6. The Rigidity of Rectification: An Oversight in User Data Management

Risk: Fines for Infringement of Data Subject Rights, Including Access and Rectification

One area where ChatGPT falls short in GDPR compliance is in facilitating users’ right to rectify their data. Article 16 of the GDPR unequivocally states that individuals have the right to correct any inaccurate personal data about themselves.
Article 16 EU GDPR:  The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.[2]
In the ChatGPT system, your email is tethered to a unique token that identifies your activity on the platform. Currently, if you change your email — which is often linked to your phone number — the platform offers no straightforward way to update this information.

Best Practices: Enable Email Address Flexibility

Users should be able to effortlessly update their associated email addresses. Streamlining this process not only enhances user experience but also brings the platform into compliance with GDPR’s Article 16, concerning the right to data rectification.

UI Note for Compliance:

“To change the email linked to your account, simply follow this link: [Link to Change Email]. The procedure is reversible and designed for utmost simplicity, aligning with Article 16 of the GDPR.”