OpenAI launched data residency in Europe on Thursday, allowing European organizations to comply with local data sovereignty requirements when using the company's AI products, TechCrunch reports, UNN writes.
Details
Data residency refers to the physical location of an organization's data, as well as the local law and policy requirements that apply to that data. Most tech giants and cloud service providers offer European data residency programs that help customers comply with European local privacy and data protection laws, such as the GDPR, the German Federal Data Protection Act, and the UK Data Protection Act.
Starting Thursday, OpenAI customers using the company's API can choose to process data in Europe for "eligible endpoints," and new ChatGPT Enterprise and Edu customers can choose to store client content in Europe. Data at rest refers to data that is not actively moving between networks or being accessed.
OpenAI states that by enabling European data residency, API requests will be processed by OpenAI in a zero data retention region, meaning that the AI model's requests and responses will not be stored on the company's servers. If you enable this feature for OpenAI's AI-powered chat platform, ChatGPT, customer information, including ChatGPT conversations, user requests, images, uploaded files, and custom bots, will be stored in the region, according to OpenAI.
OpenAI notes that currently, European data residency can only be configured for new projects using the company's API. Existing projects cannot be updated to obtain European residency.
AddendumAddendum
European data regulators have approached OpenAI in the past for what they claimed was potential non-compliance with local data laws. Spain and Germany, among other countries, have initiated audits of OpenAI ChatGPT's data processing practices, and in December, the Italian data protection watchdog, which had previously briefly blocked ChatGPT, fined the company €15 million ($15.6 million) for allegedly violating European consumer data protection requirements.
Early last year, a task force of the European Data Protection Board, the European body that ensures the uniform application of data protection rules across the EU, published a report designed to guide member states' data protection authorities in their investigation of ChatGPT. The report touched upon topics such as the legality of ChatGPT's data collection for training purposes, transparency, and data accuracy.