Italian Privacy Regulator Temporarily Bans AI Chat App ChatGPT over Privacy Concerns
The Italian privacy regulatory authority announced this afternoon that it has temporarily banned the popular AI chat application ChatGPT, developed by artificial intelligence company OPENAI, on grounds of alleged privacy violations. The ban is temporary, but it is unclear how long it will last. The Italian privacy regulator stated that it will launch an investigation into OPENAI.
GDPR Compliance Concerns
The main reasons for banning ChatGPT and initiating the investigation are that the Italian privacy regulator believes OPENAI has not complied with the EU General Data Protection Regulation (GDPR) in processing data from Italian users. For instance, the regulator claims OPENAI lacks a legal basis to justify the large-scale collection and storage of personal data for training ChatGPT’s algorithm and accuses the company of inaccurate data processing.
Data Leak Incident
The Italian regulator also referenced a data leak incident involving ChatGPT last week, where some user chat session titles and a small portion of users’ payment data were inadvertently exposed due to a system issue.
Age Verification and Content Concerns
A critical issue that could potentially draw the attention of other EU member states is the absence of age verification during ChatGPT account registration, allowing minors to use the service. ChatGPT does not provide age-restricted content, possibly exposing minors to unsuitable material.
Data protection for minors has been a significant concern in the EU, with Microsoft 365 previously being banned by the German state of Hesse’s data protection authority for collecting student user data and transmitting it to the United States.
OPENAI’s Response Deadline
Although OPENAI does not have an office in the EU, it does have a designated representative in the European Economic Area. This representative will have 20 days to communicate with the regulatory authority on how the company plans to bring ChatGPT into compliance with GDPR privacy regulations.
If OPENAI fails to respond or implement the necessary changes within the given timeframe, the company could face a hefty fine of up to €20 million or 4% of its global revenue, whichever is higher. OPENAI has not yet issued a statement regarding the matter.