Italy’s data protection authority, Garante, after undertaking an investigation on privacy risks, has officially notified OpenAI that its widely used artificial intelligence chatbot, ChatGPT, breaches data protection rules.
The regulatory body, known for its proactive approach in evaluating AI platforms’ compliance with European Union (EU) data privacy regulations, briefly banned ChatGPT last year due to alleged violations of EU privacy rules. Following the ban, Garante initiated an investigation, which has now concluded with the regulator asserting potential data privacy violations.
Microsoft-backed OpenAI has been given a 30-day window to present arguments defending its stance. The ongoing investigation will also consider the findings of a European task force composed of national privacy watchdogs. Under the EU’s General Data Protection Regulation (GDPR), any company found breaching the rules can face fines of up to 4% of its global turnover.
Italy was the first Western European country to take action against ChatGPT, reflecting the growing attention from regulators and lawmakers on AI technologies. The development occurs amid the broader context of evolving EU regulations on AI systems. In December 2023, EU lawmakers and governments reached provisional terms for regulating AI systems, including platforms like ChatGPT, marking a significant step toward establishing comprehensive rules for the technology.
OpenAI, a major player in the AI industry, is expected to respond to the allegations within the stipulated timeframe. The outcomeof this case may have implications for AI development practices, setting precedents for compliance expectations in the evolving regulatory landscape.