Pierluigi Paganini January 30, 2024

Italian data protection authority regulator authority Garante said that ChatGPT violated European Union data privacy regulations.

The Italian data protection authority regulator authority, known as “Garante per la protezione dei dati personali”, announced it has notified OpenAI that ChatGPT violated the EU data protection regulation GDPR.

In early April 2023, the Italian Data Protection Authority temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data.

At the time the privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

The Authority carried out some tests on the service and determined that the information it provides does not always match factual circumstances so inaccurate personal data are processed.

The Authority claimed that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

At the time OpenAI declared it had fulfilled the demands of the Italian data protection authority by an April 30 deadline, for this reason, the ban on the chatbot was lifted.

“Following the temporary ban on processing imposed on OpenAI by the Garante on 30 March of last year, and based on the outcome of its fact-finding activity, the Italian DPA concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.

OpenAI may submit its counterclaims concerning the alleged breaches within 30 days.

“Following the temporary ban on processing imposed on OpenAI by the Garante on 30 March of last year, and based on the outcome of its fact-finding activity, the Italian DPA concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.” reads the announcement published by the Italian Garante. “OpenAI may submit its counterclaims concerning the alleged breaches within 30 days.”

The Italian privacy watchdog, based on the results of its ‘fact-finding activity,’ has determined that the popular chatbot ChatGPT violated EU privacy rules.

The Italian authority has given OpenAI 30 days to respond to the allegations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ChatGPT)