Italy’s Data Protection Authority (DPA) has accused ChatGPT of violating data protection rules by breaching GDPR rules on data protection. A recent inquiry by Italy’s Data Protection Authority (DPA) found data privacy violations related to collecting personal data and age protections. The ChatGPT relies on being fed large amounts of data from the internet, and the DPA claims that this violates the provisions contained in the EU GDPR. The regulator has given the maker of ChatGPT, OpenAI, 30 days to respond with a defence, emphasizing that Italy has taken a firm stance on data protection when it comes to ChatGPT.
In March 2023, Italy was the first Western country to block the product, citing privacy concerns. After ChatGPT was reinstated around four weeks later, the DPA launched a “fact-finding activity,” which they say has now found data privacy violations related to the mass collection of user data as well as concerns that younger users may be exposed to inappropriate content generated by the chatbot. The DPA is worried about the substantial fines that ChatGPT’s maker, OpenAI, may face if found in violation of the EU’s GDPR law, which allows for fines of up to 4% of a company’s global turnover for breaking data protection rules. This news raises concerns, and it demonstrates challenges for businesses working with AI in Europe and globally.
