Italy’s Data Protection Authority temporarily blocks ChatGPT over privacy concerns

Italy’s data protection agency is temporarily blocking the popular chatbot ChatGPT due to a possible violation of the European data privacy regulation.

The Italian Data Protection Authority, Garante Privacy, has temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data.

According to the announcement, there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

“No way for ChatGPT to continue processing data in breach of privacy laws. The Italian SA imposed an immediate temporary limitation on the processing of Italian users’ data by OpenAI, the US-based company developing and managing the platform. An inquiry into the facts of the case was initiated as well.” reads the press release published the Authority. “A data breach affecting ChatGPT users’ conversations and information on payments by subscribers to the service had been reported on 20 March. ChatGPT is the best known among relational AI platforms that are capable to emulate and elaborate human conversations.”

The Authority carried out some tests on the service and determined that the information it provides does not always match factual circumstances so that inaccurate personal data are processed.

The Authority claims that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

“Finally, the Italian SA emphasizes in its order that the lack of whatever age verification mechanism exposes children to receiving responses that are absolutely inappropriate to their age and awareness, even though the service is allegedly addressed to users aged above 13 according to OpenAI’s terms of service.” continues the press release.

According to the announcement, OpenAI will have to notify the Italian Authority within 20 days of the measures implemented to comply with the order. If the company will fail to notify Italy’s data protection agency it will be fined up to EUR 20 million or 4% of the total worldwide annual turnover in compliance to the General Data Protection Regulation (GDPR).

Italian users that attempt to visit the ChatGPT website will display the following message:

Dear ChatGPT customer,

We regret to inform you that we have disabled ChatGPT for users in Italy at the request of the Italian Garante. We are issuing refunds to all users in Italy who purchased a ChatGPT Plus subscription in March. We are also temporarily pausing subscription renewals in Italy so that users won't be charged while ChatGPT is suspended.

We are committed to protecting people's privacy and we believe we offer ChatGPT in compliance with GDPR and other privacy laws. We will engage with the Garante with the goal of restoring your access as soon as possible. Many of you have told us that you find ChatGPT helpful for everyday tasks, and we look forward to making it available again soon.

If you have any questions or concerns regarding ChatGPT or the refund process, we have prepared a list of Frequently Asked Questions to address them.

Below is the message sent to the Italian users of ChatGPT by OpenAI, the company announced it had suspended the service and stated that it is issuing refunds to those who purchased a Plus Subscription in March.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ChatGPT)