Summary: OpenAI is being accused by Canadian privacy regulators of scraping and using personal data too broadly, without sufficient consent, transparency, accuracy controls, deletion rights, or safeguards before launching ChatGPT.

The issue is not just Canadian: similar concerns can arise wherever AI companies train models on public or user data, especially under GDPR-style privacy regimes, consumer protection law, children’s safety rules, and sector-specific regulation.

If regulators do nothing, “scrape first, fix later” becomes the industry norm, weakening privacy rights, increasing reputational harm, and making trusted AI adoption in healthcare, education, research, finance, and government far harder.

Scrape First, Govern Later: The Privacy Bill Coming Due for OpenAI

by ChatGPT-5.5

The Canadian privacy finding is not an isolated media controversy. It is one of the clearest official statements so far that frontier AI development has collided with privacy law at the level of training data, user prompts, model outputs, individual rights, retention, and corporate accountability. The attached Global News article reports that Canada’s federal privacy commissioner, together with privacy regulators in Quebec, British Columbia, and Alberta, found that OpenAI’s initial development and deployment of ChatGPT involved overly broad data collection and insufficient privacy safeguards, while OpenAI disagreed with the findings but committed to additional protections. The official Canadian report corroborates this: the regulators concluded that the initial training of ChatGPT was not compliant with their respective privacy laws and identified overcollection, lack of valid consent and transparency, factual inaccuracies, access/correction/deletion problems, and lack of accountability.

The important nuance is that the Canadian investigation focused on GPT-3.5 and GPT-4, the models powering ChatGPT when the inquiry began, and did not directly assess later models or OpenAI’s image/video services, although the regulators said the findings remain relevant to those products. OpenAI’s own response also matters: it published a Canada-facing privacy explanation on May 6, 2026, saying ChatGPT may be trained on publicly available information, partner-accessed information, and user/contractor/researcher-provided information, and that it now uses safeguards such as a privacy filter and user controls. In other words, the dispute is not whether OpenAI uses broad categories of data; it is whether the way that data was collected, used, disclosed, retained, corrected, and explained complied with privacy law and reasonable expectations.

The full list of issues OpenAI is being accused of

1. Overbroad collection of personal information. Canadian regulators found that OpenAI’s initial collection from publicly accessible websites and licensed third-party sources was “overbroad” and inappropriate, especially because sources such as social media and discussion forums can contain children’s information, political views, health information, rumours, and false statements about people.

2. Treating “publicly accessible” as if it were legally or socially free to use. A central finding is that “publicly accessible” is not the same as “publicly available” under Canadian privacy law. Regulators rejected the idea that people would reasonably expect blog posts, forum posts, or social media content to be scraped at scale for model training.

3. Lack of valid consent. The regulators found that OpenAI failed to obtain valid consent for collecting, using, and disclosing personal information for model development. They specifically rejected reliance on implied consent where the information was sensitive or the use fell outside reasonable expectations.

4. Use of ChatGPT interactions for training without sufficiently clear expectations. Regulators also found that users were not adequately informed that their interactions could be used for model training, including possible human review, and that this use fell outside many users’ reasonable expectations at launch. Quebec’s regulator additionally found that the free web version insufficiently informed users and that privacy settings should have defaulted to the most protective option.

5. Disclosure of personal information through outputs. OpenAI acknowledged that, in some circumstances, models could disclose personal information in response to prompts. Regulators found that OpenAI’s internal categories of “sensitive or private information” were narrower than the legal concept of personal information, which can include opinions or rumours about individuals.

6. Insufficient transparency about training data and model operation. The regulators found that OpenAI’s privacy communications were generally accessible and written in plain language but still incomplete or unclear on key points, especially the categories and sources of personal information in training datasets.

7. Inaccurate personal information and hallucinated facts. Regulators found that OpenAI had not validated the general accuracy of personal information generated in model outputs. They also found warnings insufficiently prominent and noted that GPT-3.5 did not provide source links, while GPT-4 provided them inconsistently when browsing was triggered.

8. Weak access rights. OpenAI’s export tool was found not to provide all personal information held or disclosed about a user in every case, and the process for requesting more information was not sufficiently accessible. Training datasets posed an even harder problem because OpenAI would only provide access where it could verify that the information uniquely related to the requestor.

9. Weak correction rights. OpenAI’s practical response to inaccurate personal information was often a blocklist-style remedy: if it could not correct the model, it could try to prevent certain verified personal information from appearing in outputs. Regulators accepted this as pragmatic but found gaps where OpenAI could not verify that the information related to the requestor.

