenAI to process personal data that is accessible by any Internet user to train ChatGPT based on Article 9(2)(e) GDPR, provided that other conditions of this provision are also met. Nevertheless, it should be remembered that, as underlined by the CJEU and the EDPS, even in such cases, compliance with other obligations outlined in the GDPR, especially respecting data protection principles enshrined in Article 5 GDPR, should be ensured.¹⁴⁵

‘By the data subject’

This condition appears to be the most straightforward one, requiring data subjects themselves to disclose their personal data to the public. Accordingly, if a data subject did not opt-in to disclose his/her personal data to the public but it was disclosed by third parties, that personal data could not be considered manifestly made public ‘by the data subject’.¹⁴⁶ Such cases can occur due to, for example, data leaks, technical glitches, or even changes in the disclosure policies of websites that expand the categories of personal data disclosed to the public without informing the users about such a change. If the personal data in question are disclosed to the public under such circumstances, it cannot be processed based on Article 9(2)(e) GDPR, as its disclosure is ensured by others instead of the data subject.

This conclusion has serious implications for OpenAI. This is because it uses various online sources to train ChatGPT and, as underlined by the ICO, ‘the internet also contains information that was not placed there by the person to whom it relates’.¹⁴⁷ In fact, it has already been reported that AI training datasets created by scraping publicly accessible online (personal) data contain leaked (personal) data.¹⁴⁸ Furthermore, it should be recalled that OpenAI states that ‘models may learn from personal information to (…) learn about famous people and public figures.’¹⁴⁹ This statement implies that sources in which information about data subjects are disclosed by third parties, such as news articles, are also used by OpenAI to train ChatGPT. However, verifying whether data subjects themselves are responsible for the disclosure of the information presented therein is often impossible in such cases, while, as stated by the ICO, data controllers should be ‘confident that it was the individual themselves who actively chose to make their special category data public’.¹⁵⁰ Furthermore, the situation becomes even more problematic in cases where a data subject, for example, deletes a Tweet or switches the account status from public to private, but the information presented in that Tweet remains available on other sources, which are then used by OpenAI to train ChatGPT.¹⁵¹ Similarly, the information presented on sources such as publicly accessible social media posts or personal blogs may contain personal data of individuals other than the owner of those accounts. In such cases, while the personal data of the owners of those accounts could be considered as manifestly made public ‘by the data subject’, provided that other conditions of Article 9(2)(e) GDPR are also met, the same cannot be said for the personal data of other individuals unless it is verified that they were responsible from the disclosure of that information. Although OpenAI states that ‘Web pages crawled with the GPTBot user agent (…) are filtered to remove sources that require paywall access, are known to primarily aggregate personally identifiable information (PII), or have text that violates our policies’,¹⁵² currently, there seems to be no reference to these specific concerns. Therefore, until OpenAI’s algorithms are smart enough to detect which personal data have been disclosed by data subjects themselves, it will be questionable whether the ‘by the data subject’ condition is met when OpenAI relies on Article 9(2)(e) GDPR to train ChatGPT with the publicly accessible online data.¹⁵³

Given all these explanations, it appears that OpenAI could only satisfy the ‘public’ condition of Article 9(2)(e) GDPR when it processes, for training ChatGPT, the personal data of individuals who are presented with privacy settings to disclose their personal data to the public. On the other hand, it is very unlikely these data will meet the high threshold of the ‘manifestly made’ condition, and, in certain cases, they are not disclosed ‘by the data subject’. Hence, the pool of personal data that is publicly accessible online and could be processed by OpenAI to train ChatGPT by relying on Article 9(2)(e) GDPR appears limited. This conclusion, however, may lead to questioning the lawfulness of OpenAI’s processing activities to train ChatGPT by using publicly accessible online data, as, to the best of our knowledge, there has been no clarification made by OpenAI that only this limited amount of personal data has been used for such purposes, a concern that applies for other LLM developers, too.

