Garante or the Italian data protection authority (DPA), has officially notified OpenAI that its artificial intelligence chatbot ChatGPT has breached the European Union's (EU) data privacy rules, Reuters reports.
Garante's official statement says the notification followed after OpenAI was hit with a temporary ban last March 2023 over the same privacy concerns. After reviewing the results of its ongoing fact-finding investigation, the Italian DPA has onceagain determined that the evidence gathered suggests there had been violations of the EU General Data Protection Regulation (GDPR).
The Garante reportedly said on Monday that OpenAI, which Microsoft supports, has 30 days to submit defense arguments instead of these privacy violations. It also mentioned that the work of a European task force made up of national privacy watchdogs will be considered in the probe.
In addition, BBC states the regulator is worried that the chatbot may expose younger users to inappropriate content. Legislators and authorities have taken notice of ChatGPT because of its rapid development, with Italy being the first nation in Western Europe to prohibit it temporarily.
Privacy Violation Repercussions
Verified violations of the pan-EU framework may reportedly result in fines of up to €20 million, or 4% of worldwide yearly revenue. Even more concerning for a massive AI company such as OpenAI, data protection authorities (DPAs) have the authority to issue orders requiring modifications to data processing to stop verified infringement.
As a result, it might be compelled to alter its methods and withdraw its service from EU members when privacy regulators try to force it to make adjustments it finds objectionable.
OpenAI's Response
OpenAI reportedly responded by stating that it takes extra precautions to safeguard people's data and privacy while believing that its operations comply with the GDPR and other privacy laws. The business insisted that instead of teaching its AI about specific people, it wants it to learn about the world.
In addition, OpenAI stated that they intend to carry on their positive collaboration with Garante and are actively striving to minimize the amount of personal data used to train their systems, such as ChatGPT, which also declines requests for sensitive or private personal information about individuals.
Alongside Garante, OpenAI also received a complaint over ChatGPT's GDPR compliance in Poland last summer concerning an occasion where the tool produced false information about a person. This case's GDPR investigation is reportedly still ongoing.
Meanwhile, OpenAI has sought to create a physical base in Ireland in response to growing regulatory risk throughout the EU. In January, the company announced that this Irish firm would be the service provider for data belonging to EU customers going ahead.
With these actions, it hopes to obtain what is known as "main establishment" status in Ireland and transfer to the Data Protection Commission of Ireland for the assessment of its GDPR compliance, avoiding its business being potentially subject to DPA oversight from anywhere in the Union where its tools have local users.