Italian privacy regulator bans ChatGPT over collection, storage of personal data

Italian privacy regulator bans ChatGPT over collection, storage of personal data

Italy’s privacy Guarantor bans ChatGPT with immediate effect as it investigates its data privacy procedures.

Credit: ProductionPerig/Shutterstock

Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. 

With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU General Data Protection Regulation (GDPR) privacy laws.

 It has also launched an investigation in ChatGPT, the Guarantor said. The ban comes in the wake of an open letter in which Twitter owner Elon Musk and a group AI industry executives called for a six-month pause in developing systems more powerful than OpenAI's newly launched GPT-4, citing potential risks to society.

ChatGPT lacks “legal basis” for mass collection, storage of personal data

In the provision, the privacy Guarantor noted the lack of information to users and all interested parties whose data is collected by OpenAI, along with the absence of a legal basis that justifies the mass collection and storage of personal data for the purposes of training the algorithms underlying the operation of the platform.

“As evidenced by the checks carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate processing of personal data,” it added. 

What’s more, the Authority pointed out that the absence of a filter for verifying the age of users, exposing minors to “unsuitable answers” compared to their degree of development and self-awareness. According to the terms published by OpenAI, the service is aimed at people over the age of 13.

“OpenAI, which does not have an office in the Union [EU] but has designated a representative in the European Economic Area, must communicate within 20 days the measures undertaken in implementation of what is requested by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover,” the privacy Guarantor wrote.

Last week, OpenAI confirmed that a bug in an open-source library allowed some ChatGPT users to see titles from another active user’s chat history. The same bug may also have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.


Show Comments