In the absence of such privacy settings

According to the CJEU, if data subjects are not presented with individual privacy settings to disclose their personal data to the public, Article 9(2)(e) GDPR could be used as the legal basis to process their data if they have explicitly consented to disclose their data to any person having access to the website or app in question based on the express information they have received.¹⁵⁴ This requirement also stems from the data protection by design and by default principle enshrined in Article 25 GDPR, which requires personal data not to be disclosed to an indefinite number of persons without the data subject’s intervention.¹⁵⁵ Accordingly, where data subjects are not presented with privacy settings regarding the disclosure of their sensitive personal data, such an intervention manifests itself as the explicit consent of these data subjects. Therefore, OpenAI should demonstrate that these individuals have explicitly consented to disclose their data to the public based on the express information they received to be able to process their data to train ChatGPT by relying on Article 9(2)(e) GDPR.

However, it is not an easy task since, in such cases, whether the explicit consent requirements were met is highly questionable, let alone the practical impossibility of OpenAI verifying this compliance. This is because, like the concerns defined in earlier sections, several practices may compromise the data subject’s explicit consent. For example, freely given consent requires data subjects to enjoy a high degree of autonomy when giving their consent; therefore, any compromising acts, such as nudging, should be avoided. In practice, however, this condition is not met in many cases since, for instance, data controllers use dark patterns to obtain the consent of their users.¹⁵⁶ Besides, data subjects often provide their consent by clicking on general options, such as ‘Accept all’. These practices force data subjects to accept all the processing purposes in bulk, which contradicts the specific consent requirement.¹⁵⁷ The informed consent requirement could also be compromised by the abovementioned shortcomings of privacy policies through which data subjects are informed about the processing activities and their implications. Yet, it should be noted that complying with this condition is especially crucial since the CJEU requires data subjects to provide their explicit consent based on the express information they receive. Lastly, in connection with the explicitness requirement, the unambiguous consent requirement could also be compromised when websites collect the consent of their users through pre-ticked boxes or consider inactivity or silence as consent.

Given these concerns, it can be argued that websites that do not provide their users with privacy settings regarding the disclosure of their personal data to the public but obtain their explicit consent for this disclosure by fully complying with its strict requirements could only represent a small percentage in practice. Whether and how OpenAI can identify these websites and their users who have explicitly consented to the public disclosure of their personal data is open for debate. Besides, even for these websites, as explained in earlier sections, it can be argued that the reasonable expectations of their users when disclosing their personal data to the public might prevent OpenAI from processing their personal data based on Article 9(2)(e) GDPR to train ChatGPT. Moreover, OpenAI should still verify that it was the data subjects themselves who ensured the public disclosure of the processed personal data due to the ‘by the data subject’ condition. These concerns, however, would seriously limit, again, the pool of personal data that OpenAI can process to train ChatGPT by relying on Article 9(2)(e) GDPR. As mentioned, OpenAI states that ‘Web pages crawled with the GPTBot user agent (…) are filtered to remove sources that require paywall access, are known to primarily aggregate personally identifiable information (PII), or have text that violates our policies’.¹⁵⁸ Yet, to the best of our knowledge, there has been no specific reference made by OpenAI that it filters and removes the personal data collected from websites that do not comply with these requirements when training ChatGPT with publicly accessible online data. Therefore, further clarification and scrutiny are required to ensure that only this limited amount of personal data that complies with the requirements of Article 9(2)(e) GDPR is being used for training ChatGPT, a concern that also applies to other developers.

In short, regardless of whether data subjects are presented with privacy settings to publicly disclose their personal data or not, it appears that only a small proportion of personal data that are publicly accessible online comply with the requirements of Article 9(2)(e) GDPR for them to be processed for training LLMs by relying on this legal basis. However, developers of these models appear to continue their race to process publicly accessible online data en masse and indiscriminately for training their LLMs. Accordingly, these practices could be called ‘data trawling’ given their similarities with the ‘bottom trawling’ technique used in fisheries.

‘Bottom trawling’ is a technique used for catching large numbers of (different types of) fish at once by dragging big, heavy nets on the sea floor. It is severely criticized for two main reasons. First, these nets catch large amounts of fish and other marine species indiscriminately without separating, or being able to separate, the targeted population from the others, which can also include protected populations. Secondly, the nets used for this technique can damage the seafloor, disturbing the habitat of many species living in those ecosystems. Therefore, this technique threatens ocean life and biodiversity, which has led to its ban or restriction in several marine areas worldwide.¹⁵⁹

‘Data trawling’ for training LLMs, and AI models in general, mirrors this technique and its implications. First, even though ‘data trawling’ may occur in the ‘public’ domain, corresponding to the cases where ‘bottom trawling’ takes place in the territories allowing this technique, it allows developers to indiscriminately process several types of (personal) data in bulk. The developers can only filter the personal data that comply with the requirements of Article 9(2)(e) GDPR only after the ‘data trawling’ has already been conducted and ‘where feasible’.¹⁶⁰ Secondly, ‘data trawling’ relies on scraping techniques such as crawlers, which are generally used by certain actors such as search engines, researchers, and academics. Therefore, it fundamentally challenges some of the Internet’s (the online habitat) unwritten rules.¹⁶¹ Hence, as explained in earlier sections, ‘data trawling’ for training LLMs is liable to cause certain chilling effects in the online world and infringe on the fundamental rights and freedoms of individuals whose personal data are subjected to this practice, especially those in creative professions. Consequently, these concerns raise questions about the legality and legitimacy of ‘data trawling’ for training LLMs, which also applies to developers using the same processing technique to train other AI models.

A possible way forward?

As demonstrated, OpenAI may not easily rely on the usual suspects, namely Article 9(2)(a) and (e) GDPR, for processing publicly accessible online data to train ChatGPT. Hence, OpenAI may try to circumvent the prohibition enshrined in Article 9(1) GDPR in another way that will allow it to continue these processing activities. While the GDPR has provisions allowing certain types of processing activities to rely on several exemptions and derogations, such as Article 2(2)(c) GDPR, which allows processing activities carried out by a natural person in the course of purely personal or household activity to escape from the GDPR’s material scope, and Article 85(2) GDPR, which is related to processing activities carried out for journalistic, academic, artistic, or literary expression, the processing activities conducted by OpenAI on publicly accessible online data to train ChatGPT do not fall within the scope these provisions.¹⁶² Nevertheless, OpenAI may try to find leeway through case law by piggybacking on the de facto exception created for search engine operators by the CJEU in its GC and others judgment.

In this case, the CJEU was asked to clarify whether the prohibition of processing sensitive personal data, enshrined in Article 9(1) GDPR, also applies to search engine operators having regard to their specific responsibilities, powers, and capabilities.¹⁶³ While answering this inquiry, the CJEU first underlined that, apart from its exceptions, this prohibition applies to all kinds of processing activities.¹⁶⁴ Therefore, it stated that search engine operators should ensure that their processing activities comply with the respective requirements of the EU data protection framework in the context of their responsibilities, powers, and capabilities.¹⁶⁵ The CJEU nevertheless stated that the specific features of the processing activities carried out by these operators may affect the extent of their responsibilities and obligations attached to sensitive data processing.¹⁶⁶ In this regard, the CJEU clarified that search engine operators are responsible for referencing webpages and specifically for displaying the links to those webpages in turn of a search carried out based on an individual’s name and are not responsible for the personal data in question to appear on those webpages.¹⁶⁷ Accordingly, it was decided that the prohibition on sensitive data processing and its restrictions apply to search engine operators only because of this referencing and thus via a verification based on de-referencing requests¹⁶⁸ of data subjects.¹⁶⁹

In this case, the referring court was further inquiring whether search engine operators could refuse de-referencing requests if it appears that the processing in question is covered by the exceptions enshrined in Article 9(2)(a) or (e) GDPR.¹⁷⁰ Regarding the first exception, Article 9(2)(a) GDPR, the CJEU acknowledged that it would not be practically possible for search engine operators to obtain the explicit consent of data subjects before the referencing took place and a de-referencing request should in any way be considered as the withdrawal of the data subject’s consent.¹⁷¹ Moving on to Article 9(2)(e) GDPR, the CJEU first underlined that this exception also applies to search engine operators, allowing them to rely on this legal basis to process the sensitive data and accordingly deny de-referencing requests if the processing activity in question relates to data that are manifestly made public by the data subject and complies with other obligations, such as data protection principles, to be considered lawful, unless where the data subject is still entitled to that de-referencing.¹⁷² It should be noted here that the CJEU did not further explain in this case what conditions personal data must meet to be considered manifestly made public by the data subject.

