Italian data protection authority bans ChatGPT citing privacy violations
The Italian privacy watchdog mandated a ban on the popular chatbot ChatGPT and launched an investigation on its provider OpenAI for suspected breaches of EU data protection rules.
The blocking of the site for Italian users is temporary and will last until the provider OpenAI respects the EU privacy framework when processing the personal data of Italian users. The Italian data protection authority has also initiated an investigation into the American tech company.
Launched in November, ChatGPT has been notorious for its unprecedented ability to generate human-like text based on prompts. The chatbot has become one of the fastest-growing internet services surpassing 100 million users in just two months.
“If OpenAI and other companies want to deploy these chatbots and related services in the EU, they’re going to have to ensure that they’re up to speed not only with the GDPR but with all relevant EU rules or else they’ll be facing fines and other consequences,” Access Now’s senior policy analyst Daniel Leufer told EURACTIV.
On 20 March, the AI-powered chatbot suffered a data breach regarding conversations and payment information of some subscribers to its premium services, ChatGPT Plus.
The Italian authority also says that it has run some tests, following which ChatGPT has provided inaccurate replies related to personal data, another potential breach of the EU data protection rulebook.
Moreover, the decision points out that, while the internet service is directed to people older than 13 years old, there is no process in place to verify the age of the users, which might lead to children being exposed to content that is inappropriate for their level of development.
“While there is a principle to data accuracy in the GDPR, it is also true that the regulation says that the controller must do everything possible to correct inaccurate data. In a system like ChatGPT, this can be technically complicated, given the unpredictable nature of algorithms,” Tiani said.
For Brando Benifei, one of the MEPs spearheading the work on the EU’s AI Act, the decision of the Italian authorities shows that Artificial Intelligence needs serious regulation.
“OpenAI must comply with the decision. The fundamental rights of European citizens must be protected,” Befiei said on Twitter.
OpenAI now has 20 days to inform the authority about the corrective measures taken in response to the decision or face an administrative fine equal to €20 million or 4% of the global annual turnover.
OpenAI did not reply to EURACTIV’s request for comment by the time of publication.