OpenAI and Microsoft face class action lawsuit for allegedly violating copyright and privacy laws 

OpenAI, the company behind GPT and ChatGPT, is being sued for allegedly violating copyright and privacy laws when it scraped the internet to train its groundbreaking AI technology. The claim is also being brought against Microsoft, which has an exclusive partnership with OpenAI and has invested over $10bn in the San Francisco-headquartered company. 

California firm Clarkson Law Firm is bringing a class action against OpenAI and Microsoft, alleging violation of a raft of legislation, including the Electronic Communications Privacy Act; Computer Fraud and Abuse Act; and the California Invasion of Privacy Act. Clarkson also alleges violation of the California Unfair Competition Law, Business and Professions Code. 

Clarkson, of behalf of 16 plaintiffs and others in the class action, alleges that in developing ChatGPT, image generator Dall-E and voice chatbot Vall-E (collectively referred to as ‘the Products’), the defendants used “stolen private information” including personally identifiable information from hundreds of millions of users, including children, without their knowledge or consent. The claim also alleges that the defendants continue to “unlawfully collect and feed additional personal data from millions of unsuspecting consumers worldwide, far in excess of any reasonably authorised use, in order to continue developing and training the Products.” 

The claim focuses heavily on the risk that AI presents to humanity and says that OpenAI was originally founded as a nonprofit research organisation with the mission to create AI that could be used for the benefit of humanity, but that it has pivoted to become a for-profit business pursuing “commercial opportunities of a staggering scale.” 

It alleges that the defendants rushed the Products to market without proper safeguards or controls, saying: “Historically, the unchecked release of new technologies without proper safeguards has caused chaos. Now again, we face imminent and unreasonable risks of the very fabric of our society unravelling, at the hands of profit-driven, multibillion-dollar corporations.” 

A further concern raised is the fact that the Products are being incorporated into “an ever-expanding roster of applications and websites, through either API or plug-ins,” meaning that “Defendants created and continue to create economic dependency within our society, deploying the tech directly into the hands of society and embedding it into the fundamental infrastructure as quickly as possible.” 

The claim urges that the Defendants must be stopped from their alleged privacy violations and required to put in place immediate safeguards including transparency under which they disclose the data being collected, when and where it is from, and how it is being stored, handled, protected and used. The claim asks that the developers of the Products be barred from further commercial deployment in absence of ethical principles and guidelines and until the plaintiffs are compensated for “the stolen data.” 

In addition to damages to be determined at trial, see below for the full list of relief sought by the claim. 

We have reached out to both OpenAI and Microsoft for comment. 

Prayer for relief 

Injunctive relief in the form of a temporary free on commercial access to and commercial development of the Products until such time as Defendants can demonstration completion of some or all of the following to the Court’s satisfaction: 

  1. Establishment of an independent body of thought leaders (the “AI Council”) who shall be responsible for approving uses of the Products before, not after, the Products are deployed for said uses;
  1. Implementation of Accountability Protocols that hold Defendants responsible for Product actions and outputs and barred from further commercial deployment absent the Products’ ability to follow a code of human-like ethical principles and guidelines and respect for human values and rights, and until Plaintiffs and Class Members are fairly compensated for the stolen data on which the Products depend;
  1. Implementation of effective cybersecurity safeguards of the Products as determined by the AI Council, including adequate protocols and practices to protect Users’ PHI/PII collected through Users’ inputting such information within the Products as well as through Defendants’ massive web scraping, consistent with the industry standards, applicable regulations, and federal, state, and/or local laws;
  1. Implementation of Appropriate Transparency Protocols requiring Defendants to clearly and precisely disclose the data they are collecting, including where and from whom, in clear and conspicuous policy documents that are explicit about how this information is to be stored, handled, protected, and used; 
  1. Requiring Defendants to allow Product users and everyday internet users to opt out of all data collection and stop the illegal taking of internet data, delete (or compensate for) any ill-gotten data, or the algorithms which were built on the stolen data;
  1. Requiring Defendants to add technological safety measures to the Products that will prevent the technology from surpassing human intelligence and harming others;
  1. Requiring Defendants to implement, maintain, regularly review and revise as necessary, a threat management program designed to appropriately monitor Defendants’ information networks for threats, both internal and external, and assess whether monitoring tools are appropriately configured, tested, and updated;
  1. Establishment of a monetary fund (the “AI Monetary Fund” or “AIMF”) to compensate class members for Defendants’ past and ongoing misconduct to be funded by a percentage of gross revenues from the Products;
  1. Appointment of a third-party administrator (the “AIMF Administrator”) to administer the AIMF to members of the class as “data dividends” as fair and just compensation for the stolen data on which the Products depend;
  1. Confirmation that Defendants have deleted, destroyed, and purged the PII/PHI of all relevant class members unless Defendants can provide reasonable justification for the retention and use of such information when weighed against the privacy interests of class members; and
  1. Requiring all further and just corrective action, consistent with permissible law and pursuant to only those causes of action so permitted.