According to Cointelegraph, Italy's data protection authority, the Italian Data Protection Authority (IDPA), has imposed a fine of $15.7 million (15 million euros) on OpenAI. The penalty follows an investigation into the company's data collection practices related to its ChatGPT model. The IDPA's findings revealed that OpenAI failed to notify the agency about a data breach that occurred in March 2023. Additionally, the company was found to have processed users' personal data without establishing a legal basis, thereby breaching transparency principles and information obligations.

The IDPA also highlighted the absence of adequate age verification mechanisms, which could potentially expose minors under 13 to inappropriate content. As a corrective measure, OpenAI has been instructed to initiate a six-month public awareness campaign across various media platforms. This campaign aims to enhance public understanding of ChatGPT's data collection processes and inform users about their rights under the European Union's General Data Protection Regulation (GDPR), including opposition, rectification, and cancellation rights.

The IDPA noted that OpenAI's cooperative approach during the investigation led to a reduction in the fine's amount. The investigation, which began in March 2023, concluded after considering the European Data Protection Board's opinion on AI model data usage. During this period, OpenAI relocated its European headquarters to Ireland, making the Irish Data Protection Authority the lead supervisory body for ongoing investigations.

Italy had previously become the first Western nation to temporarily ban ChatGPT over privacy concerns, prompting the IDPA to investigate potential data privacy violations. The ban was lifted after OpenAI agreed to implement several transparency measures. Despite the fine and ongoing scrutiny, OpenAI has not yet commented on the situation.