Italy notifies OpenAI of potential privacy violations by ChatGPT

The Italian data protection regulator, known as Garante per la protezione dei dati personali, has formally notified OpenAI, the company behind the artificial intelligence platform ChatGPT, of potential violations in relation to the European Union’s General Data Protection Regulation (GDPR).

The notification follows a temporary suspension of data processing imposed on OpenAI by the Garante on March 30 of the previous year. After a thorough investigation, the Italian authority has found sufficient evidence pointing to breaches of GDPR provisions. OpenAI has been given a 30-day period to respond to the alleged violations.

Last year, the Italian authority suspended ChatGPT due to illegal collection of personal data and lack of age verification for underage users. The platform was criticized for inadequately informing users about data collection and for lacking a legal basis for the mass collection and processing of data for algorithm training. Furthermore, concerns were raised about exposing minors to inappropriate content.

In response to the initial suspension, OpenAI claimed to have complied with the Garante’s demands, resulting in the lifting of the ban and the restoration of service in Italy.

The Garante is currently reviewing the ongoing work within the ad hoc working group established by the European Data Protection Board to influence its final determination on the case. This scrutiny is part of a broader effort to ensure that AI technologies respect the privacy rights of EU citizens.

OpenAI, in turn, has reiterated its commitment to GDPR compliance and stated that its practices align with privacy laws. The company has also emphasized its proactive approach to minimizing the use of personal data in ChatGPT training and its refusal to process requests for private or sensitive information.

If the violations are confirmed, OpenAI could face significant penalties including fines of up to 20 million euros or up to 4% of its global turnover.

This episode underscores the importance of privacy regulation in the era of artificial intelligence and highlights the challenges that tech companies face in balancing innovation with compliance with increasingly stringent regulations.

Scroll to Top