Although the referring court inquired only about these two exceptions, the CJEU went further and underlined that Article 9(2)(g) GDPR, which allows sensitive data to be processed where it is necessary for reasons of substantial public interest, based on Union or Member State law that is proportionate to the aim pursued, respects the essence of the right to data protection, and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject, could also be relied on by search engine operators.¹⁷³ In this context, the CJEU required search engine operators to examine whether the processing in question falls under Article 9(2)(g) GDPR by checking whether that processing appears to be strictly necessary for the enjoyment of the right of freedom of information of the Internet users and complies with the conditions set forth therein while answering to de-referencing requests related to it.¹⁷⁴

In sum, with its GC and others judgment, the CJEU allowed the verification of the lawfulness of sensitive data indexing by search engine operators to be conducted ex-post upon a de-referencing request, like a ‘notice and takedown’ procedure, due to the specific features of this processing activity and having regards to the responsibilities, powers, and capabilities of search engine operators.¹⁷⁵ In other words, the CJEU ‘de facto created an exception which is (…) only applicable to search engine operators’.¹⁷⁶ Such an approach derived from the practical impossibility of ex-ante compliance checks by search engine operators regarding whether the indexed webpages contain sensitive personal data and, if so, which legal basis could be used to process them.¹⁷⁷ However, by doing so, the CJEU significantly lowered the high(er) protection afforded to sensitive personal data by effectively letting search engine operators circumvent the prohibition imposed on their processing. It is, nevertheless, quite understandable that the CJEU tried to provide an alternative and pragmatic solution to the problem it had to deal with, the reconciliation of the right to protection of personal data and the freedom of expression and information in the context of indexing of webpages by search engines, considering the severity of the potential implications of giving a contrasting interpretation, such as obliging search engine operators to check ex-ante and systematically whether their search results display websites processing sensitive data, which was considered ‘neither possible nor desirable’ by Advocate General Szpunar in his opinion.¹⁷⁸

It must be underlined here that, in line with the relevant European Court of Human Rights case law,¹⁷⁹ the CJEU has already acknowledged that the Internet has become one of the means of exercising the right to freedom of expression and information of the public.¹⁸⁰ In this regard, websites, particularly online content-sharing platforms, were considered to play an essential role in, among others, facilitating the dissemination of information.¹⁸¹ It was argued that by recognizing search engine operators as ‘actors diffusing and making available the information generated by others’ in this judgment, the CJEU kept pace with the changing trends regarding the online dissemination of information.¹⁸² In other words, the CJEU considered the activities of search engines in ‘finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference’¹⁸³ are of crucial importance for the enjoyment of the freedom of information of the Internet users. Therefore, this de facto exception finds its root in Recital 4 GDPR, which was explicitly referred to in the GC and others judgment and states that ‘The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.’

However, some authors have voiced their concerns on this de facto exception by underlining that search engine operators could (continue to) process sensitive personal data without relying on a (valid) legal basis in the absence of de-referencing requests.¹⁸⁴ Most importantly, it was speculated that data controllers who also process publicly accessible online data with similar methods, for example crawling, could try to piggyback on this exception created for search engine operators, which may put the effective and full protection of data subjects and legal certainty principle at stake.¹⁸⁵

It may be that OpenAI will become one of those who try to piggyback on this de facto exception. In fact, such a scenario may not be that far-fetched, considering that OpenAI’s updated privacy policy refers to the legitimate interest of the broader society in their processing activities related to training and improving ChatGPT.¹⁸⁶ Furthermore, when individuals who do not have an OpenAI account want to ‘Make a Privacy Request’ and ask OpenAI to remove their personal data, OpenAI states that:

