Italy's Data Protection Authority (DPA) has declared that OpenAI's ChatGPT violates data protection regulations, citing breaches related to the collection of personal data and insufficient age protections as per EU laws. The chatbot has previously faced scrutiny from Italy, which was the first Western nation to block it in March 2023, citing privacy concerns.
After reinstatement four weeks later, Italy's DPA conducted a fact-finding activity, now revealing data privacy violations associated with mass data collection for algorithm training.
The DPA, aligning its findings with the EU's General Data Protection Regulation (GDPR), emphasizes concerns about the extensive data collection impacting user privacy. Additionally, the watchdog is apprehensive about the potential exposure of younger users to inappropriate content generated by the chatbot. Under GDPR, companies violating rules can face fines of up to 4% of their global turnover.
Italy's DPA collaborates with the European Data Protection Board, which established a task force in April 2023 to monitor ChatGPT. Despite the reinstatement, the Italian regulator urged further compliance from OpenAI, specifically calling for the implementation of an age verification system and an information campaign for users to opt out of data processing for training algorithms.
OpenAI, closely tied to Microsoft, faced similar concerns in another incident where the Italian Data Protection Watchdog ordered a temporary halt to processing Italian users' data due to a suspected breach of privacy regulations.
The DPA expressed concerns over the lack of a legal basis for massive data collection, revealing the titles of users' conversations, the absence of age restrictions, and the potential dissemination of inaccurate information by ChatGPT. As the regulatory deadline looms, OpenAI has 30 days to respond with its defense against these privacy violations.