Italy fines OpenAI $15M over data protection, privacy breaches

MEDIA TEAM
By MEDIA TEAM
4 Min Read

Italy’s data protection agency has fined OpenAI $15.7 million (15 million euros) and ordered the ChatGPT maker to launch a six-month public awareness campaign after a data collection probe of the firm’s flagship artificial intelligence model.

The Italian Data Protection Authority (IDPA), also known as the Garante, said in a Dec. 20 statement that its investigation found that OpenAI did not notify the agency about a data breach in March 2023.

The watchdog said OpenAI also “processed users’ personal data” to train Chatbot without first identifying an “adequate legal basis” for the action, violating the “principle of transparency and the related information obligations towards users.”

Source: Garante Privacy

The IDPA said its investigation found that OpenAI didn’t have adequate age verification mechanisms to prevent underage users from using its services.

“Furthermore, OpenAI has not provided mechanisms for age verification, with the consequent risk of exposing minors under 13 to responses that are unsuitable for their level of development and self-awareness,”  the IDPA said.

As part of  its corrective and sanctioning measure, the IDPA has ordered OpenAI to conduct a six-month public awareness campaign across radio, television, newspapers, and the internet, promoting “public understanding and awareness of the functioning of ChatGPT.”

“In particular on the collection of data from users and non-users for the training of generative artificial intelligence and the rights exercisable by the interested parties, including those of opposition, rectification and cancellation,” the IDPA said.

After the campaign concludes, the IDPA said users should be aware of how to oppose the training of generative AI with their data and exercise their rights under the European Union’s General Data Protection Regulation (GDPR).

Companies that violate the GDPR can be fined up to $20 million or 4% of their global turnover.

According to the IDPA, OpenAI’s “collaborative attitude” during the investigation contributed to a reduction in the size of the fine.

During the investigation, OpenAI moved its European headquarters to Ireland. The IDPA said its Irish counterpart, the Irish Data Protection Authority (DPC), has become the lead supervisory authority in continuing any investigations.

Related: OpenAI apologizes for outage after Apple update combines Siri and ChatGPT

The IDPA’s investigation began in March 2023, and the agency said it reached its conclusion after considering the Dec. 18 European Data Protection Board (EDPB) opinion on using personal data to develop and deploy AI models.

In March 2023, Italy became the first Western country to temporarily block ChatGPT over privacy concerns, and the IDPA announced an investigation into suspected breaches of data privacy rules.

Regulators in Italy were criticized for their ChatGPT ban. A few weeks after the initial clampdown, they said the ban would be lifted provided OpenAI met several transparency measures. On April 29, the AI chatbot was once again available in Italy.

OpenAI did not immediately respond to a request for comment.

Magazine: BTC correction ‘almost done,’ Hailey Welch speaks out, and more: Hodler’s Digest, Dec. 15 – 21