Under certain privacy or data protection laws, such as the GDPR, you may have the right to object to the processing or request removal of your personal data from OpenAI’s models or products. (…) OpenAI will verify and consider your request, balancing privacy and data protection rights with public interests like access to information, in accordance with applicable law.¹⁸⁷

This procedure, however, highly resembles the ‘de-referencing procedure’ established in the GC and others judgment. Moreover, in its recently published report on the work undertaken by the ChatGPT Taskforce, the EDPB, regarding the lawfulness of OpenAI’s processing activities to train ChatGPT with publicly accessible online data, stated that: ‘In the present context, where large amounts of personal data are collected via web scraping, a case-by-case examination of each data set is hardly possible.’¹⁸⁸ All these indicate that OpenAI may soon claim that the de facto exception created for search engine operators also applies to its processing activities when training ChatGPT with publicly accessible online data.

However, such a claim may not be easily accepted since there are certain differences between the responsibilities, powers, and capabilities of search engine operators and developers of LLMs, as well as the specific features of processing activities conducted for indexing webpages and training ChatGPT with publicly accessible online data. Before mentioning such differences, nevertheless, it should be acknowledged that there are indeed some similarities between search engines and LLMs. For example, while search engines use methods such as crawling to find and index online information, similar methods are used to train LLMs with publicly accessible online data. Most importantly, both tools could be used to access the information.

Yet, there are also fundamental differences between search engines and LLMs. First and foremost, search engines, in principle, act solely as intermediaries between users and the source of information, meaning that search engines, in principle, do not make any alterations to the indexed information. In other words, search engines allow users to reach the ‘unprocessed’ information. On the other hand, LLMs further process publicly accessible online data to, among others, learn connections between words to generate their answers by predicting the words most likely to follow each other. Hence, they present their users with ‘processed’ information, which, as explained above, sometimes appears inaccurate. Therefore, it can be argued that LLMs go beyond being solely an intermediary between the source of information and the user since there is a (possible) alteration of the information throughout the process. Secondly, while there are certain legal and technical ways to prevent search engines from indexing particular information, the same cannot be easily said for LLMs, at least for now. In connection with this point, thirdly, it should be underlined that search engine results are more accessible and less variable compared to answers provided by LLMs. These differences, however, hold crucial importance when determining whether LLMs could piggyback on the de facto exception created for search engines. This is because, with this de facto exception, the CJEU effectively obliged data subjects to take an active role in protecting their interests by sending de-referencing requests to search engine operators.¹⁸⁹ While it may be practically possible for data subjects to check whether and which of their personal data are indexed by search engines, the same cannot be said for answers provided by LLMs, given the accessibility issues, e.g., paid services, and, more importantly, the randomness and variety of the answers generated by LLMs. In other words, data subjects cannot easily check whether and how LLMs are using their personal data and intervene where necessary as easily as they can do so for search engines, which may adversely affect their right to protection of personal data.¹⁹⁰

Given these differences, it seems unlikely for OpenAI to piggyback on this de facto exception. In fact, the fact that OpenAI’s processing activities to train ChatGPT with publicly accessible online data has already started to be scrutinized by several DPAs, including the establishment of the dedicated task force on ChatGPT by EDPB, decreases the possibility of OpenAI relying on such a ‘laissez-faire’ interpretation. Even in the scenario where OpenAI relies on this de facto exception, it should be underlined that OpenAI should demonstrate the valid legal basis ex-post, as otherwise, its processing activities would be considered unlawful.¹⁹¹ In other words, if we apply the conclusions of the GC and others judgment in this context, when data subjects send ‘de-referencing’ requests to OpenAI, it should evaluate whether the personal data in question falls under the exceptions covered by Article 9(2)(a), (e), or (g) GDPR. As explained above, while it is not practically possible for OpenAI to obtain the explicit consent of individuals whose publicly accessible online data are used for training ChatGPT, the ‘de-referencing’ request should be in any way interpreted as the withdrawal of the data subject’s consent. Furthermore, the analysis provided in earlier sections demonstrated that, in some instances, it would be unlikely for OpenAI to meet the conditions of Article 9(2)(e) GDPR when processing publicly accessible data to train ChatGPT. This, however, leaves Article 9(2)(g) GDPR as the most feasible exception that OpenAI could rely on in such cases. This means that if OpenAI piggybacks on this de facto exception and receives a “de-referencing” request from a data subject, the most feasible option for OpenAI to deny such a request would be to demonstrate that the processing in question is strictly necessary for the enjoyment of the freedom of information of the Internet users and compliance with the conditions outlined in Article 9(2)(g) GDPR.

