Italy’s data protection authority has ordered OpenAI to cease processing user data in the country amid concerns that the AI company is violating the European Union’s General Data Protection Regulation (GDPR).
The Italian DPA has launched an investigation into OpenAI’s ChatGPT technology, specifically over its alleged unlawful processing of user data and the absence of a system to prevent minors from accessing the technology.
San Francisco-based OpenAI has 20 days to respond to the order, facing potential fines of up to 4% of annual turnover or €20M, whichever is greater, for noncompliance.
The GDPR applies to any processing of EU users’ personal data, and OpenAI’s large language model has been shown to process such data, even generating false information about named individuals. This raises further GDPR concerns, as the regulation grants Europeans rights over their data, including rectification of errors.
The Italian DPA also notes concerns about the risk of minors’ data being processed by OpenAI, which currently does not implement age verification technology.
Comments are closed.