Italy fines OpenAI 15 million euros, accusing it of privacy regulation violations related to ChatGPT. The Authority orders a public campaign to raise awareness about the use of personal data and users’ rights.
Let’s see all the details in this article.
The Italian Garante, after the fine, imposes a six-month public awareness campaign on OpenAI about ChatGPT
Italy has taken a firm stance against OpenAI, fining the company 15 million euros following an investigation that revealed serious violations of privacy regulations.
The Italian Data Protection Authority (IDPA), also known as Garante, has stated that OpenAI has not complied with the fundamental requirements of the General Data Protection Regulation (GDPR).
Raising consequently concerns about the treatment of personal data of ChatGPT users.
According to the Garante, the investigation revealed that OpenAI processed personal data without providing an adequate legal basis and without transparency towards users.
Furthermore, the company did not promptly notify a data breach that occurred in March 2023, contravening the provisions of the GDPR. An additional critical point concerns the absence of age verification mechanisms.
This gap has exposed children under 13 to potential risks arising from interaction with ChatGPT, an advanced technology not always suitable for their level of development and self-awareness.
The Garante, in its statement on December 20, stated the following regarding this:
“Furthermore, OpenAI has not provided tools to verify the age of users, increasing the risk of access by minors who are not adequately protected.”
Mandatory awareness campaign
In addition to the fine, the IDPA has imposed on OpenAI to conduct a public awareness campaign for six months.
This initiative, which will involve radio, television, newspapers, and online platforms, will aim to educate the public on how ChatGPT works and the use of personal data.
The campaign will have to inform both users and non-users about the rights related to the protection of personal data, such as opposition, rectification, and deletion of data.
At the end of the awareness period, users must be fully aware of the ways to exercise their rights under the GDPR.
The intervention of Italy represents an exemplary case in the regulation of intelligenza artificiale and underscores the importance of protecting personal data in an increasingly complex technological context.
The Garante collaborated with the European Data Protection Board (EDPB) to develop guidelines and corrective measures that can be applied at an international level.
Furthermore, we remember that Italy was the first Western country to temporarily block ChatGPT in March 2023 due to privacy issues.
This measure has generated global debates on the balance between technological innovation and data protection.
After a dialogue between OpenAI and the Italian authorities, the ban was lifted on April 29, provided that the company adopted transparency and protection measures.
The reaction of OpenAI and future impacts
In any case, the collaborative attitude of OpenAI during the investigation helped to reduce the extent of the sanction.
The company has also moved its European headquarters to Ireland, coming under the jurisdiction of the Irish Data Protection Commission (DPC). However, the Italian Authority will continue to monitor the implementation of the misure correttive.
This event could mark a turning point for the regulation of artificial intelligence.
Technology companies, including OpenAI, will need to adopt a more transparent and compliant approach to regulations, ensuring that their innovations respect the fundamental rights of users.