However, this may not be an easy task for OpenAI. This is because, to demonstrate compliance with Article 9(2)(g) GDPR, OpenAI should attest to the substantial public interest pursued with the processing in question. Indeed, in the GC and others judgment, the CJEU acknowledged the enjoyment of the right of freedom of information of Internet users as such.¹⁹² However, in the following TU, RE v Google LLC¹⁹³ judgment, the CJEU explicitly stated that the right to inform and be informed could not include the right to disseminate and have access to inaccurate information.¹⁹⁴ In this context, it should primarily be underlined that OpenAI’s privacy policy provides an explicit note about accuracy, which states that:

Services like ChatGPT generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. (…) Given the technical complexity of how our models work, we may not be able to correct the inaccuracy in every instance.¹⁹⁵

Moreover, the Italian DPA also used this inaccuracy issue to substantiate its ban on ChatGPT in early 2023.¹⁹⁶ Accordingly, it is open to debate whether and to what extent OpenAI could claim that its processing activities conducted on publicly accessible online data to train ChatGPT are strictly necessary for the enjoyment of the freedom of information of Internet users due to this unsolved inaccuracy problem.

Even in a case where these processing activities are considered to be strictly necessary for such purposes, OpenAI would have to demonstrate compliance with other conditions enshrined in Article 9(2)(g) GDPR, which requires the processing activities to be based on a Union or Member State law which is proportionate to the aims pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subjects. In the GC and others case, partly due to the framing of the questions referred to, the CJEU did not engage further with these conditions, leaving the discussion on whether there is any such law that search engines could rely on somewhat ‘glossed over’.¹⁹⁷ It should be noted here that, as per Article 85(1) GDPR, Member States are obliged to reconcile by law the right to the protection of personal data with the right to freedom of expression and information, and it is further argued that these laws should be formulated per the conditions outlined in Article 9(2)(g) GDPR when such reconciliation is related to the processing of sensitive data.¹⁹⁸ Yet, Erdos reported in 2021 that only a few Member States passed specific laws in their legislation as per Article 85(1) GDPR, while the adequateness of these laws appeared as another concern.¹⁹⁹ The absence of such specific laws, however, could put the validity of reliance on Article 9(2)(g) GDPR by OpenAI at stake. Although Erdos opines that Article 11 of the Charter of the Fundamental Rights of the European Union and constitutional provisions in Member State laws could be used in the absence of such specific laws, he nevertheless underlines the need for appropriately balanced and safeguarded processing activities in such cases.²⁰⁰ In light of the concerns mentioned in earlier sections of this article, it is open to debate whether and to what extent processing activities conducted on publicly accessible online data to train LLMs comply with these requirements in their current form. Furthermore, as the CJEU underlined in the Google v CNIL²⁰¹ judgment, balancing these competing rights would differ across Member States, which may cause fragmentation.²⁰² Besides, some cases have been reported in which DPAs declared sensitive data processing activities based on Article 9(2)(g) GDPR unlawful due to inexistent or inadequate Member State laws.²⁰³ Accordingly, it can be argued that even such specific Member State laws could only provide unreliable legal grounds for OpenAI to process publicly accessible online data to train ChatGPT, as their inconsistency and quality are liable to pose practical and legal challenges.

In sum, even if OpenAI relies on the de facto exception granted to search engine operators in the GC and others judgment, whether and to what extent it could demonstrate the valid legal basis for the processed data appears questionable, which could prevent this possibility in the first place. However, this outcome could jeopardize an emerging and promising business model, which may oblige the enforcers of the EU data protection framework to look for alternatives, as the CJEU did in the GC and others judgment. Such a solution, on the other hand, could put the legal certainty principle and the effective and full protection of the right to data protection at stake.

