Italian regulators have informed OpenAI that its ChatGPT chatbot has violated the European Union's strict data privacy rules, known as the General Data Protection Regulation (GDPR). The country's data protection authority, known as Garante, announced on Monday that it has notified the San Francisco-based company of breaches.
The investigation into ChatGPT began last year when Garante temporarily banned the chatbot within Italy. ChatGPT is an artificial intelligence system capable of generating text, images, and sound in response to user queries. Following its 'fact-finding activity,' the watchdog concluded that there were breaches of the EU privacy rules based on the available evidence.
OpenAI now has 30 days to respond to the allegations. So far, the company has not commented on the matter. Last year, OpenAI stated that it had met the conditions set by Garante to lift the ban on ChatGPT. The ban had been imposed due to concerns over exposed user messages and payment information, as well as the absence of a mechanism to verify users' ages, allowing inappropriate content to be accessed by children.
Furthermore, Garante questioned whether OpenAI had a legal basis for collecting large amounts of data used to train ChatGPT's algorithms. The regulator also expressed concerns about the system occasionally generating false information about individuals. These issues raised by Garante highlight the need for robust data privacy and security measures when developing and deploying AI technologies.
Regulators on both sides of the Atlantic are increasingly scrutinizing generative AI systems like ChatGPT. In the United States, the Federal Trade Commission recently launched an inquiry into the relationships between AI startups, including OpenAI, and big tech companies such as Amazon, Google, and Microsoft, which have financially supported them. Similarly, competition regulators in the EU and the UK are examining Microsoft's investments in OpenAI.
The scrutiny of AI systems extends beyond privacy concerns. In the EU, plans are underway to finalize the AI Act, which aims to establish comprehensive regulations for artificial intelligence. The act is set to become the world's first comprehensive rulebook for AI once approved by the EU's 27 member states, with a key vote scheduled for Friday.
As AI technology continues to evolve and gain popularity, it is crucial for regulators to ensure that these systems comply with privacy regulations, maintain data security, and operate within ethical boundaries. The ongoing investigations and the development of comprehensive AI regulations indicate a growing recognition of the need to strike a balance between technological advancement and safeguarding individuals' rights and privacy.
