Italy’s data protection authority, the Garante, has ordered OpenAI to cease processing individuals’ data locally with immediate effect, citing concerns that the company is breaching the European Union’s General Data Protection Regulation (GDPR). The Garante has opened an investigation into OpenAI’s activities, stating that it has issued the order due to concerns over the company’s allegedly unlawful processing of personal data and the lack of any system to prevent minors from accessing the technology. OpenAI has 20 days to respond to the order and faces significant fines if it fails to comply.
READ ALSO:
UiPath to Host Annual AI Conference to Showcase Automation and Generative AI
Mahindra’s Krish-e division releases device to remotely monitor agricultural machinery
Google Cloud accuses Microsoft of anti-competitive cloud practices, urging EU to investigate
The GDPR applies whenever the personal data of EU users is processed and OpenAI’s large language model has been known to crunch this kind of information, including producing biographies of named individuals in the region on demand. OpenAI has declined to provide details of the training data used for its latest iteration GPT-4, although earlier models were trained on data scraped from the internet, including forums such as Reddit. OpenAI has been shown to produce false information about named individuals, which potentially raises GDPR concerns, as the regulation provides individuals with the right to rectify errors.
The Garante’s statement also notes a recent data breach involving OpenAI, in which a conversation history feature leaked users’ chats and potentially exposed their payment information. The GDPR regulates data breaches, requiring entities that process personal data to adequately protect the information and to notify supervisory authorities of significant breaches within tight time frames.