It takes a village

As illustrated through the case of ChatGPT, one of the biggest battles in EU data protection law will soon be finding, if it exists, the proper legal basis for training LLMs with publicly accessible online data. However, even when such a legal basis is found, each stakeholder has certain obligations to prevent the abuse and misuse of personal data that is used for training these models and to strike a proper balance between competing interests without hindering innovation.

First, the developers of LLMs should adhere to all data protection principles. In this regard, respecting the transparency obligations is of crucial importance. Accordingly, these developers should provide the required information about their processing activities to all data subjects indiscriminately. While these developers could enjoy several exemptions to this obligation, such as the one enshrined in Article 14(5)(b) GDPR, by claiming that providing such information proves impossible or requires disproportionate effort given the vast number of data subjects,²⁰⁴ it should be underlined that they would still be obliged to take certain measures, for example making the information about their processing activities publicly available, to protect the fundamental rights and freedoms of these individuals. Relating to this point, it should be recalled that the Italian DPA requested OpenAI to present a notice on its website describing its processing activities to its users and beyond.²⁰⁵ Moreover, OpenAI was asked to run a non-marketing information campaign on Italian mass media to inform Italians about its processing activities.²⁰⁶ Similarly, the developers of LLMs should come up with effective strategies to inform the public about their processing activities.

Most importantly, compliance with the data protection by design and by default principle throughout the lifecycle of LLMs should be ensured. As explained in earlier sections, the vast amount of data processed to train these models has already led to serious concerns and legal disputes. Therefore, it appears, in fact, as a necessity and a priority for developers of these models to comply with this principle to continue their operations. In fact, such efforts would also lead them to comply with data minimization and purpose limitation principles, which oblige only the required and limited amount of personal data to be processed for specific purposes outlined at the beginning of processing activities.²⁰⁷ Eventually, like Google tailored its practices regarding Street View as a result of the privacy concerns voiced against it by, for example, introducing options to blur, among others, houses, bodies, and license plates,²⁰⁸ developers of LLMs should come up with technical strategies to only process personal data that comply with the data protection requirements and to ‘unlearn’ those that contradict these requirements. Lastly, OpenAI mentions that ‘We have also completed a data protection impact assessment to help ensure we are collecting and using [the personal information that is included in training information] legally and responsibly.’²⁰⁹ Although not mandatory, it may be useful for OpenAI and other developers to disclose their data protection impact assessment reports or summaries to ensure data subjects understand how their personal data are processed and assess how the related risks are mitigated.

While they have limited abilities to prevent scraping activities,²¹⁰ operators of websites that are used for extracting data to train LLMs also bear certain obligations to adhere to data protection principles, specifically data protection by design and by default.²¹¹ In this regard, they, especially those processing sensitive data, should inform their data subjects effectively about attached risks, for example unrelated further processing, when disclosing their personal data. To mitigate such risks, they might consider also implementing scraping-preventive measures.²¹² In fact, it is reported that, at the time of the writing of this article, around 25 per cent of the Top 1000 websites have already blocked GPTBot, including websites such as Amazon, Quara, and Indeed.²¹³

Data subjects may also take certain measures to protect their rights and interests. For example, the ‘Joint statement on data scraping and the protection of privacy’ issued by 12 DPAs from around the world states that data subjects should carefully read the information provided by controllers, especially regarding disclosure policies, to make informed decisions by having a long-term vision about making their personal data accessible online. Furthermore, data subjects are advised to be mindful of the types and amount of personal data they share online to mitigate the risks if their personal data are further processed for unrelated or malicious purposes.²¹⁴

Lastly, regulators and DPAs should ensure legal clarity for all stakeholders involved. They should, for example, oblige developers of these models to provide more transparency regarding their operations to understand whether and to what extent they respect data protection principles and obligations. In this regard, the EDPB’s recent efforts in creating a special task force on ChatGPT to foster cooperation and exchange information on possible enforcement actions conducted by DPAs should be appreciated.²¹⁵ Through such initiatives, guidance should be provided on currently unclear matters, such as the proper legal basis to process personal data for training these models. Likewise, with the increasing awareness about the potential implications of further (unrelated) uses of publicly accessible online data, stricter scrutiny should be ensured for data controllers disclosing these data to the public, especially those who process sensitive personal data.

