ChatGPT Breaches Data Protection Rules, Says Italian Regulator (Photo by Zac Wolff on Unsplash)

Italy”s data protection authority has accused OpenAI”s ChatGPT, the artificial intelligence-powered chatbot, of violating the data privacy law. The data protection authority, known as the Garante, said that they have notified OpenAI of breaches of data protection law.

The Italian authority has not yet disclosed the draft findings. However, the authority mentioned in its statement that the “available evidence” pointed to the existence of breaches of the provisions contained in the European Union”s General Data Protection Regulation (GDPR). The Italian watchdog also informed that OpenAI can submit its counterclaims concerning the alleged breaches within 30 days. “The Italian Garante will take account of the work in progress within the ad-hoc task force set up by the European Data Protection Framework (EDPB) in its final determination on the case,” added the regulator in a statement.

Meanwhile, TechCrunch reported that confirmed breaches can attract fines of up to €20 million, or up to 4 percent of global annual turnover. Moreover, the report also said that the AI giant could also be forced to change how it operates. OpenAI told TechCrunch that the company take additional measures to protect people’s data and privacy and added that OpenAI”s practices align with GDPR and other privacy laws.

In March 2023, Italy banned ChatGPT, citing privacy concerns. Italy was the first Western country to ban the popular AI chatbot. Four weeks later, the chatbot was reinstated in Italy. On that occasion, OpenAI said that they had “addressed or clarified” the issues raised by the authority. In September 2023, Poland’s Personal Data Protection Office (UODO) also initiated an investigation into OpenAI in connection with privacy concerns. TechCrunch reported that this separate GDPR investigation remains ongoing.