10. Weak deletion or “unlearning” rights. OpenAI represented that untraining or reverse-training an LLM to remove specific personal information is not currently feasible. Regulators treated that as a major rights problem: if a company builds a system in a way that makes deletion technically difficult, that difficulty cannot simply erase the person’s legal rights.

11. Inadequate retention and disposal rules. The regulators found that OpenAI released the models without having finalized a formal retention and deletion policy for personal information and lacked a retention schedule for unstructured data collected from public websites.

12. Lack of accountability before launch. The most damaging governance allegation is that OpenAI deployed ChatGPT after indiscriminately collecting personal information from millions of Canadians, without valid consent, without first establishing the accuracy level of personal information in outputs, and without a finalized retention policy. The report highlights a “launch first, fix later” pattern.

13. Children’s privacy. Children’s data appears in the case in several ways: scraped social/forum data may include children’s personal information; the Canadian commitments include testing protective measures for minor family members of public figures; and, in Europe, Italian regulators separately accused OpenAI of lacking age-verification mechanisms that could expose under-13s to inappropriate responses.

14. Jurisdictional resistance. OpenAI challenged Canadian jurisdiction, including by arguing that it lacked an establishment or employees in Canada before launch. The Canadian regulators rejected that position, emphasizing that a company can have a real and substantial connection to Canada through online services, Canadian users, paid subscriptions, cross-border data flows, and Canadian-derived training data.

Is this likely to become an issue in other countries? Yes — and it already has

Canada is not inventing a new problem. It is giving formal privacy-law language to a pattern already visible in Europe and the United States. The European Data Protection Board’s ChatGPT taskforce said LLMs are trained and enhanced using huge amounts of data, including personal data, and that personal-data processing in LLMs must comply with the GDPR. It also emphasized that technical impossibility cannot be used to justify non-compliance, especially where data protection by design should have been considered from the start.

The EU taskforce identified the same structural pressure points: web scraping may capture special-category personal data; legal bases such as legitimate interest require necessity and balancing tests; safeguards may include excluding public social media profiles, deleting or anonymizing personal data before training, and filtering special-category data. It also warned that ChatGPT’s probabilistic output mechanism can produce biased or made-up personal information that users may treat as factual, and that transparency warnings alone are not enough to satisfy the data accuracy principle.

Italy is a live warning sign, although procedurally complicated. The Italian data protection authority announced in December 2024 that it had found OpenAI failed to notify a March 2023 data breach, lacked an adequate legal basis for training on users’ personal data, violated transparency obligations, and failed to provide age-verification mechanisms; it ordered a public information campaign and imposed a €15 million sanction. The same official page now notes that the underlying decision was temporarily removed after a March 2026 Rome court judgment upholding OpenAI’s appeal against the authority’s decision, so it should be treated as evidence of regulatory concern, not as a settled final precedent.

The United States has approached the issue through consumer protection rather than comprehensive privacy law. The FTC opened an investigation into OpenAI in 2023 over whether its practices put personal reputations and data at risk, including how it addressed false, misleading, or disparaging statements about real people and data-security risks. Civil society complaints have pressed similar points: noyb filed GDPR complaints alleging that ChatGPT produced false personal information and that OpenAI could not properly correct it or explain the underlying data source.

This will become an issue in any country with privacy, consumer protection, children’s safety, biometric, defamation, or data-protection rules. The legal label will vary. In Europe, it becomes GDPR compliance, lawful basis, special-category data, accuracy, and rights of access/rectification/erasure. In Canada, it becomes PIPEDA and provincial privacy law modernization. In the U.S., it becomes unfair or deceptive practices, product safety, reputational harm, children’s protection, and possibly sectoral privacy. In other jurisdictions, it may surface through data localization, cybersecurity, online safety, election integrity, or national-security rules. The underlying problem is the same: frontier AI was built on data supply chains that were technically scalable before they were legally, socially, or institutionally accountable.

How regulators could — and should — respond

Regulators should stop treating AI privacy as a notice-and-consent paperwork problem. The core issue is infrastructure design. Once personal information is absorbed into a model pipeline, the old privacy toolkit — access, correction, deletion, purpose limitation, retention — becomes technically difficult to enforce. That means the intervention point must move upstream: before collection, before pre-training, before fine-tuning, before deployment, and before model outputs are trusted in high-impact settings.

First, regulators should require training-data governance records: categories of sources, legal basis, sensitivity assessment, excluded sources, retention periods, third-party dataset provenance, and evidence that filters actually work. This does not require publishing trade secrets or full datasets. It requires confidential regulatory-grade documentation. The EU AI Act is already moving in this direction for general-purpose AI models through obligations around technical documentation and training-content summaries.