Conclusions

Since its launch in November 2022, ChatGPT has been the hottest topic of data protection discussions and beyond. While too much is expected from ChatGPT and LLMs in general, serious concerns have been raised regarding their risks, such as privacy and data protection concerns, copyright infringements, spreading misinformation, and cheating in examinations. Therefore, finding the perfect balance when regulating LLMs to allow and foster innovation without hindering fundamental rights and freedoms holds crucial importance.

To that end, this article addressed one of the primary data protection concerns by taking ChatGPT as a case study: whether there is a valid legal basis for processing publicly accessible online data to train LLMs. Although this question has been examined through Article 6 GDPR so far, given the recent judgments of the CJEU that shed light on what constitutes sensitive data and which regime applies when sensitive and non-sensitive data are processed en bloc, it appeared as Article 9 GDPR should be visited instead to answer this question. Accordingly, the article evaluated whether OpenAI could rely on Article 9(2)(a) GDPR, which allows sensitive data to be processed based on explicit consent of the data subject, or Article 9(2)(e) GDPR, which allows personal data that is manifestly made public by the data subject to be processed, for training ChatGPT with publicly accessible online data. As it was argued that it would be practically very hard, if not impossible, for OpenAI to obtain the explicit consent of probably millions of individuals subjected to these processing activities, Article 9(2)(e) GDPR appeared as the most suitable exception for OpenAI.

When the test developed by the CJEU in the Meta v Bundeskartellamt case applied to the processing activities in question, however, it was revealed that only a limited amount of personal data that is publicly accessible online could actually meet the criteria to be considered as ‘manifestly made public by the data subject’. Hence, the article called for further clarification to understand whether OpenAI processes only this limited amount of personal data that complies with those requirements to train ChatGPT and underlined that the lawfulness of these processing activities would be at stake until such clarity is ensured, which is a concern that also applies to other developers who follow the same approach to train their models.

At this point, the article speculated about a possible way forward and explored whether OpenAI could piggyback on the de facto exception created in the CJEU jurisprudence for search engine operators regarding sensitive data processing. Although there are already some indications that OpenAI may soon follow this path, the article argued that it may not be a very strong case given the differences between the responsibilities, powers, and capabilities of search engine operators and developers of LLMs, as well as the specific features of processing activities conducted for indexing webpages and training ChatGPT with publicly accessible online data. Furthermore, some legal uncertainties that might compromise the lawfulness of processing activities conducted on publicly accessible online data to train ChatGPT were underlined even where OpenAI relies on this de facto exception. Lastly, the article provided an overview of the obligations of all stakeholders involved to ensure that LLMs are developed responsibly until and even after the proper legal basis to train them with publicly accessible online data is found.

Consequently, it is safe to assume that the search for the proper legal basis for training LLMs with publicly accessible online data will be ‘the next big thing’ in the EU data protection framework. While there are indeed other data protection-related issues attached to these models, naturally, addressing all these concerns is beyond the aims and limitations of this article. Nevertheless, it should be underlined here that OpenAI states that ‘we believe that society must have time to update and adjust to increasingly capable AI, and that everyone who is affected by this technology should have a significant say in how AI develops further.’²¹⁶ Indeed, LLMs could fulfil their promises without hindering our fundamental rights and freedoms only through cooperation between all stakeholders. Therefore, at the climax of the EU’s efforts to regulate artificial intelligence, I hope the outcomes of this research will trigger a broader social, cultural, and political dialogue to understand what constitutes ‘public’ in the digital sphere today and whether and to what extent could this sphere be exploited for commercial purposes as it is not just a legal question.

I would like to thank my supervisors Professor Eleni Kosta and Professor Paul de Hert for their valuable comments on an earlier version of this article.

Footnotes