Content
summary Summary

Italy's data protection authority, Garante, has accused OpenAI of violating European privacy laws with ChatGPT and has given the company 30 days to respond.

Ad

The accusation follows a months-long investigation after Italy initially blocked access to the chatbot over privacy concerns. OpenAI had announced measures to address those concerns, but the latest decision suggests that the investigation did not satisfy the authority.

Following the temporary ban on processing imposed on OpenAI by the Garante on 30 March of last year, and based on the outcome of its fact-finding activity, the Italian DPA concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.

Garante

It's unclear what the specific violation is, but potential penalties could include a fine of up to €20 million or up to 4% of OpenAI's global revenue, as well as possible changes to ChatGPT's basic functionality. ChatGPT is (maybe) GDPR-compliant today, but it was not after launch, and OpenAI was illegally collecting data from users and using that data to train its models.

OpenAI struggles with European privacy rights

ChatGPT has been under scrutiny by various authorities in terms of compliance with the General Data Protection Regulation (GDPR), which is one of the most stringent data protection regulations in the world.

Ad
Ad

The GDPR gives European citizens certain rights as "data subjects", including the right to be informed about how their data is collected and used, and the right to have that data deleted, even if it is publicly available.

In addition to Italy, authorities in France, Ireland, and Germany are investigating how OpenAI collects and uses data. OpenAI has engaged with privacy regulators to answer their questions and receive feedback but does not disclose the datasets it uses to train its AI models.

It also published a statement on its website detailing how it plans to use better filters on private data in the future, not use private data to train AI, and - "where feasible" - delete that data from the system at the user's request.

Ad
Ad
Join our community
Join the DECODER community on Discord, Reddit or Twitter - we can't wait to meet you.
Support our independent, free-access reporting. Any contribution helps and secures our future. Support now:
Bank transfer
Summary
  • Italy's privacy watchdog, Garante, has alleged that OpenAI's ChatGPT violates European privacy regulations, and has issued a formal notice requesting a response within 30 days
  • The issue comes after a lengthy investigation that began when Italy temporarily restricted access to ChatGPT due to privacy concerns. Despite OpenAI's announced steps to address those concerns, the agency remains unsatisfied.
  • If found in violation, OpenAI could face severe consequences, including a fine of up to €20 million or 4% of its global revenue, and may have to change ChatGPT's core functionality.
Sources
Online journalist Matthias is the co-founder and publisher of THE DECODER. He believes that artificial intelligence will fundamentally change the relationship between humans and computers.
Join our community
Join the DECODER community on Discord, Reddit or Twitter - we can't wait to meet you.