Second, regulators should require data minimization by source category, not merely post-hoc filtering. Canadian regulators specifically recommended ceasing collection from sources containing significant personal information, including social media and discussion forums, unless OpenAI can establish necessity and proportionality. That is the right direction. The burden should be on the AI developer to prove that a data source is necessary, not on every individual in the world to discover and object to invisible training use.

Third, regulators should insist on valid consent or effective objection rights depending on the legal regime, with a stricter rule for sensitive data, children’s data, and data outside reasonable expectations. Canadian regulators recommended express consent where information is sensitive or outside reasonable expectations, explicit notice for user interactions, and future training based only on validly obtained personal information.

Fourth, regulators should create a real standard for AI correction and deletion. “We cannot untrain the model” may be technically true in many cases, but it cannot become a universal immunity shield. The answer should be a hierarchy of remedies: removal from future training datasets, suppression in outputs, source-level correction, model-level mitigation where feasible, documented impossibility where not feasible, and audit evidence showing the remedy works. Canadian regulators explicitly recommended that if OpenAI says untraining is impossible, it must demonstrate why, and ensure unlawfully collected personal information is not used for future models.

Fifth, regulators should require accuracy controls for personal information. If an AI system outputs claims about real people, it should either provide reliable source links, clearly flag unsupported claims, or refuse to answer where confidence and sourcing are inadequate. Canadian regulators recommended systematic source links for personal information in outputs where possible, and highlighting facts for which no source is available.

Sixth, regulators should use tiered enforcement. For lower-risk consumer chatbots, public notices, audits, retention schedules, privacy filters, and rights portals may be enough. For high-impact uses — employment, education, finance, healthcare, immigration, policing, benefits, insurance, credit, and research integrity — regulators should require stronger proof: independent audits, procurement restrictions, incident reporting, data provenance attestations, and contractual controls over downstream use.

Seventh, governments should modernize privacy law without waiting for perfect AI law. Canada’s own commissioners are making that point: existing laws apply, but they are strained by AI systems that were not designed around individual rights. The Global News article reports calls for modernized law, stronger oversight powers, and language that restrains overly broad and accountability-free data harvesting.

What happens if regulators do nothing

If regulators do nothing, the market will internalize a dangerous lesson: scrape first, deploy fast, argue technical impossibility later. That would reward the companies that moved fastest before the law caught up and punish companies that invested in licensed data, provenance, minimization, and privacy-preserving architecture from the beginning.

The first consequence is the normalization of public-data absolutism: anything visible online becomes de facto raw material for commercial AI, regardless of context, sensitivity, age, accuracy, or original purpose. That collapses the distinction between speaking publicly and consenting to permanent machine absorption.

The second consequence is the hollowing out of individual rights. Access, correction, deletion, objection, and consent become decorative rights if companies can say that training data is too unstructured, models are too complex, or unlearning is too hard.

The third consequence is reputational and social harm at scale. If models can generate false, biased, or outdated claims about real people, the harm will not be limited to embarrassment. It can affect hiring, education, law enforcement, credit, insurance, immigration, medical triage, professional reputation, and political participation.

The fourth consequence is a perverse shift from privacy to surveillance. If regulators fail to impose privacy-by-design obligations early, governments may later respond to AI-related harms by demanding more monitoring, more reporting, more identity verification, and more law-enforcement access. That would solve one problem by creating another: AI platforms would become quasi-private surveillance infrastructures.

The fifth consequence is geopolitical fragmentation. Countries that feel their citizens’ data has been extracted by foreign AI companies without accountability may respond with localization rules, bans, blocking orders, procurement exclusions, or retaliatory data controls. That is bad for AI innovation, but predictable if privacy governance is treated as optional.

The sixth consequence is loss of trust in legitimate AI. The irony is that privacy enforcement is not anti-innovation. It is what makes AI usable in serious contexts. Healthcare, science, education, law, finance, and public administration cannot depend on systems whose data provenance, accuracy, retention, and correction mechanisms remain opaque or retrofitted.

The real lesson from Canada is therefore bigger than OpenAI. It is that frontier AI companies cannot build the next knowledge infrastructure on yesterday’s data-extraction assumptions. If they want to be trusted as infrastructure, they must accept infrastructure-grade obligations: provenance, minimization, auditability, correction, deletion, retention discipline, child protection, and accountability before launch — not after the barn door has been opened.