OpenAI plans to shift European data control to Ireland for GDPR compliance
OpenAI shifts European data control to Ireland, aiming for GDPR compliance and regulatory ease amid regional disputes, post-Dublin office.
OpenAI intends to designate its Irish subsidiary, OpenAI Ireland Limited, as the official data controller for customers in the European Economic Area (EEA) and Switzerland. The company seeks to enhance General Data Protection Regulation (GDPR) compliance oversight by relocating its European data processing to Ireland, where it will be monitored by the Irish Data Protection Commission (DPC). This strategic move, set to be implemented on 15 February 2024, aligns with OpenAI’s goal of minimizing regulatory challenges in the EU, particularly in response to data protection disputes in Italy and Poland, following the establishment of its Dublin office in September 2023.
Why does it matter?
After Italy’s suspension in April 2023 and the subsequent scrutiny by the European Data Protection Board (EDPB), concerns have arisen about OpenAI’s compliance with GDPR. The move to obtain main establishment status in Ireland limits the autonomy of privacy watchdogs in other the EU countries to address concerns independently. Complaints must be referred to the lead authority, the Irish Data Protection Commission (DPC), for review. Although other regulators can intervene in urgent situations, such interventions are typically temporary, emphasizing the concentration of GDPR oversight through the lead authority.