Italy Says ChatGPT Violates Data Protection Rules

Italy’s data protection regulator has informed OpenAI that its ChatGPT artificial intelligence (AI) chatbot may violate EU data protection rules.

The Garante regulator said OpenAI has 30 days to reply with defence briefs on the alleged violations, details of which were not disclosed.

OpenAI said it believes its practices are in compliance with EU data protection laws.

The regulator said it would take into account the ongoing work of a special task force set up by the European Union’s European Data Protection Board in April 2023 to monitor ChatGPT, which has become hugely popular since OpenAI launched it in November 2022.

The Board’s task force brings together data protection authorities from across the bloc.

Privacy concerns

Italy’s notice to OpenAI, called a “notice of objection”, comes after the country temporarily suspended ChatGPT in Italy in March 2023, the first Western country to do so.

At the time the Garante cited privacy concerns including the mass collection of users’ data to train the chatbot’s algorithm.

The regulator also expressed concern that younger users could be exposed to inappropriate content, as it included no age verification mechanism.

ChatGPT was restored to operation in Italy after about four weeks, with the Garante saying OpenAI had “addressed or clarified” the issues it had raised.

‘Breaches’

At the time the regulator launched a “fact-finding activity” which has now concluded that ChatGPT may violate the EU’s GDPR data protection regulation.

The Garante said in a statement that it “concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR”.

The regulation allows authorities to fine companies up to 4 percent of their global turnover.

In April 2023 the Garante said it wanted OpenAI to implement an age-verification system for ChatGPT and wanted Italians to be made more aware of their right to opt-out from having their personal data used to train algorithms.

Data protection

“We believe our practices align with GDPR and other privacy laws, and we take additional steps to protect people’s data and privacy,” OpenAI said in a statement.

The company said it “actively” works to reduce personal data in training systems such as ChatGPT, “which also rejects requests for private or sensitive information about people”.

The company said it would continue talks with the Garante.

ChatGPT is also under investigation by the US Federal Trade Commission (FTC) over concerns about the AI’s tendency to generate false results.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago