According to Reuters, the Italian data protection authority (DPA), also known as Garante, has officially informed OpenAI that its artificial intelligence chatbot ChatGPT has violated the data privacy regulations of the European Union (EU).
According to the official statement released by Garante, the notification came after OpenAI was subjected to a temporary restriction in March of 2023 due to the same privacy concerns. The Italian Data Protection Authority (DPA) has once again found, after evaluating the findings of its ongoing investigation as part of its fact-finding process, that the data acquired indicates that there may have been violations of the General Data Protection Regulation (GDPR) of the European Union.
According to reports, the Garante stated on Monday that OpenAI, which is supported by Microsoft, has thirty days to offer defense arguments in place of these privacy infringement. Additionally, it was claimed that the investigation will take into consideration the work that was done by a European task force that was comprised of national privacy watchdogs.
Furthermore, according to BBC, the regulatory body is concerned that the chatbot may expose users of a younger age to content that is not acceptable for them. due of its quick development, legislators and authorities have taken note of ChatGPT. Italy is the first country in Western Europe to temporarily restrict it, and this is due of the rapid development of ChatGPT.
ChatGPT Privacy Violation Repercussions
Those who are found to have violated the pan-EU framework may be subject to fines of up to twenty million euros, which is equivalent to four percent of the country’s annual revenue. When it comes to a major artificial intelligence corporation like OpenAI, the fact that data protection authorities (DPAs) have the right to issue orders that require alterations to data processing in order to prevent verified infringement is even more worrying.
Because of this, it is possible that it will be forced to modify its procedures and remove its service from EU members in the event that privacy regulators attempt to coerce it into making modifications that it deems to be unacceptable.
According to reports, OpenAI responded by noting that it takes further efforts to protect the data and privacy of individuals, while also stating that it believes its activities conform with the General Data Protection Regulation (GDPR) and other privacy laws. It was stressed by the company that rather than instructing its artificial intelligence about particular individuals, it should be taught about the entire universe.
Additionally, OpenAI has stated that they intend to continue their productive collaboration with Garante and are making a concerted effort to reduce the amount of personal data that is utilized in the training of their systems. One example of this is ChatGPT, which also declines requests for sensitive or private personal information about individuals.
Along with Garante, OpenAI was also subjected to a complaint over ChatGPT’s compliance with the General Data Protection Regulation (GDPR) in Poland during the summer of 2016 regarding an instance in which the tool generated inaccurate information about a person. It is reported that the inquiry into this matter under the GDPR is still ongoing.
During this time, OpenAI has explored the possibility of establishing a physical base in Ireland as a response to the increasing regulatory risk within the European Union. Within the month of January, the corporation made the announcement that this Irish company would be the service provider for data belonging to consumers in the European Union moving forward.
With these actions, it hopes to obtain what is known as “main establishment” status in Ireland and transfer it to the Data Protection Commission of Ireland for the purpose of assessing its compliance with the General Data Protection Regulation (GDPR). This will prevent its business from being potentially subject to DPA oversight from any location within the Union where its tools have individuals who use them locally.