ChatGPT’s rising popularity has drawn scrutiny from regulators on both sides of the Atlantic. Italy’s Garante watchdog, considered one of the EU’s more proactive in assessing AI platforms, recently accused ChatGPT of violating data privacy norms.
Verified violations could incur fines of up to EUR20 Million or 4% of an organization’s worldwide revenues, respectively.
Italian data protection watchdog fines OpenAI $15.5 million over ChatGPT data use
Regulators on both sides of the Atlantic have closely scrutinized companies such as OpenAI that have contributed to the AI boom, while governments worldwide establish rules and regulations to safeguard against its risks. One such set of regulations is Europe’s new AI Act – an extensive set of guidelines covering AI platforms.
Italy’s data protection regulator, Garante, recently concluded its investigation of ChatGPT-maker OpenAI by issuing them a $15 million fine over their data collection practices. Their investigation reportedly discovered that OpenAI used personal data without proper legal authority or transparency requirements as well as failing to provide necessary user information – all violations according to Garante’s regulations.
The watchdog ordered the company to launch a six-month campaign across Italian media to increase awareness about its data collection and training practices, and create mechanisms to verify users’ age in order to prevent children under 13 from accessing potentially inappropriate AI-generated content.
In an email statement sent out through its communications platform, the firm described the fine as being “disproportionate” and confirmed they would appeal. Furthermore, they pledged their dedication to working closely with privacy authorities worldwide in providing beneficial AI that respects user rights.
Italy’s data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating EU data privacy rules
European Union data protection law permits companies cited for violating EU GDPR provisions to be fined up to 4% of global revenue, as reported by Reuters. Italian DPA Garante has accused OpenAI of breaking EU GDPR regulations on multiple fronts.
Sam Altman-led company ChatGPT has been given 30 days to respond. Additionally, the Polish authorities are conducting another probe into its GDPR compliance following an incident last summer in which ChatGPT produced inaccurate information about an individual. Due to rising regulatory risk, ChatGPT sought a physical base in Ireland this year and announced this year that its Irish entity will serve users from Europe moving forward.
The generative AI chatbot has quickly become immensely popular with users, impressing them with its ability to explain complex topics in simple language, write articles in various styles and languages, compose poems, pass exams or even recite computer code. Unfortunately, however, its latter capability — allowing a user to type commands needed to program computers–has attracted regulators’ scrutiny and concerns have arisen regarding personal data used to train AI tools as well as possible inappropriate material generated by software that could reach younger users.
The Italian DPA’s notification comes after a ban on ChatGPT was lifted last year
Garante is Italy’s privacy watchdog and one of the most pro-active regulators when it comes to assessing AI platform compliance with EU data protection framework. Their investigation found that ChatGPT collected personal data without legal justification or transparency requirements met, failing to inform users about the use of their generative AI tool and without an adequate age verification system to prevent children accessing inappropriate content generated by it, according to Garante’s analysis.
Regulators also raised concerns that the large language model, trained on massive amounts of scraped text, might recall and emit false information about individuals from input queries. Furthermore, their fear was that its ability to “hallucinate” could expose users to unwanted advertising or potentially dangerous material.
Garante’s March 30 provision to OpenAI includes demands that it explain on its website how it utilizes personal data for training its algorithms, require users and non-users alike to give explicit consent for its use, and permit anyone — user or not — to request any false personal information generated by ChatGPT be corrected or deleted altogether. Furthermore, OpenAI must implement an age verification system for ChatGPT software as well as launch a public campaign raising awareness about how personal information is utilized by its business.