When OpenAI launched its human-like chatbot ChatGPT from its headquarters in San Francisco, it may have not expected that data protection authorities (DPAs) from thousands of miles away all across Europe would soon be questioning some of its privacy practices, with some even blocking the tool in their countries altogether.

Since then, the tensions between generative artificial intelligence, powered by large language models (LLMs) and the principles established by the General Data Protection Regulation (GDPR) are ongoing, a dance between the technology and the privacy law that some predict may leave only one of the two standing.