Security

OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands

OpenAI announced that access to its chatbot service ChatGPT is allowed again in Italy after the company met the demands of regulators.

OpenAI restored access to ChatGPT in Italy after the company met the demands of the Italian Data Protection Authority, Garante Privacy.

In early April, the Italian Data Protection Authority temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data.

At the time the privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

The Authority carried out some tests on the service and determined that the information it provides does not always match factual circumstances so inaccurate personal data are processed.

The Authority claims that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

“OpenAI will have to comply by 30 April with the measures set out by the Italian SA concerning transparency, the right of data subjects – including users and non-users -, and the legal basis of the processing for algorithmic training relying on users’ data.” reported the press release published by Garante Privacy on April 14, 2023. “Only in that case will the Italian SA lift its order that placed a temporary limitation on the processing of Italian users’ data, there being no longer the urgency underpinning the order, so that ChatGPT will be available once again from Italy.”

Now OpenAI declared it has fulfilled the demands of the Italian data protection authority by an April 30 deadline, for this reason, the ban on the chatbot lifted.

“OpenAI, the US-based company operating ChatGPT, sent a letter to the Italian SA describing the measures it implemented in order to comply with the order issued by the SA on 11 April. OpenAI explained that it had expanded the information to European users and non-users, that it had amended and clarified several mechanisms and deployed amenable solutions to enable users and non-users to exercise their rights.” reads the press release published on April 28, 2023 “Based on these improvements, OpenAI reinstated access to ChatGPT for Italian users.”

Below the list of measured implemented by OpenAI:

–    drafted and published, on its website, an information notice addressed to users and non-users, in Europe and elsewhere, describing which personal data are processed under which arrangements for training algorithms, and recalling that everyone has the right to opt-out from such processing;
–    expanded its privacy policy for users and made it also accessible from the sign-up page prior to registration with the service;
–    granted all individuals in Europe, including non-users, the right to opt-out from processing of their data for training of algorithms also by way of an online, easily accessible ad-hoc form;
–    introduced a welcome back page in case of reinstatement of the service in Italy containing links to the new privacy policy and the information notice on the processing of personal data for training algorithms;
–    introduced mechanisms to enable data subjects to obtain erasure of information that is considered inaccurate, whilst stating that it is technically impossible, as of now, to rectify inaccuracies;
–    clarified in the information notice for users that it would keep on processing certain personal data to enable performance of its services on a contractual basis, however it would process users’ personal data for training algorithms on the legal basis of its legitimate interest, without prejudice to users’ right to opt-out from such processing;
–    implemented a form to enable all European users to opt-out from the processing of their personal data and thus to filter out their chats and chat history from the data used for training algorithms;
–    added, in the welcome back page reserved for Italian registered users, a button for them to confirm that they are aged above 18 prior to to gaining access to the service, or else that they are aged above 13 and have obtained consent from their parents or guardians for that purpose; 
–    included the request to specify one’s birthdate in the service sign-up page to block access by users aged below 13 and to request confirmation of the consent given by parents or guardians for users aged between 13 and 18.

Logging into the service, Italian users display the following message:

“We’re pleased to resume offering ChatGPT in Italy. To continue on ChatGPT, please confirm that you are 18+ or are 13+ and have consent from your parent or guardian to use ChatGPT. For information about how we collect and use personal data, please see our Privacy policy. For information about how we develop and train ChatGPT, please see this help center article.”

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher – Most Educational Blog
  • The Entertainer – Most Entertaining Blog
  • The Tech Whizz – Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ChatGPT)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

10 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

14 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

19 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

22 hours ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

TheMoon bot infected 40,000 devices in January and February

A new variant of TheMoon malware infected thousands of outdated small office and home office…

2 days ago

This website uses cookies.