OpenAI

The provider demonstrates strong compliance in security measures, international data transfers, and children’s data protections. However, significant risks persist in user consent mechanisms, cookie management, and transparency governance. Key gaps include unclear consent processes (GDPR), insufficient cookie logging (ePrivacy Directive), and undocumented joint controller roles (GDPR). Automated decision-making lacks explicit safeguards under the EU AI Act, and DPO training programs require strengthening.