Basta! Italy Concludes ChatGPT Violates Data Privacy Laws

After a nearly year-long investigation, Italy’s data watchdog concluded today that ChatGPT breaches EU data protection laws.

According to a regulatory update, Italy’s DPA (Garante per la protezione dei dati personali) said it found ChatGPT to be in violation of the General Data Protection Regulation (GDPR), the first comprehensive set of rules on how online platforms can collect user data. The GDPR has been used as a model by privacy regulators globally.

The Italian data authority first banned ChatGPT last March 30, claiming the chatbot unlawfully collected user personal data and lacked a system to verify user age. After lifting the ban some weeks later, the DPA said it would investigate ChatGPT further to see if it violated data privacy rules.

In today's ruling, the DPA did not provide further details on the alleged violations. It also said it would take into account the work done by a task force set up last year to look into ChatGPT.

OpenAI now has 30 days to submit counterclaims.

Organizations found to have breached the GDPR could face fines up 4% of their global revenue.

An OpenAI spokesperson told AI Business that the startup believes its practices align with GDPR and other privacy laws: "We take additional steps to protect people’s data and privacy.

Related:OpenAI, Italian Officials to Meet Over Blocking of ChatGPT

"We want our AI to learn about the world, not about private individuals. We actively work to reduce personal data in training our systems like ChatGPT, which also rejects requests for private or sensitive information about people. We plan to continue to work constructively with the Garante.”