Noyb, a digital rights group, submitted a formal complaint to Norway's data protection authority (Datatilsynet) in March 2025, claiming ChatGPT violated European data protection regulations by fabricating a serious criminal accusation against Arve Hjalmar Holmen.
The complaint centers on a shocking AI-generated claim that Holmen murdered his children—a statement with absolutely no basis in reality. Holmen has no criminal record and was completely unaware of the false narrative until being informed about the AI-generated allegation.
According to the complaint, OpenAI reportedly refused Holmen's request to remove the fabricated information, citing technical limitations in correcting AI-generated content. This response potentially breaches the General Data Protection Regulation's (GDPR) requirements for data accuracy and individual rights.
The legal action could result in substantial financial penalties, with potential fines reaching up to 4% of OpenAI's global revenue. This follows previous European enforcement actions, including a €15 million fine imposed by Italian regulators in 2023 for improper data handling.
Noyb has previously challenged OpenAI's data practices, including a 2024 Austrian case involving false biographical information about a public figure. These efforts highlight ongoing regulatory concerns about generative AI's potential to spread misinformation.
OpenAI has acknowledged the challenges raised by Noyb's claims, but has not provided a solution to the problems. The company admits that "factual accuracy in large language models remains an area of active research" and that it is currently unable to correct inaccurate information generated by ChatGPT.
OpenAI also stated that it cannot trace the sources of data or fully disclose what personal data is stored about individuals, citing technical limitations. These admissions have been criticized by Noyb as evidence of non-compliance with the GDPR's requirements for data accuracy, transparency, and the right to rectification or erasure.
“It is clearly possible to keep records of training data that was used at least have an idea about the sources of information. It seems that with each ‘innovation,’ another group of companies thinks that its products don’t have to comply with the law,” Maartje de Graaf, a data protection lawyer at Noyb, commented in a public statement.
