Pierluigi Paganini April 28, 2023

OpenAI announced that access to its chatbot service ChatGPT is allowed again in Italy after the company met the demands of regulators.

OpenAI restored access to ChatGPT in Italy after the company met the demands of the Italian Data Protection Authority, Garante Privacy.

In early April, the Italian Data Protection Authority temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data.

At the time the privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

The Authority carried out some tests on the service and determined that the information it provides does not always match factual circumstances so inaccurate personal data are processed.

The Authority claims that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

“OpenAI will have to comply by 30 April with the measures set out by the Italian SA concerning transparency, the right of data subjects – including users and non-users -, and the legal basis of the processing for algorithmic training relying on users’ data.” reported the press release published by Garante Privacy on April 14, 2023. “Only in that case will the Italian SA lift its order that placed a temporary limitation on the processing of Italian users’ data, there being no longer the urgency underpinning the order, so that ChatGPT will be available once again from Italy.”

Now OpenAI declared it has fulfilled the demands of the Italian data protection authority by an April 30 deadline, for this reason, the ban on the chatbot lifted.

“OpenAI, the US-based company operating ChatGPT, sent a letter to the Italian SA describing the measures it implemented in order to comply with the order issued by the SA on 11 April. OpenAI explained that it had expanded the information to European users and non-users, that it had amended and clarified several mechanisms and deployed amenable solutions to enable users and non-users to exercise their rights.” reads the press release published on April 28, 2023 “Based on these improvements, OpenAI reinstated access to ChatGPT for Italian users.”

Below the list of measured implemented by OpenAI:

–    drafted and published, on its website, an information notice addressed to users and non-users, in Europe and elsewhere, describing which personal data are processed under which arrangements for training algorithms, and recalling that everyone has the right to opt-out from such processing;
–    expanded its privacy policy for users and made it also accessible from the sign-up page prior to registration with the service;
–    granted all individuals in Europe, including non-users, the right to opt-out from processing of their data for training of algorithms also by way of an online, easily accessible ad-hoc form;
–    introduced a welcome back page in case of reinstatement of the service in Italy containing links to the new privacy policy and the information notice on the processing of personal data for training algorithms;
–    introduced mechanisms to enable data subjects to obtain erasure of information that is considered inaccurate, whilst stating that it is technically impossible, as of now, to rectify inaccuracies;
–    clarified in the information notice for users that it would keep on processing certain personal data to enable performance of its services on a contractual basis, however it would process users’ personal data for training algorithms on the legal basis of its legitimate interest, without prejudice to users’ right to opt-out from such processing;
–    implemented a form to enable all European users to opt-out from the processing of their personal data and thus to filter out their chats and chat history from the data used for training algorithms;
–    added, in the welcome back page reserved for Italian registered users, a button for them to confirm that they are aged above 18 prior to to gaining access to the service, or else that they are aged above 13 and have obtained consent from their parents or guardians for that purpose; 
–    included the request to specify one’s birthdate in the service sign-up page to block access by users aged below 13 and to request confirmation of the consent given by parents or guardians for users aged between 13 and 18.

Logging into the service, Italian users display the following message:

“We’re pleased to resume offering ChatGPT in Italy. To continue on ChatGPT, please confirm that you are 18+ or are 13+ and have consent from your parent or guardian to use ChatGPT. For information about how we collect and use personal data, please see our Privacy policy. For information about how we develop and train ChatGPT, please see this help center article.”

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ChatGPT)